Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
217
security advisoryupdateauthentication issueOracle Linux 9 ELSA-2024-4165 High: Token Bypass in pki-core
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4165 http://linux.oracle.com/errata/ELSA-2024-4165.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: idm-pki-acme-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-base-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-ca-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-est-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-java-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-kra-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-server-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-tools-11.5.0-2.0.1.el9_4.x86_64.rpm python3-idm-pki-11.5.0-2.0.1.el9_4.noarch.rpm aarch64: idm-pki-acme-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-base-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-ca-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-est-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-java-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-kra-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-server-11.5.0-2.0.1.el9_4.noarch.rpm idm-pki-tools-11.5.0-2.0.1.el9_4.aarch64.rpm python3-idm-pki-11.5.0-2.0.1.el9_4.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//pki-core-11.5.0-2.0.1.el9_4.src.rpm Related CVEs: CVE-2023-4727 Description of changes: [11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability _______________________________________________ El-errata mailing list
Jun 28, 2024
Oracle
98
security advisorymoderatesecurity updateRedHat OpenShift 4.12.8 RHSA-2023:1268 Moderate: Request Smuggling Issue
Red Hat OpenShift Container Platform release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.12.8 security update Advisory ID: RHSA-2023:1268-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1268 Issue date: 2023-03-21 CVE Names: CVE-2023-25725 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.12 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.8. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2023:1269 Security Fix(es): * haproxy: request smuggling attack in HTTP/1 header parsing (CVE-2023-25725) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/updating_clusters/updating-cluster-cli 4. Solution: For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2169089 - CVE-2023-25725 haproxy: request smuggling attack in HTTP/1 header parsing 6. Package List: Red Hat OpenShift Container Platform4.12: Source: haproxy-2.2.24-3.rhaos4.12.el8.src.rpm kernel-4.18.0-372.49.1.el8_6.src.rpm kernel-rt-4.18.0-372.49.1.rt7.206.el8_6.src.rpm openshift-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el8.src.rpm aarch64: bpftool-4.18.0-372.49.1.el8_6.aarch64.rpm bpftool-debuginfo-4.18.0-372.49.1.el8_6.aarch64.rpm haproxy-debugsource-2.2.24-3.rhaos4.12.el8.aarch64.rpm haproxy22-2.2.24-3.rhaos4.12.el8.aarch64.rpm haproxy22-debuginfo-2.2.24-3.rhaos4.12.el8.aarch64.rpm kernel-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-core-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-cross-headers-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debug-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debug-core-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debug-devel-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debug-modules-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debug-modules-extra-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debug-modules-internal-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debuginfo-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-devel-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-headers-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-modules-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-modules-extra-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-modules-internal-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-selftests-internal-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-tools-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-tools-libs-4.18.0-372.49.1.el8_6.aarch64.rpm kernel-tools-libs-devel-4.18.0-372.49.1.el8_6.aarch64.rpm openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el8.aarch64.rpm perf-4.18.0-372.49.1.el8_6.aarch64.rpm perf-debuginfo-4.18.0-372.49.1.el8_6.aarch64.rpm python3-perf-4.18.0-372.49.1.el8_6.aarch64.rpm python3-perf-debuginfo-4.18.0-372.49.1.el8_6.aarch64.rpm noarch: kernel-doc-4.18.0-372.49.1.el8_6.noarch.rpm ppc64le: bpftool-4.18.0-372.49.1.el8_6.ppc64le.rpm bpftool-debuginfo-4.18.0-372.49.1.el8_6.ppc64le.rpm haproxy-debugsource-2.2.24-3.rhaos4.12.el8.ppc64le.rpm haproxy22-2.2.24-3.rhaos4.12.el8.ppc64le.rpm haproxy22-debuginfo-2.2.24-3.rhaos4.12.el8.ppc64le.rpm kernel-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-core-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-cross-headers-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debug-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debug-core-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debug-devel-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debug-modules-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debug-modules-extra-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debug-modules-internal-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debuginfo-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-devel-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-headers-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-ipaclones-internal-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-modules-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-modules-extra-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-modules-internal-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-selftests-internal-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-tools-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-tools-libs-4.18.0-372.49.1.el8_6.ppc64le.rpm kernel-tools-libs-devel-4.18.0-372.49.1.el8_6.ppc64le.rpm openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el8.ppc64le.rpm perf-4.18.0-372.49.1.el8_6.ppc64le.rpm perf-debuginfo-4.18.0-372.49.1.el8_6.ppc64le.rpm python3-perf-4.18.0-372.49.1.el8_6.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.49.1.el8_6.ppc64le.rpm s390x: bpftool-4.18.0-372.49.1.el8_6.s390x.rpm bpftool-debuginfo-4.18.0-372.49.1.el8_6.s390x.rpm haproxy-debugsource-2.2.24-3.rhaos4.12.el8.s390x.rpm haproxy22-2.2.24-3.rhaos4.12.el8.s390x.rpm haproxy22-debuginfo-2.2.24-3.rhaos4.12.el8.s390x.rpm kernel-4.18.0-372.49.1.el8_6.s390x.rpm kernel-core-4.18.0-372.49.1.el8_6.s390x.rpm kernel-cross-headers-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debug-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debug-core-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debug-debuginfo-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debug-devel-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debug-modules-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debug-modules-extra-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debug-modules-internal-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debuginfo-4.18.0-372.49.1.el8_6.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-372.49.1.el8_6.s390x.rpm kernel-devel-4.18.0-372.49.1.el8_6.s390x.rpm kernel-headers-4.18.0-372.49.1.el8_6.s390x.rpm kernel-modules-4.18.0-372.49.1.el8_6.s390x.rpm kernel-modules-extra-4.18.0-372.49.1.el8_6.s390x.rpm kernel-modules-internal-4.18.0-372.49.1.el8_6.s390x.rpm kernel-selftests-internal-4.18.0-372.49.1.el8_6.s390x.rpm kernel-tools-4.18.0-372.49.1.el8_6.s390x.rpm kernel-tools-debuginfo-4.18.0-372.49.1.el8_6.s390x.rpm kernel-zfcpdump-4.18.0-372.49.1.el8_6.s390x.rpm kernel-zfcpdump-core-4.18.0-372.49.1.el8_6.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-372.49.1.el8_6.s390x.rpm kernel-zfcpdump-devel-4.18.0-372.49.1.el8_6.s390x.rpm kernel-zfcpdump-modules-4.18.0-372.49.1.el8_6.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-372.49.1.el8_6.s390x.rpm kernel-zfcpdump-modules-internal-4.18.0-372.49.1.el8_6.s390x.rpm openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el8.s390x.rpm perf-4.18.0-372.49.1.el8_6.s390x.rpm perf-debuginfo-4.18.0-372.49.1.el8_6.s390x.rpm python3-perf-4.18.0-372.49.1.el8_6.s390x.rpm python3-perf-debuginfo-4.18.0-372.49.1.el8_6.s390x.rpm x86_64: bpftool-4.18.0-372.49.1.el8_6.x86_64.rpm bpftool-debuginfo-4.18.0-372.49.1.el8_6.x86_64.rpm haproxy-debugsource-2.2.24-3.rhaos4.12.el8.x86_64.rpm haproxy22-2.2.24-3.rhaos4.12.el8.x86_64.rpm haproxy22-debuginfo-2.2.24-3.rhaos4.12.el8.x86_64.rpm kernel-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-core-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-cross-headers-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debug-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debug-core-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debug-devel-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debug-modules-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debug-modules-extra-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debug-modules-internal-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debuginfo-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-devel-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-headers-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-ipaclones-internal-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-modules-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-modules-extra-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-modules-internal-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-rt-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-core-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-core-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-kvm-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debug-modules-internal-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-devel-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-kvm-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-modules-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-modules-internal-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-rt-selftests-internal-4.18.0-372.49.1.rt7.206.el8_6.x86_64.rpm kernel-selftests-internal-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-tools-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-tools-libs-4.18.0-372.49.1.el8_6.x86_64.rpm kernel-tools-libs-devel-4.18.0-372.49.1.el8_6.x86_64.rpm openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el8.x86_64.rpm perf-4.18.0-372.49.1.el8_6.x86_64.rpm perf-debuginfo-4.18.0-372.49.1.el8_6.x86_64.rpm python3-perf-4.18.0-372.49.1.el8_6.x86_64.rpm python3-perf-debuginfo-4.18.0-372.49.1.el8_6.x86_64.rpm Red Hat OpenShift Container Platform 4.12: Source: openshift-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el9.src.rpm aarch64: openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el9.aarch64.rpm ppc64le: openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el9.ppc64le.rpm s390x: openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el9.s390x.rpm x86_64: openshift-hyperkube-4.12.0-202303132316.p0.geab9cc9.assembly.stream.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-25725 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZBxe+dzjgjWX9erEAQjZ0g/+JyXlMXYOTdYk4bvoCBPAxkVMkVeUsRCN w6VYfU0hkPv3iqamd3xwniFovzCXlrzkD7W466FFhmHsDm5sgTcufT1e8E3++mkR HoFujTjiGB3i+GirvvmR3b9jYzJG7ycfegPOPVC4jXje2L5Ct4xETgT+HcIioGOA I6psBIde9rkbgY8sp9+ueYIYRAY3MfpzR6HXm2GfDZDPQE8zcvZyasxmMFK89QOK s9GriqUktZ8OlPoklSQL8Zep3hwx5TCT0F0EuR5m3w/dxNMAzOAWpwWby5wgk80J QyUGl29KG/6hUz18A0UFwV7Et/kR1LZ4F3aFRaIB2gm6mGEgjXyoc/m7VN4sVDKv oSETZSNwbqZG/GDn7AuJoVqweOLXP+FuC6A2V2j/ODXKLNU2PdvkyYQ8FdXiC6IT Vz+SFGDD3+mdIHv3Ofye0DWTyumM/VVpDl+EdAlMoD9kbQLRWmalAmfh4st7p75U w16uSXyltKlvjri7SliAGXMiu7MdLP85U89eVnYyIO5SsXwxJk2s7k2iBkF9dhpq Sed02uFmIFlInZqFLlb+lqnNPuXM1fKS/WpHHA4OJiilqX6A0H1wEdBT70xIx6bl Tt+9d7Dbz+GYALbOeUse62CgSnkZqABuZ7NQdF9hQ8BNLNAkGaRCrFL4e3U7VRXH af8/b6bVDuE=ee5J -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2023
Red Hat
217
security advisorycritical issuesecurity updateOracle Linux ELSA-2022-2199: Important .NET SDK Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-2199 https://linux.oracle.com/errata/ELSA-2022-2199.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-6.0-6.0.5-1.0.1.el8_6.x86_64.rpm aspnetcore-targeting-pack-6.0-6.0.5-1.0.1.el8_6.x86_64.rpm dotnet-6.0.105-1.0.1.el8_6.x86_64.rpm dotnet-apphost-pack-6.0-6.0.5-1.0.1.el8_6.x86_64.rpm dotnet-host-6.0.5-1.0.1.el8_6.x86_64.rpm dotnet-hostfxr-6.0-6.0.5-1.0.1.el8_6.x86_64.rpm dotnet-runtime-6.0-6.0.5-1.0.1.el8_6.x86_64.rpm dotnet-sdk-6.0-6.0.105-1.0.1.el8_6.x86_64.rpm dotnet-targeting-pack-6.0-6.0.5-1.0.1.el8_6.x86_64.rpm dotnet-templates-6.0-6.0.105-1.0.1.el8_6.x86_64.rpm netstandard-targeting-pack-2.1-6.0.105-1.0.1.el8_6.x86_64.rpm aarch64: SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/dotnet6.0-6.0.105-1.0.1.el8_6.src.rpm Related CVEs: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 Description of changes: [6.0.105-1.0.1] - Add missing Oracle RIDs [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 - Resolves: RHBZ#2082267 [6.0.104-2] - Update to .NET SDK 6.0.104 and Runtime 6.0.4 - Resolves: RHBZ#2074640 _______________________________________________ El-errata mailing list
May 19, 2022
•Important
Oracle
98
security advisorysecurity updateRed HatRedHat RHSA-2020:3518-01 Important: rh-mysql80-mysql Security Update
An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-mysql80-mysql security update Advisory ID: RHSA-2020:3518-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:3518 Issue date: 2020-08-19 CVE Names: CVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957 CVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968 CVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997 CVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018 CVE-2020-2570 CVE-2020-2573 CVE-2020-2574 CVE-2020-2577 CVE-2020-2579 CVE-2020-2580 CVE-2020-2584 CVE-2020-2588 CVE-2020-2589 CVE-2020-2627 CVE-2020-2660 CVE-2020-2679 CVE-2020-2686 CVE-2020-2694 CVE-2020-2752 CVE-2020-2759 CVE-2020-2760 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893 CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2922 CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 CVE-2020-14539CVE-2020-14540 CVE-2020-14547 CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 CVE-2020-14567 CVE-2020-14568 CVE-2020-14575 CVE-2020-14576 CVE-2020-14586 CVE-2020-14597 CVE-2020-14614 CVE-2020-14619 CVE-2020-14620 CVE-2020-14623 CVE-2020-14624 CVE-2020-14631 CVE-2020-14632 CVE-2020-14633 CVE-2020-14634 CVE-2020-14641 CVE-2020-14643 CVE-2020-14651 CVE-2020-14654 CVE-2020-14656 CVE-2020-14663 CVE-2020-14678 CVE-2020-14680 CVE-2020-14697 CVE-2020-14702 CVE-2020-14725 ==================================================================== 1. Summary: An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.21). Security Fix(es): * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702) * mysql: Server:Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925) * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725) * mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619) * mysql: Server: Connection unspecified vulnerability (CVE-2019-3009) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632) * mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620) * mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574) * mysql: Server: Logging unspecified vulnerability (CVE-2020-2770) * mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804) * mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812) * mysql: Server: Information Schemamultiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694) * mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921) * mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553) * mysql: Server: UDF unspecified vulnerability (CVE-2020-14576) * mysql: Server: JSON unspecified vulnerability (CVE-2020-14624) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651) * mysql: Server: Locking unspecified vulnerability (CVE-2020-14656) * mysql: Information Schema unspecified vulnerability (CVE-2019-2911) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1764675 - CVE-2019-2911 mysql: Information Schema unspecified vulnerability (CPU Oct 2019) 1764676 - CVE-2019-2914 mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) 1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764681 - CVE-2019-2946 mysql: Server: PS unspecified vulnerability (CPU Oct 2019) 1764684 - CVE-2019-2957 mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) 1764685 - CVE-2019-2960 mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) 1764686 - CVE-2019-2963 mysql: InnoDB unspecifiedvulnerability (CPU Oct 2019) 1764687 - CVE-2019-2966 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764688 - CVE-2019-2967 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764689 - CVE-2019-2968 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764692 - CVE-2019-2982 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764693 - CVE-2019-2991 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764694 - CVE-2019-2993 mysql: Server: C API unspecified vulnerability (CPU Oct 2019) 1764695 - CVE-2019-2997 mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) 1764696 - CVE-2019-2998 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764698 - CVE-2019-3004 mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) 1764699 - CVE-2019-3009 mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) 1764700 - CVE-2019-3011 mysql: Server: C API unspecified vulnerability (CPU Oct 2019) 1764701 - CVE-2019-3018 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1796880 - CVE-2020-2577 mysql: InnoDB unspecified vulnerability (CPU Jan 2020) 1796881 - CVE-2020-2579 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796882 - CVE-2020-2580 mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) 1796883 - CVE-2020-2584 mysql: Server: Options unspecified vulnerability (CPU Jan 2020) 1796884 - CVE-2020-2588 mysql: Server: DML unspecified vulnerability (CPU Jan 2020) 1796885 - CVE-2020-2589 mysql: InnoDB unspecified vulnerability (CPU Jan 2020) 1796886 - CVE-2020-2660 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796887 - CVE-2020-2679 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796888 - CVE-2020-2686 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796889 - CVE-2020-2694 mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) 1796905 -CVE-2020-2627 mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) 1798559 - CVE-2020-2570 mysql: C API unspecified vulnerability (CPU Jan 2020) 1798576 - CVE-2020-2573 mysql: C API unspecified vulnerability (CPU Jan 2020) 1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020) 1830048 - CVE-2020-2759 mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) 1830049 - CVE-2020-2761 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830050 - CVE-2020-2762 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830051 - CVE-2020-2763 mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) 1830052 - CVE-2020-2765 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830053 - CVE-2020-2770 mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) 1830054 - CVE-2020-2774 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830055 - CVE-2020-2779 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020) 1830058 - CVE-2020-2804 mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) 1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) 1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830061 - CVE-2020-2853 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830062 - CVE-2020-2892 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830064 - CVE-2020-2893 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830066 - CVE-2020-2895 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830067 - CVE-2020-2896 mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) 1830068 - CVE-2020-2897 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830069 - CVE-2020-2898 mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) 1830070 -CVE-2020-2901 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830071 - CVE-2020-2903 mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) 1830072 - CVE-2020-2904 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830073 - CVE-2020-2921 mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) 1830074 - CVE-2020-2923 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830075 - CVE-2020-2924 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830076 - CVE-2020-2925 mysql: Server: PS unspecified vulnerability (CPU Apr 2020) 1830077 - CVE-2020-2926 mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) 1830078 - CVE-2020-2928 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830079 - CVE-2020-2930 mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) 1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020) 1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020) 1865945 - CVE-2020-14539 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865947 - CVE-2020-14540 mysql: Server: DML unspecified vulnerability (CPU Jul 2020) 1865948 - CVE-2020-14547 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865949 - CVE-2020-14550 mysql: C API unspecified vulnerability (CPU Jul 2020) 1865950 - CVE-2020-14553 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) 1865951 - CVE-2020-14559 mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) 1865952 - CVE-2020-14567 mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) 1865953 - CVE-2020-14568 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865954 - CVE-2020-14575 mysql: Server: DML unspecified vulnerability (CPU Jul 2020) 1865955 - CVE-2020-14576 mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) 1865956 -CVE-2020-14586 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865958 - CVE-2020-14597 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865959 - CVE-2020-14614 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865960 - CVE-2020-14619 mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) 1865961 - CVE-2020-14620 mysql: Server: DML unspecified vulnerability (CPU Jul 2020) 1865962 - CVE-2020-14623 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865963 - CVE-2020-14624 mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) 1865964 - CVE-2020-14631 mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) 1865965 - CVE-2020-14632 mysql: Server: Options unspecified vulnerability (CPU Jul 2020) 1865966 - CVE-2020-14633 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865967 - CVE-2020-14634 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865968 - CVE-2020-14641 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) 1865969 - CVE-2020-14643 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) 1865970 - CVE-2020-14654 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865971 - CVE-2020-14656 mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) 1865972 - CVE-2020-14663 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865973 - CVE-2020-14678 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865974 - CVE-2020-14680 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865975 - CVE-2020-14697 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865976 - CVE-2020-14702 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865977 - CVE-2020-14725 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865982 - CVE-2020-14651 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) 6. Package List: Red HatSoftware Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mysql80-mysql-8.0.21-1.el7.src.rpm aarch64: rh-mysql80-mysql-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-common-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-config-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-server-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-test-8.0.21-1.el7.aarch64.rpm ppc64le: rh-mysql80-mysql-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.21-1.el7.ppc64le.rpm s390x: rh-mysql80-mysql-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.21-1.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: rh-mysql80-mysql-8.0.21-1.el7.src.rpm aarch64: rh-mysql80-mysql-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-common-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-config-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-server-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.aarch64.rpm rh-mysql80-mysql-test-8.0.21-1.el7.aarch64.rpm ppc64le: rh-mysql80-mysql-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.21-1.el7.ppc64le.rpm s390x: rh-mysql80-mysql-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.21-1.el7.s390x.rpm x86_64: rh-mysql80-mysql-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.21-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-mysql80-mysql-8.0.21-1.el7.src.rpm ppc64le: rh-mysql80-mysql-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.21-1.el7.ppc64le.rpm s390x: rh-mysql80-mysql-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.21-1.el7.s390x.rpm x86_64: rh-mysql80-mysql-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.21-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat EnterpriseLinux Server EUS (v. 7.7): Source: rh-mysql80-mysql-8.0.21-1.el7.src.rpm ppc64le: rh-mysql80-mysql-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.21-1.el7.ppc64le.rpm s390x: rh-mysql80-mysql-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.21-1.el7.s390x.rpm x86_64: rh-mysql80-mysql-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.21-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.7): Source: rh-mysql80-mysql-8.0.21-1.el7.src.rpm x86_64: rh-mysql80-mysql-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.21-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.21-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2019-2911 https://access.redhat.com/security/cve/CVE-2019-2914 https://access.redhat.com/security/cve/CVE-2019-2938 https://access.redhat.com/security/cve/CVE-2019-2946 https://access.redhat.com/security/cve/CVE-2019-2957 https://access.redhat.com/security/cve/CVE-2019-2960 https://access.redhat.com/security/cve/CVE-2019-2963 https://access.redhat.com/security/cve/CVE-2019-2966 https://access.redhat.com/security/cve/CVE-2019-2967 https://access.redhat.com/security/cve/CVE-2019-2968 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2019-2982 https://access.redhat.com/security/cve/CVE-2019-2991 https://access.redhat.com/security/cve/CVE-2019-2993 https://access.redhat.com/security/cve/CVE-2019-2997 https://access.redhat.com/security/cve/CVE-2019-2998 https://access.redhat.com/security/cve/CVE-2019-3004 https://access.redhat.com/security/cve/CVE-2019-3009 https://access.redhat.com/security/cve/CVE-2019-3011 https://access.redhat.com/security/cve/CVE-2019-3018 https://access.redhat.com/security/cve/CVE-2020-2570 https://access.redhat.com/security/cve/CVE-2020-2573 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2577 https://access.redhat.com/security/cve/CVE-2020-2579 https://access.redhat.com/security/cve/CVE-2020-2580 https://access.redhat.com/security/cve/CVE-2020-2584 https://access.redhat.com/security/cve/CVE-2020-2588 https://access.redhat.com/security/cve/CVE-2020-2589 https://access.redhat.com/security/cve/CVE-2020-2627 https://access.redhat.com/security/cve/CVE-2020-2660 https://access.redhat.com/security/cve/CVE-2020-2679 https://access.redhat.com/security/cve/CVE-2020-2686 https://access.redhat.com/security/cve/CVE-2020-2694 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2759 https://access.redhat.com/security/cve/CVE-2020-2760 https://access.redhat.com/security/cve/CVE-2020-2761 https://access.redhat.com/security/cve/CVE-2020-2762 https://access.redhat.com/security/cve/CVE-2020-2763 https://access.redhat.com/security/cve/CVE-2020-2765 https://access.redhat.com/security/cve/CVE-2020-2770 https://access.redhat.com/security/cve/CVE-2020-2774 https://access.redhat.com/security/cve/CVE-2020-2779 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2804 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-2814 https://access.redhat.com/security/cve/CVE-2020-2853 https://access.redhat.com/security/cve/CVE-2020-2892 https://access.redhat.com/security/cve/CVE-2020-2893 https://access.redhat.com/security/cve/CVE-2020-2895 https://access.redhat.com/security/cve/CVE-2020-2896 https://access.redhat.com/security/cve/CVE-2020-2897 https://access.redhat.com/security/cve/CVE-2020-2898 https://access.redhat.com/security/cve/CVE-2020-2901 https://access.redhat.com/security/cve/CVE-2020-2903 https://access.redhat.com/security/cve/CVE-2020-2904 https://access.redhat.com/security/cve/CVE-2020-2921 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-2923 https://access.redhat.com/security/cve/CVE-2020-2924 https://access.redhat.com/security/cve/CVE-2020-2925 https://access.redhat.com/security/cve/CVE-2020-2926 https://access.redhat.com/security/cve/CVE-2020-2928 https://access.redhat.com/security/cve/CVE-2020-2930 https://access.redhat.com/security/cve/CVE-2020-14539 https://access.redhat.com/security/cve/CVE-2020-14540 https://access.redhat.com/security/cve/CVE-2020-14547 https://access.redhat.com/security/cve/CVE-2020-14550 https://access.redhat.com/security/cve/CVE-2020-14553 https://access.redhat.com/security/cve/CVE-2020-14559 https://access.redhat.com/security/cve/CVE-2020-14567 https://access.redhat.com/security/cve/CVE-2020-14568 https://access.redhat.com/security/cve/CVE-2020-14575 https://access.redhat.com/security/cve/CVE-2020-14576 https://access.redhat.com/security/cve/CVE-2020-14586 https://access.redhat.com/security/cve/CVE-2020-14597 https://access.redhat.com/security/cve/CVE-2020-14614 https://access.redhat.com/security/cve/CVE-2020-14619 https://access.redhat.com/security/cve/CVE-2020-14620 https://access.redhat.com/security/cve/CVE-2020-14623 https://access.redhat.com/security/cve/CVE-2020-14624 https://access.redhat.com/security/cve/CVE-2020-14631 https://access.redhat.com/security/cve/CVE-2020-14632 https://access.redhat.com/security/cve/CVE-2020-14633 https://access.redhat.com/security/cve/CVE-2020-14634 https://access.redhat.com/security/cve/CVE-2020-14641 https://access.redhat.com/security/cve/CVE-2020-14643 https://access.redhat.com/security/cve/CVE-2020-14651 https://access.redhat.com/security/cve/CVE-2020-14654 https://access.redhat.com/security/cve/CVE-2020-14656 https://access.redhat.com/security/cve/CVE-2020-14663 https://access.redhat.com/security/cve/CVE-2020-14678 https://access.redhat.com/security/cve/CVE-2020-14680 https://access.redhat.com/security/cve/CVE-2020-14697 https://access.redhat.com/security/cve/CVE-2020-14702 https://access.redhat.com/security/cve/CVE-2020-14725 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXz0yjtzjgjWX9erEAQgJ7BAAp6a/4tn/XROudNMCiGtnMfDUxLPzKTOC 14oFz9/9cTdVIctOVaHG+/pPsAedkxNM1A9CaMxD0BNU03JeTXzyCKBsP72N27u4 dEWCILeSDWlZvjJ8xMLMH96QzVRjWTq1c+VwGcs3Dx6moaAVKPyvyO3ozNyseAto zwcSQgUBcok3mQ9ZlmnJXjL2xagczJVZ7kauXE+c26CclY/tji0DfDrWkHDhOM+T ac8TIjbLDgRsxJtWgMHVY1/E6TuXIFF5jFbKUZ6BUwvMBvMlTxQRWHEw3x7GmVfA 1eFaxhcEeO002ITKOMGEaZpbdb4BnAtaR/RkCxmNdd+ns9wKN3ugs/VnysgFpVYd dVc1aYcDkqhf5DI12QIuArJEc/0paq76nOrj2d+U6H7mTixNaHb49a36w7lN3Imi MbYp9mKBn9aHSptmupEWQKA8CpUBvaLi5tmqd+mRlLUZYAaZXtj4YFEO83ejPYJ8 dxWASv4eQ7yfFE3f21dOAQVSSVstQqdo7HWtw/s8B5X5JiDFfrtIh56QzTm8N3Gm gw+FK8XcspFMNOFvRDpI0UtvVmXU1Dqjy94ztHF3RRAEzDJ7EBcBlBvRhB7Z6Oha K5YBZ1vAHewl4MFZ8uLBYUTierHbiIhv7NYx7q48pXydMbu7NmDiwsHdm7zFUiab iZgJmoAjWec=6CJi -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 19, 2020
•Important
Red Hat
98
security advisorysecurity updatebuffer overflowRed Hat: RHSA-2015:2596-01 Moderate: Libpng Buffer Overflow
Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2015:2596-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:2596.html Issue date: 2015-12-09 CVE Names: CVE-2015-8126 CVE-2015-8472 ==================================================================== 1. Summary: Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combinationwith properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) All libpng users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libpng-1.5.13-7.el7_2.src.rpm x86_64: libpng-1.5.13-7.el7_2.i686.rpm libpng-1.5.13-7.el7_2.x86_64.rpm libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm libpng-devel-1.5.13-7.el7_2.i686.rpm libpng-devel-1.5.13-7.el7_2.x86_64.rpm libpng-static-1.5.13-7.el7_2.i686.rpm libpng-static-1.5.13-7.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libpng-1.5.13-7.el7_2.src.rpm x86_64: libpng-1.5.13-7.el7_2.i686.rpm libpng-1.5.13-7.el7_2.x86_64.rpm libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm libpng-devel-1.5.13-7.el7_2.i686.rpm libpng-devel-1.5.13-7.el7_2.x86_64.rpm libpng-static-1.5.13-7.el7_2.i686.rpm libpng-static-1.5.13-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: libpng-1.5.13-7.el7_2.src.rpm aarch64: libpng-1.5.13-7.el7_2.aarch64.rpm libpng-debuginfo-1.5.13-7.el7_2.aarch64.rpm libpng-devel-1.5.13-7.el7_2.aarch64.rpm ppc64: libpng-1.5.13-7.el7_2.ppc.rpm libpng-1.5.13-7.el7_2.ppc64.rpm libpng-debuginfo-1.5.13-7.el7_2.ppc.rpm libpng-debuginfo-1.5.13-7.el7_2.ppc64.rpm libpng-devel-1.5.13-7.el7_2.ppc.rpm libpng-devel-1.5.13-7.el7_2.ppc64.rpm ppc64le: libpng-1.5.13-7.el7_2.ppc64le.rpm libpng-debuginfo-1.5.13-7.el7_2.ppc64le.rpm libpng-devel-1.5.13-7.el7_2.ppc64le.rpm s390x: libpng-1.5.13-7.el7_2.s390.rpm libpng-1.5.13-7.el7_2.s390x.rpm libpng-debuginfo-1.5.13-7.el7_2.s390.rpm libpng-debuginfo-1.5.13-7.el7_2.s390x.rpm libpng-devel-1.5.13-7.el7_2.s390.rpm libpng-devel-1.5.13-7.el7_2.s390x.rpm x86_64: libpng-1.5.13-7.el7_2.i686.rpm libpng-1.5.13-7.el7_2.x86_64.rpm libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm libpng-devel-1.5.13-7.el7_2.i686.rpm libpng-devel-1.5.13-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: libpng-debuginfo-1.5.13-7.el7_2.aarch64.rpm libpng-static-1.5.13-7.el7_2.aarch64.rpm ppc64: libpng-debuginfo-1.5.13-7.el7_2.ppc.rpm libpng-debuginfo-1.5.13-7.el7_2.ppc64.rpm libpng-static-1.5.13-7.el7_2.ppc.rpm libpng-static-1.5.13-7.el7_2.ppc64.rpm ppc64le: libpng-debuginfo-1.5.13-7.el7_2.ppc64le.rpm libpng-static-1.5.13-7.el7_2.ppc64le.rpm s390x: libpng-debuginfo-1.5.13-7.el7_2.s390.rpm libpng-debuginfo-1.5.13-7.el7_2.s390x.rpm libpng-static-1.5.13-7.el7_2.s390.rpm libpng-static-1.5.13-7.el7_2.s390x.rpm x86_64: libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm libpng-static-1.5.13-7.el7_2.i686.rpm libpng-static-1.5.13-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: libpng-1.5.13-7.el7_2.src.rpm x86_64: libpng-1.5.13-7.el7_2.i686.rpm libpng-1.5.13-7.el7_2.x86_64.rpm libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm libpng-devel-1.5.13-7.el7_2.i686.rpm libpng-devel-1.5.13-7.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libpng-debuginfo-1.5.13-7.el7_2.i686.rpm libpng-debuginfo-1.5.13-7.el7_2.x86_64.rpm libpng-static-1.5.13-7.el7_2.i686.rpm libpng-static-1.5.13-7.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWaEO+XlSAg2UNWIIRAiT3AJ9UqVAqlU3tjN2lrGLhYTykTrADpgCePUPw 9m4P/DuBS5LXho4OHaQPYhg=nfXV -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 09, 2015
Red Hat
99
security advisoryupdatecriticalSlackware: SSA:2014-307-02 Critical: Mozilla-Firefox Security Update
New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2014-307-02) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-31.2.0esr-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.1 package: 95bb55c8baa6aa9d0e95b415c85b1907 mozilla-firefox-31.2.0esr-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 0eb8a4e68ef5c39f17d744bffc5c2df1 mozilla-firefox-31.2.0esr-x86_64-1_slack14.1.txz Slackware -current package: 96f2b412c1da2c42c364228c684ace33 xap/mozilla-firefox-33.0.2-i486-1.txz Slackware x86_64 -current package: c1f1139a5206b3a1736f3fc83bde7efe xap/mozilla-firefox-33.0.2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-firefox-31.2.0esr-i486-1_slack14.1.txz +-----+ . Freshly released mozilla-firefox updates ready for Slackware to tackle urgent security vulnerabilities and enhance overall system protection.. Slackware Security Update, Mozilla Firefox Fix, Slackware Packages. . Severity: Critical. LinuxSecurity.com Team
Nov 04, 2014
•Critical
Slackware
98
security advisoryred hat enterprisesecurity issuesRed Hat Enterprise Linux: RHSA-2013:1059 Critical Java Security Issues
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2013:1059-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2013:1059.html Issue date: 2013-07-15 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 ==================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise LinuxHPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR14 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK:Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975761 - CVE-2013-2468 Oracle JDK: unspecifiedvulnerability fixed in 7u25 (Deployment) 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.5): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm ppc: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.6): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v.6): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2013-1500 https://access.redhat.com/security/cve/CVE-2013-1571 https://access.redhat.com/security/cve/CVE-2013-2407 https://access.redhat.com/security/cve/CVE-2013-2412 https://access.redhat.com/security/cve/CVE-2013-2437 https://access.redhat.com/security/cve/CVE-2013-2442 https://access.redhat.com/security/cve/CVE-2013-2443 https://access.redhat.com/security/cve/CVE-2013-2444 https://access.redhat.com/security/cve/CVE-2013-2446 https://access.redhat.com/security/cve/CVE-2013-2447 https://access.redhat.com/security/cve/CVE-2013-2448 https://access.redhat.com/security/cve/CVE-2013-2450 https://access.redhat.com/security/cve/CVE-2013-2451 https://access.redhat.com/security/cve/CVE-2013-2452 https://access.redhat.com/security/cve/CVE-2013-2453 https://access.redhat.com/security/cve/CVE-2013-2454 https://access.redhat.com/security/cve/CVE-2013-2455 https://access.redhat.com/security/cve/CVE-2013-2456 https://access.redhat.com/security/cve/CVE-2013-2457 https://access.redhat.com/security/cve/CVE-2013-2459 https://access.redhat.com/security/cve/CVE-2013-2463 https://access.redhat.com/security/cve/CVE-2013-2464 https://access.redhat.com/security/cve/CVE-2013-2465 https://access.redhat.com/security/cve/CVE-2013-2466 https://access.redhat.com/security/cve/CVE-2013-2468 https://access.redhat.com/security/cve/CVE-2013-2469 https://access.redhat.com/security/cve/CVE-2013-2470 https://access.redhat.com/security/cve/CVE-2013-2471 https://access.redhat.com/security/cve/CVE-2013-2472 https://access.redhat.com/security/cve/CVE-2013-2473 https://access.redhat.com/security/cve/CVE-2013-3743 https://access.redhat.com/security/updates/classification/#critical / 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5F7SXlSAg2UNWIIRAoLZAJ0VjJsfypi7E/eTRM17TcAUxLApcgCeOawz KToQFuV/rQGbw/9j9N5it68=y+B0 -----ENDPGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 15, 2013
•Critical
Red Hat
98
security advisoryRed Hatcritical updateRed Hat: 2010:0781-01 Critical: Seamonkey Exploit Issues
Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2010:0781-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0781.html Issue date: 2010-10-19 CVE Names: CVE-2010-3170 CVE-2010-3173 CVE-2010-3176 CVE-2010-3177 CVE-2010-3180 CVE-2010-3182 ==================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176,CVE-2010-3180) A flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled directory. (CVE-2010-3182) It was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware. (CVE-2010-3173) A flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 630047 - CVE-2010-3170 firefox/nss: Doesn't handle wildcards in Common Name properly 642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards 642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp 642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsinghrefs 642300 - CVE-2010-3182 Mozilla unsafe library loading flaw 642302 - CVE-2010-3173 Mozilla insecure Diffie-Hellman key exchange 6. Package List: Red Hat Enterprise Linux AS version3: Source: i386: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-chat-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-devel-1.0.9-0.61.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.61.el3.i386.rpm seamonkey-mail-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.61.el3.i386.rpm ia64: seamonkey-1.0.9-0.61.el3.ia64.rpm seamonkey-chat-1.0.9-0.61.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.ia64.rpm seamonkey-devel-1.0.9-0.61.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.61.el3.ia64.rpm seamonkey-mail-1.0.9-0.61.el3.ia64.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.ia64.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.61.el3.ia64.rpm ppc: seamonkey-1.0.9-0.61.el3.ppc.rpm seamonkey-chat-1.0.9-0.61.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.61.el3.ppc.rpm seamonkey-devel-1.0.9-0.61.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.61.el3.ppc.rpm seamonkey-mail-1.0.9-0.61.el3.ppc.rpm seamonkey-nspr-1.0.9-0.61.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.ppc.rpm seamonkey-nss-1.0.9-0.61.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.61.el3.ppc.rpm s390: seamonkey-1.0.9-0.61.el3.s390.rpm seamonkey-chat-1.0.9-0.61.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.61.el3.s390.rpm seamonkey-devel-1.0.9-0.61.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.61.el3.s390.rpm seamonkey-mail-1.0.9-0.61.el3.s390.rpm seamonkey-nspr-1.0.9-0.61.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.s390.rpm seamonkey-nss-1.0.9-0.61.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.61.el3.s390.rpm s390x: seamonkey-1.0.9-0.61.el3.s390x.rpm seamonkey-chat-1.0.9-0.61.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.61.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.61.el3.s390x.rpm seamonkey-devel-1.0.9-0.61.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.61.el3.s390x.rpm seamonkey-mail-1.0.9-0.61.el3.s390x.rpm seamonkey-nspr-1.0.9-0.61.el3.s390.rpm seamonkey-nspr-1.0.9-0.61.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.s390x.rpm seamonkey-nss-1.0.9-0.61.el3.s390.rpm seamonkey-nss-1.0.9-0.61.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.61.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-1.0.9-0.61.el3.x86_64.rpm seamonkey-chat-1.0.9-0.61.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.x86_64.rpm seamonkey-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.61.el3.x86_64.rpm seamonkey-mail-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.61.el3.x86_64.rpm Red Hat Desktop version3: Source: i386: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-chat-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-devel-1.0.9-0.61.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.61.el3.i386.rpm seamonkey-mail-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.61.el3.i386.rpm x86_64: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-1.0.9-0.61.el3.x86_64.rpm seamonkey-chat-1.0.9-0.61.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.x86_64.rpm seamonkey-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.61.el3.x86_64.rpm seamonkey-mail-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.61.el3.x86_64.rpm Red Hat Enterprise Linux ES version3: Source: i386: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-chat-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-devel-1.0.9-0.61.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.61.el3.i386.rpm seamonkey-mail-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.61.el3.i386.rpm ia64: seamonkey-1.0.9-0.61.el3.ia64.rpm seamonkey-chat-1.0.9-0.61.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.ia64.rpm seamonkey-devel-1.0.9-0.61.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.61.el3.ia64.rpm seamonkey-mail-1.0.9-0.61.el3.ia64.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.ia64.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.61.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-1.0.9-0.61.el3.x86_64.rpm seamonkey-chat-1.0.9-0.61.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.x86_64.rpm seamonkey-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.61.el3.x86_64.rpm seamonkey-mail-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.61.el3.x86_64.rpm Red Hat Enterprise Linux WS version3: Source: i386: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-chat-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-devel-1.0.9-0.61.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.61.el3.i386.rpm seamonkey-mail-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.61.el3.i386.rpm ia64: seamonkey-1.0.9-0.61.el3.ia64.rpm seamonkey-chat-1.0.9-0.61.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.ia64.rpm seamonkey-devel-1.0.9-0.61.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.61.el3.ia64.rpm seamonkey-mail-1.0.9-0.61.el3.ia64.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.ia64.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.61.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.61.el3.i386.rpm seamonkey-1.0.9-0.61.el3.x86_64.rpm seamonkey-chat-1.0.9-0.61.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.61.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.61.el3.x86_64.rpm seamonkey-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.61.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.61.el3.x86_64.rpm seamonkey-mail-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.61.el3.i386.rpm seamonkey-nspr-1.0.9-0.61.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-1.0.9-0.61.el3.i386.rpm seamonkey-nss-1.0.9-0.61.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.61.el3.x86_64.rpm Red Hat Enterprise Linux AS version4: Source: i386: seamonkey-1.0.9-64.el4.i386.rpm seamonkey-chat-1.0.9-64.el4.i386.rpm seamonkey-debuginfo-1.0.9-64.el4.i386.rpm seamonkey-devel-1.0.9-64.el4.i386.rpm seamonkey-dom-inspector-1.0.9-64.el4.i386.rpm seamonkey-js-debugger-1.0.9-64.el4.i386.rpm seamonkey-mail-1.0.9-64.el4.i386.rpm ia64: seamonkey-1.0.9-64.el4.ia64.rpm seamonkey-chat-1.0.9-64.el4.ia64.rpm seamonkey-debuginfo-1.0.9-64.el4.ia64.rpm seamonkey-devel-1.0.9-64.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-64.el4.ia64.rpm seamonkey-js-debugger-1.0.9-64.el4.ia64.rpm seamonkey-mail-1.0.9-64.el4.ia64.rpm ppc: seamonkey-1.0.9-64.el4.ppc.rpm seamonkey-chat-1.0.9-64.el4.ppc.rpm seamonkey-debuginfo-1.0.9-64.el4.ppc.rpm seamonkey-devel-1.0.9-64.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-64.el4.ppc.rpm seamonkey-js-debugger-1.0.9-64.el4.ppc.rpm seamonkey-mail-1.0.9-64.el4.ppc.rpm s390: seamonkey-1.0.9-64.el4.s390.rpm seamonkey-chat-1.0.9-64.el4.s390.rpm seamonkey-debuginfo-1.0.9-64.el4.s390.rpm seamonkey-devel-1.0.9-64.el4.s390.rpm seamonkey-dom-inspector-1.0.9-64.el4.s390.rpm seamonkey-js-debugger-1.0.9-64.el4.s390.rpm seamonkey-mail-1.0.9-64.el4.s390.rpm s390x: seamonkey-1.0.9-64.el4.s390x.rpm seamonkey-chat-1.0.9-64.el4.s390x.rpm seamonkey-debuginfo-1.0.9-64.el4.s390x.rpm seamonkey-devel-1.0.9-64.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-64.el4.s390x.rpm seamonkey-js-debugger-1.0.9-64.el4.s390x.rpm seamonkey-mail-1.0.9-64.el4.s390x.rpm x86_64: seamonkey-1.0.9-64.el4.x86_64.rpm seamonkey-chat-1.0.9-64.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-64.el4.x86_64.rpm seamonkey-devel-1.0.9-64.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-64.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-64.el4.x86_64.rpm seamonkey-mail-1.0.9-64.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: seamonkey-1.0.9-64.el4.i386.rpm seamonkey-chat-1.0.9-64.el4.i386.rpm seamonkey-debuginfo-1.0.9-64.el4.i386.rpm seamonkey-devel-1.0.9-64.el4.i386.rpm seamonkey-dom-inspector-1.0.9-64.el4.i386.rpm seamonkey-js-debugger-1.0.9-64.el4.i386.rpm seamonkey-mail-1.0.9-64.el4.i386.rpm x86_64: seamonkey-1.0.9-64.el4.x86_64.rpm seamonkey-chat-1.0.9-64.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-64.el4.x86_64.rpm seamonkey-devel-1.0.9-64.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-64.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-64.el4.x86_64.rpm seamonkey-mail-1.0.9-64.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: seamonkey-1.0.9-64.el4.i386.rpm seamonkey-chat-1.0.9-64.el4.i386.rpm seamonkey-debuginfo-1.0.9-64.el4.i386.rpm seamonkey-devel-1.0.9-64.el4.i386.rpm seamonkey-dom-inspector-1.0.9-64.el4.i386.rpm seamonkey-js-debugger-1.0.9-64.el4.i386.rpm seamonkey-mail-1.0.9-64.el4.i386.rpm ia64: seamonkey-1.0.9-64.el4.ia64.rpm seamonkey-chat-1.0.9-64.el4.ia64.rpm seamonkey-debuginfo-1.0.9-64.el4.ia64.rpm seamonkey-devel-1.0.9-64.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-64.el4.ia64.rpm seamonkey-js-debugger-1.0.9-64.el4.ia64.rpm seamonkey-mail-1.0.9-64.el4.ia64.rpm x86_64: seamonkey-1.0.9-64.el4.x86_64.rpm seamonkey-chat-1.0.9-64.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-64.el4.x86_64.rpm seamonkey-devel-1.0.9-64.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-64.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-64.el4.x86_64.rpm seamonkey-mail-1.0.9-64.el4.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: seamonkey-1.0.9-64.el4.i386.rpm seamonkey-chat-1.0.9-64.el4.i386.rpm seamonkey-debuginfo-1.0.9-64.el4.i386.rpm seamonkey-devel-1.0.9-64.el4.i386.rpm seamonkey-dom-inspector-1.0.9-64.el4.i386.rpm seamonkey-js-debugger-1.0.9-64.el4.i386.rpm seamonkey-mail-1.0.9-64.el4.i386.rpm ia64: seamonkey-1.0.9-64.el4.ia64.rpm seamonkey-chat-1.0.9-64.el4.ia64.rpm seamonkey-debuginfo-1.0.9-64.el4.ia64.rpm seamonkey-devel-1.0.9-64.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-64.el4.ia64.rpm seamonkey-js-debugger-1.0.9-64.el4.ia64.rpm seamonkey-mail-1.0.9-64.el4.ia64.rpm x86_64: seamonkey-1.0.9-64.el4.x86_64.rpm seamonkey-chat-1.0.9-64.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-64.el4.x86_64.rpm seamonkey-devel-1.0.9-64.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-64.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-64.el4.x86_64.rpm seamonkey-mail-1.0.9-64.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3170 https://access.redhat.com/security/cve/CVE-2010-3173 https://access.redhat.com/security/cve/CVE-2010-3176 https://access.redhat.com/security/cve/CVE-2010-3177 https://access.redhat.com/security/cve/CVE-2010-3180 https://access.redhat.com/security/cve/CVE-2010-3182 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. . Urgent patch release for Seamokey packages on CentOS, fixing various vulnerabilities with potential attack routes.. Seamonkey Update, Red Hat Advisory, Security Flaws, Critical Patch. . Severity: Critical. LinuxSecurity.com Team
Oct 19, 2010
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!