Red Hat 9062 Published by

Red Hat has released 14 new updates for Red Hat Enterprise Linux



[RHSA-2011:0600-01] Moderate: dovecot security and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: dovecot security and enhancement update
Advisory ID: RHSA-2011:0600-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0600.html
Issue date: 2011-05-19
CVE Names: CVE-2010-3707 CVE-2010-3780
=====================================================================

1. Summary:

Updated dovecot packages that fix two security issues and add one
enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Dovecot is an IMAP server for Linux, UNIX, and similar operating systems,
primarily written with security in mind.

A flaw was found in the way Dovecot handled SIGCHLD signals. If a large
amount of IMAP or POP3 session disconnects caused the Dovecot master
process to receive these signals rapidly, it could cause the master process
to crash. (CVE-2010-3780)

A flaw was found in the way Dovecot processed multiple Access Control Lists
(ACL) defined for a mailbox. In some cases, Dovecot could fail to apply the
more specific ACL entry, possibly resulting in more access being granted to
the user than intended. (CVE-2010-3707)

This update also adds the following enhancement:

* This erratum upgrades Dovecot to upstream version 2.0.9, providing
multiple fixes for the "dsync" utility and improving overall performance.
Refer to the "/usr/share/doc/dovecot-2.0.9/ChangeLog" file after installing
this update for further information about the changes. (BZ#637056)

Users of dovecot are advised to upgrade to these updated packages, which
resolve these issues and add this enhancement. After installing the updated
packages, the dovecot service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

637056 - rebase dovecot to 2.0 final
640410 - CVE-2010-3707 Dovecot: Failed to properly update ACL cache, when multiple rules defined rights for one subject
641276 - CVE-2010-3780 Dovecot: Busy master process, receiving a lot of SIGCHLD signals rapidly while logging, could die

6. Package List:

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm

i386:
dovecot-2.0.9-2.el6.i686.rpm
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
dovecot-mysql-2.0.9-2.el6.i686.rpm
dovecot-pgsql-2.0.9-2.el6.i686.rpm
dovecot-pigeonhole-2.0.9-2.el6.i686.rpm

ppc64:
dovecot-2.0.9-2.el6.ppc.rpm
dovecot-2.0.9-2.el6.ppc64.rpm
dovecot-debuginfo-2.0.9-2.el6.ppc.rpm
dovecot-debuginfo-2.0.9-2.el6.ppc64.rpm
dovecot-mysql-2.0.9-2.el6.ppc64.rpm
dovecot-pgsql-2.0.9-2.el6.ppc64.rpm
dovecot-pigeonhole-2.0.9-2.el6.ppc64.rpm

s390x:
dovecot-2.0.9-2.el6.s390.rpm
dovecot-2.0.9-2.el6.s390x.rpm
dovecot-debuginfo-2.0.9-2.el6.s390.rpm
dovecot-debuginfo-2.0.9-2.el6.s390x.rpm
dovecot-mysql-2.0.9-2.el6.s390x.rpm
dovecot-pgsql-2.0.9-2.el6.s390x.rpm
dovecot-pigeonhole-2.0.9-2.el6.s390x.rpm

x86_64:
dovecot-2.0.9-2.el6.i686.rpm
dovecot-2.0.9-2.el6.x86_64.rpm
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm
dovecot-mysql-2.0.9-2.el6.x86_64.rpm
dovecot-pgsql-2.0.9-2.el6.x86_64.rpm
dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm

i386:
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
dovecot-devel-2.0.9-2.el6.i686.rpm

ppc64:
dovecot-debuginfo-2.0.9-2.el6.ppc64.rpm
dovecot-devel-2.0.9-2.el6.ppc64.rpm

s390x:
dovecot-debuginfo-2.0.9-2.el6.s390x.rpm
dovecot-devel-2.0.9-2.el6.s390x.rpm

x86_64:
dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm
dovecot-devel-2.0.9-2.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm

i386:
dovecot-2.0.9-2.el6.i686.rpm
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
dovecot-mysql-2.0.9-2.el6.i686.rpm
dovecot-pgsql-2.0.9-2.el6.i686.rpm
dovecot-pigeonhole-2.0.9-2.el6.i686.rpm

x86_64:
dovecot-2.0.9-2.el6.i686.rpm
dovecot-2.0.9-2.el6.x86_64.rpm
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm
dovecot-mysql-2.0.9-2.el6.x86_64.rpm
dovecot-pgsql-2.0.9-2.el6.x86_64.rpm
dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm

i386:
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
dovecot-devel-2.0.9-2.el6.i686.rpm

x86_64:
dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm
dovecot-devel-2.0.9-2.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3707.html
https://www.redhat.com/security/data/cve/CVE-2010-3780.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Q26XlSAg2UNWIIRAnRbAJ0QW0l2aEfe6nddZBnG+s19f8s3SgCggZqZ
CNPh97aZmtQBykLgqW7JOTY=
=8faX
-----END PGP SIGNATURE-----
[RHSA-2011:0599-01] Low: sudo security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: sudo security and bug fix update
Advisory ID: RHSA-2011:0599-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0599.html
Issue date: 2011-05-19
CVE Names: CVE-2011-0010
=====================================================================

1. Summary:

An updated sudo package that fixes one security issue and several bugs is
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A flaw was found in the sudo password checking logic. In configurations
where the sudoers settings allowed a user to run a command using sudo with
only the group ID changed, sudo failed to prompt for the user's password
before running the specified command with the elevated group privileges.
(CVE-2011-0010)

This update also fixes the following bugs:

* When the "/etc/sudoers" file contained entries with multiple hosts,
running the "sudo -l" command incorrectly reported that a certain user does
not have permissions to use sudo on the system. With this update, running
the "sudo -l" command now produces the correct output. (BZ#603823)

* Prior to this update, the manual page for sudoers.ldap was not installed,
even though it contains important information on how to set up an LDAP
(Lightweight Directory Access Protocol) sudoers source, and other documents
refer to it. With this update, the manual page is now properly included in
the package. Additionally, various POD files have been removed from the
package, as they are required for build purposes only. (BZ#634159)

* The previous version of sudo did not use the same location for the LDAP
configuration files as the nss_ldap package. This has been fixed and sudo
now looks for these files in the same location as the nss_ldap package.
(BZ#652726)

* When a file was edited using the "sudo -e file" or the "sudoedit file"
command, the editor being executed for this task was logged only as
"sudoedit". With this update, the full path to the executable being used as
an editor is now logged (instead of "sudoedit"). (BZ#665131)

* A comment regarding the "visiblepw" option of the "Defaults" directive
has been added to the default "/etc/sudoers" file to clarify its usage.
(BZ#688640)

* This erratum upgrades sudo to upstream version 1.7.4p5, which provides a
number of bug fixes and enhancements over the previous version. (BZ#615087)

All users of sudo are advised to upgrade to this updated package, which
resolves these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

603823 - sudo - fix printing of entries with multiple host entries on a single line.
615087 - Rebase sudo to version 1.7.3
634159 - .pod files are packaged under /usr/share/doc/sudo*, and man page for sudoers.ldap is missing
652726 - sudo and nss_ldap use different ldap.conf
668879 - CVE-2011-0010 sudo: does not ask for password on GID changes
688640 - Add comment about the visiblepw option into sudoers

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm

i386:
sudo-1.7.4p5-5.el6.i686.rpm
sudo-debuginfo-1.7.4p5-5.el6.i686.rpm

x86_64:
sudo-1.7.4p5-5.el6.x86_64.rpm
sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm

x86_64:
sudo-1.7.4p5-5.el6.x86_64.rpm
sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm

i386:
sudo-1.7.4p5-5.el6.i686.rpm
sudo-debuginfo-1.7.4p5-5.el6.i686.rpm

ppc64:
sudo-1.7.4p5-5.el6.ppc64.rpm
sudo-debuginfo-1.7.4p5-5.el6.ppc64.rpm

s390x:
sudo-1.7.4p5-5.el6.s390x.rpm
sudo-debuginfo-1.7.4p5-5.el6.s390x.rpm

x86_64:
sudo-1.7.4p5-5.el6.x86_64.rpm
sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm

i386:
sudo-1.7.4p5-5.el6.i686.rpm
sudo-debuginfo-1.7.4p5-5.el6.i686.rpm

x86_64:
sudo-1.7.4p5-5.el6.x86_64.rpm
sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0010.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1QumXlSAg2UNWIIRAg4rAJ4/Zsu4deew+l2OxMzQ6YK8BdaMBgCeNKqW
qZySL7Bo6w6E3i+SYxHrfZM=
=fH84
-----END PGP SIGNATURE-----

[RHSA-2011:0586-01] Low: libguestfs security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: libguestfs security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0586-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0586.html
Issue date: 2011-05-19
CVE Names: CVE-2010-3851
=====================================================================

1. Summary:

Updated libguestfs packages that fix one security issue, several bugs, and
add one enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64

3. Description:

libguestfs is a library for accessing and modifying guest disk images.

libguestfs relied on the format auto-detection in QEMU rather than
allowing the guest image file format to be specified. A privileged guest
user could potentially use this flaw to read arbitrary files on the host
that were accessible to a user on that host who was running a program that
utilized the libguestfs library. (CVE-2010-3851)

This erratum upgrades libguestfs to upstream version 1.7.17, which includes
a number of bug fixes and one enhancement. Documentation for these bug
fixes and this enhancement is provided in the Technical Notes document,
linked to in the References section.

All libguestfs users are advised to upgrade to these updated packages,
which correct this issue, and fix the bugs and add the enhancement noted
in the Technical Notes.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

600144 - document that mkmountpoint and umount-all cannot be mixed
612308 - qemu -net / vlan option deprecated. Use -netdev instead.
613593 - Rebase libguestfs in RHEL 6.1
615223 - vfs-type could not read just-created filesystem
617440 - guestfish: fails to tilde expand '~' when the $HOME env is unset
627468 - [RFE]It's better to emphasize "libguestfs-winsupport" in V2V manpage or error output
627832 - [RFE] guestfish should print outputs in a suitable base (eg. octal for modes)
627833 - get-e2uuid should use blkid instead of "tune2fs -l" to get filesystem UUID
633174 - some guestfish sub commands can not handle special files properly
639601 - "virt-ls" command failed to parse domain name "#"
639602 - ""virt-list-filesystems" fails to parse the command line argument if the domain name is "#".
643958 - CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
657472 - checksum: wrong check sum type causes umount to fail
657502 - virt-inspector depends on EPEL package perl-String-ShellQuote but does not require it
666577 - libguestfs: unknown filesystem /dev/fd0
666579 - libguestfs: unknown filesystem /dev/hd{x} (cdrom)
668115 - virt-filesystems command fails on guest with corrupt filesystem label
668611 - guestfish -i is trying to mount all mounts from /etc/fstab and fails with an error when device doesn't exists
673477 - Add a grep-friendly string to LIBGUESTFS_TRACE output
673721 - Typo in virt-make-fs manual page
676788 - libguestfs trace segfaults when list-filesystems returns error
677616 - appliance doesn't include augeas device_map lens
691724 - virt-inspector reports unknown filesystem /dev/vda1
695138 - Remove dependency on gfs2-utils

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
guestfish-1.7.17-17.el6.x86_64.rpm
libguestfs-1.7.17-17.el6.x86_64.rpm
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-java-1.7.17-17.el6.x86_64.rpm
libguestfs-mount-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm
perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm
python-libguestfs-1.7.17-17.el6.x86_64.rpm
ruby-libguestfs-1.7.17-17.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
guestfish-1.7.17-17.el6.x86_64.rpm
libguestfs-1.7.17-17.el6.x86_64.rpm
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-java-1.7.17-17.el6.x86_64.rpm
libguestfs-mount-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm
perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm
python-libguestfs-1.7.17-17.el6.x86_64.rpm
ruby-libguestfs-1.7.17-17.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
guestfish-1.7.17-17.el6.x86_64.rpm
libguestfs-1.7.17-17.el6.x86_64.rpm
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-java-1.7.17-17.el6.x86_64.rpm
libguestfs-mount-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm
perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm
python-libguestfs-1.7.17-17.el6.x86_64.rpm
ruby-libguestfs-1.7.17-17.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
guestfish-1.7.17-17.el6.x86_64.rpm
libguestfs-1.7.17-17.el6.x86_64.rpm
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-java-1.7.17-17.el6.x86_64.rpm
libguestfs-mount-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-1.7.17-17.el6.x86_64.rpm
libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm
perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm

x86_64:
libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm
libguestfs-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm
libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm
ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm
python-libguestfs-1.7.17-17.el6.x86_64.rpm
ruby-libguestfs-1.7.17-17.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3851.html
https://access.redhat.com/security/updates/classification/#low
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/index.html#libguestfs

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1QttXlSAg2UNWIIRAurJAKCrnb86vob16o/HWDyRSU91uYBcjQCbBMm3
/0Io6mGHOwBf7f3+YEVxarQ=
=CsHH
-----END PGP SIGNATURE-----

[RHSA-2011:0791-01] Moderate: tomcat6 security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: tomcat6 security and bug fix update
Advisory ID: RHSA-2011:0791-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0791.html
Issue date: 2011-05-19
CVE Names: CVE-2010-3718 CVE-2010-4172 CVE-2011-0013
=====================================================================

1. Summary:

Updated tomcat6 packages that fix three security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch
Red Hat Enterprise Linux Server (v. 6) - noarch
Red Hat Enterprise Linux Server Optional (v. 6) - noarch
Red Hat Enterprise Linux Workstation (v. 6) - noarch
Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch

3. Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that web applications could modify the location of the Tomcat
host's work directory. As web applications deployed on Tomcat have read and
write access to this directory, a malicious web application could use this
flaw to trick Tomcat into giving it read and write access to an arbitrary
directory on the file system. (CVE-2010-3718)

A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Tomcat. If a remote attacker could
trick a user who is logged into the Manager application into visiting a
specially-crafted URL, the attacker could perform Manager application tasks
with the privileges of the logged in user. (CVE-2010-4172)

A second cross-site scripting (XSS) flaw was found in the Manager
application. A malicious web application could use this flaw to conduct an
XSS attack, leading to arbitrary web script execution with the privileges
of victims who are logged into and viewing Manager application web pages.
(CVE-2011-0013)

This update also fixes the following bugs:

* A bug in the "tomcat6" init script prevented additional Tomcat instances
from starting. As well, running "service tomcat6 start" caused
configuration options applied from "/etc/sysconfig/tomcat6" to be
overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update,
multiple instances of Tomcat run as expected. (BZ#636997)

* The "/usr/share/java/" directory was missing a symbolic link to the
"/usr/share/tomcat6/bin/tomcat-juli.jar" library. Because this library was
mandatory for certain operations (such as running the Jasper JSP
precompiler), the "build-jar-repository" command was unable to compose a
valid classpath. With this update, the missing symbolic link has been
added. (BZ#661244)

* Previously, the "tomcat6" init script failed to start Tomcat with a "This
account is currently not available." message when Tomcat was configured to
run under a user that did not have a valid shell configured as a login
shell. This update modifies the init script to work correctly regardless of
the daemon user's login shell. Additionally, these new tomcat6 packages now
set "/sbin/nologin" as the login shell for the "tomcat" user upon
installation, as recommended by deployment best practices. (BZ#678671)

* Some standard Tomcat directories were missing write permissions for the
"tomcat" group, which could cause certain applications to fail with errors
such as "No output folder". This update adds write permissions for the
"tomcat" group to the affected directories. (BZ#643809)

* The "/usr/sbin/tomcat6" wrapper script used a hard-coded path to the
"catalina.out" file, which may have caused problems (such as for logging
init script output) if Tomcat was being run with a user other than "tomcat"
and with CATALINA_BASE set to a directory other than the default.
(BZ#695284, BZ#697504)

* Stopping Tomcat could have resulted in traceback errors being logged to
"catalina.out" when certain web applications were deployed. (BZ#698624)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

636997 - Additionally Created Instances of Tomcat are broken / don't work
643809 - Bad permissions on tomcat folders
656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application
661244 - Missing tomcat6-juli link in /usr/share/java
675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface
675792 - CVE-2010-3718 tomcat: file permission bypass flaw
678671 - tomcat user requires login shell
695284 - catalina.out path hard-coded in /usr/sbin/tomcat6
697504 - tomcat6-6.0.wrapper redirects init script output to wrong place

6. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm

noarch:
tomcat6-6.0.24-33.el6.noarch.rpm
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-lib-6.0.24-33.el6.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
tomcat6-webapps-6.0.24-33.el6.noarch.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm

noarch:
tomcat6-6.0.24-33.el6.noarch.rpm
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-lib-6.0.24-33.el6.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
tomcat6-webapps-6.0.24-33.el6.noarch.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm

noarch:
tomcat6-6.0.24-33.el6.noarch.rpm
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-lib-6.0.24-33.el6.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm

noarch:
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
tomcat6-webapps-6.0.24-33.el6.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm

noarch:
tomcat6-6.0.24-33.el6.noarch.rpm
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
tomcat6-lib-6.0.24-33.el6.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm

noarch:
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
tomcat6-webapps-6.0.24-33.el6.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3718.html
https://www.redhat.com/security/data/cve/CVE-2010-4172.html
https://www.redhat.com/security/data/cve/CVE-2011-0013.html
https://access.redhat.com/security/updates/classification/#moderate
http://tomcat.apache.org/security-6.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Q8DXlSAg2UNWIIRAiAjAKCKpl/PFfVHVQW3duUk3RvEpSrxOgCfQOVY
4+vDaJH2BGgmbj70ZTb551A=
=zxY+
-----END PGP SIGNATURE-----

[RHSA-2011:0560-01] Low: sssd security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: sssd security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0560-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0560.html
Issue date: 2011-05-19
CVE Names: CVE-2010-4341
=====================================================================

1. Summary:

Updated sssd packages that fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The System Security Services Daemon (SSSD) provides a set of daemons to
manage access to remote directories and authentication mechanisms. It
provides an NSS and PAM interface toward the system and a pluggable
back-end system to connect to multiple different account sources. It is
also the basis to provide client auditing and policy services for projects
such as FreeIPA.

A flaw was found in the SSSD PAM responder that could allow a local
attacker to crash SSSD via a carefully-crafted packet. With SSSD
unresponsive, legitimate users could be denied the ability to log in to the
system. (CVE-2010-4341)

Red Hat would like to thank Sebastian Krahmer for reporting this issue.

This update also fixes several bugs and adds various enhancements.
Documentation for these bug fixes and enhancements will be available
shortly from the Technical Notes document, linked to in the References
section.

Users of SSSD should upgrade to these updated packages, which upgrade SSSD
to upstream version 1.5.1 to correct this issue, and fix the bugs and add
the enhancements noted in the Technical Notes.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

442680 - Better support for Kerberos ticket cache management
598501 - SSSD doesn't follow LDAP referrals when using non-anonymous bind
633406 - the krb5 locator plugin isn't packaged for multilib
633487 - SSSD initgroups does not behave as expected
640602 - sssd is not escaping correctly LDAP searches
644072 - Rebase SSSD to 1.5
645438 - NSS responder dies if DP dies during a request
645449 - 'getent passwd ' returns nothing if its uidNumber gt 2147483647.
647816 - Login screen freezes for more than 2mins when configured SSSD for proxy auth.
649286 - SSSD will sometimes lose groups from the cache
658158 - sssd stops on upgrade
659401 - SSSD shutdown sometimes hangs
660323 - Provide an option to specify DNS domain for service discovery
661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins
667059 - nss client blocks when enumerating local domain after restart.
667326 - '-s' option in sss_obfuscate command is a bit redundant.
667349 - Obfuscated passwords can kill LDAP provider if OpenLDAP uses NSS.
670511 - SSSD and sftp-only jailed users with pubkey login
670763 - Missing primary group with simple access provider.
670804 - Nested groups are not unrolled during the first enumeration.
671478 - authconfig-tui/gtk removes "ldap_user_home_directory" from sssd.conf
674141 - Traceback call messages displayed while "sss_obfuscate" command is executed as a non-root user.
674164 - sss_obfuscate fails if there's no domain named "default".
674172 - Group members are not sanitized in nested group processing
674515 - -p option always uses empty string to obfuscate password.
675284 - "no matching rule" message logged on all successful requests.
676401 - Remove HBAC time rules from SSSD
676911 - SSSD attempts to use START_TLS over LDAPS for authentication
677318 - Does not read renewable ccache at startup.
677588 - sssd crashes at the next tgt renewals it tries.
678091 - SSSD in 6.0 can not locate HBAC rules from FreeIPAv2
678410 - name service caches names, so id command shows recently deleted users
678593 - User information not updated on login for secondary domains
678614 - SSSD needs to look at IPA's compat tree for netgroups
678777 - IPA provider does not update removed group memberships on initgroups
679082 - SSSD IPA provider should honor the krb5_realm option
680367 - sssd not thread-safe
682340 - sssd-be segmentation fault - ipa-client on ipa-server
682807 - sssd_nss core dumps with certain lookups
682850 - IPA provider should use realm instead of ipa_domain for base DN
683158 - multiple problems with sssd + ldap (Active-Directory) and groups members.
683255 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup
683860 - sssd 1.5.1-9 breaks AD authentication
683885 - SSSD should skip over groups with multiple names
688491 - authconfig fails when access_provider is set as krb5 in sssd.conf.
689886 - group memberships are not populated correctly during IPA provider initgroups
690131 - Traceback messages seen while interrupting sss_obfuscate using ctrl+d.
690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV)
690866 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests
691678 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD)
692472 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV)
694146 - SSSD consumes GBs of RAM, possible memory leak
694444 - Unable to resolve SRV record when called with _srv_, in ldap_uri
694783 - SSSD crashes during getent when anonymous bind is disabled.
696972 - [REGRESSION] Filters not honoured against fully-qualified users.
701700 - sssd client libraries use select() but should use poll() instead

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm

i386:
sssd-1.5.1-34.el6.i686.rpm
sssd-client-1.5.1-34.el6.i686.rpm
sssd-debuginfo-1.5.1-34.el6.i686.rpm

x86_64:
sssd-1.5.1-34.el6.x86_64.rpm
sssd-client-1.5.1-34.el6.i686.rpm
sssd-client-1.5.1-34.el6.x86_64.rpm
sssd-debuginfo-1.5.1-34.el6.i686.rpm
sssd-debuginfo-1.5.1-34.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm

i386:
sssd-debuginfo-1.5.1-34.el6.i686.rpm
sssd-tools-1.5.1-34.el6.i686.rpm

x86_64:
sssd-debuginfo-1.5.1-34.el6.x86_64.rpm
sssd-tools-1.5.1-34.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm

i386:
sssd-1.5.1-34.el6.i686.rpm
sssd-client-1.5.1-34.el6.i686.rpm
sssd-debuginfo-1.5.1-34.el6.i686.rpm

ppc64:
sssd-1.5.1-34.el6.ppc64.rpm
sssd-client-1.5.1-34.el6.ppc.rpm
sssd-client-1.5.1-34.el6.ppc64.rpm
sssd-debuginfo-1.5.1-34.el6.ppc.rpm
sssd-debuginfo-1.5.1-34.el6.ppc64.rpm

s390x:
sssd-1.5.1-34.el6.s390x.rpm
sssd-client-1.5.1-34.el6.s390.rpm
sssd-client-1.5.1-34.el6.s390x.rpm
sssd-debuginfo-1.5.1-34.el6.s390.rpm
sssd-debuginfo-1.5.1-34.el6.s390x.rpm

x86_64:
sssd-1.5.1-34.el6.x86_64.rpm
sssd-client-1.5.1-34.el6.i686.rpm
sssd-client-1.5.1-34.el6.x86_64.rpm
sssd-debuginfo-1.5.1-34.el6.i686.rpm
sssd-debuginfo-1.5.1-34.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm

i386:
sssd-debuginfo-1.5.1-34.el6.i686.rpm
sssd-tools-1.5.1-34.el6.i686.rpm

ppc64:
sssd-debuginfo-1.5.1-34.el6.ppc64.rpm
sssd-tools-1.5.1-34.el6.ppc64.rpm

s390x:
sssd-debuginfo-1.5.1-34.el6.s390x.rpm
sssd-tools-1.5.1-34.el6.s390x.rpm

x86_64:
sssd-debuginfo-1.5.1-34.el6.x86_64.rpm
sssd-tools-1.5.1-34.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm

i386:
sssd-1.5.1-34.el6.i686.rpm
sssd-client-1.5.1-34.el6.i686.rpm
sssd-debuginfo-1.5.1-34.el6.i686.rpm

x86_64:
sssd-1.5.1-34.el6.x86_64.rpm
sssd-client-1.5.1-34.el6.i686.rpm
sssd-client-1.5.1-34.el6.x86_64.rpm
sssd-debuginfo-1.5.1-34.el6.i686.rpm
sssd-debuginfo-1.5.1-34.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm

i386:
sssd-debuginfo-1.5.1-34.el6.i686.rpm
sssd-tools-1.5.1-34.el6.i686.rpm

x86_64:
sssd-debuginfo-1.5.1-34.el6.x86_64.rpm
sssd-tools-1.5.1-34.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4341.html
https://access.redhat.com/security/updates/classification/#low
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/index.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Qr+XlSAg2UNWIIRAitmAJ4/vnFA+RG6yosPlusnICXjY6ayygCfZRO7
+8USf94DNiwfiJq2wxiq3Rc=
=Onj8
-----END PGP SIGNATURE-----

[RHSA-2011:0558-01] Moderate: perl security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: perl security and bug fix update
Advisory ID: RHSA-2011:0558-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0558.html
Issue date: 2011-05-19
CVE Names: CVE-2010-2761 CVE-2010-4410 CVE-2011-1487
=====================================================================

1. Summary:

Updated perl packages that fix three security issues and several bugs are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Perl is a high-level programming language commonly used for system
administration utilities and web programming. The Perl CGI module provides
resources for preparing and processing Common Gateway Interface (CGI) based
HTTP requests and responses.

It was found that the Perl CGI module used a hard-coded value for the MIME
boundary string in multipart/x-mixed-replace content. A remote attacker
could possibly use this flaw to conduct an HTTP response splitting attack
via a specially-crafted HTTP request. (CVE-2010-2761)

A CRLF injection flaw was found in the way the Perl CGI module processed a
sequence of non-whitespace preceded by newline characters in the header. A
remote attacker could use this flaw to conduct an HTTP response splitting
attack via a specially-crafted sequence of characters provided to the CGI
module. (CVE-2010-4410)

It was found that certain Perl string manipulation functions (such as uc()
and lc()) failed to preserve the taint bit. A remote attacker could use
this flaw to bypass the Perl taint mode protection mechanism in scripts
that use the affected functions to process tainted input. (CVE-2011-1487)

These packages upgrade the CGI module to version 3.51. Refer to the CGI
module's Changes file, linked to in the References, for a full list of
changes.

This update also fixes the following bugs:

* When using the "threads" module, an attempt to send a signal to a thread
that did not have a signal handler specified caused the perl interpreter to
terminate unexpectedly with a segmentation fault. With this update, the
"threads" module has been updated to upstream version 1.82, which fixes
this bug. As a result, sending a signal to a thread that does not have the
signal handler specified no longer causes perl to crash. (BZ#626330)

* Prior to this update, the perl packages did not require the Digest::SHA
module as a dependency. Consequent to this, when a user started the cpan
command line interface and attempted to download a distribution from CPAN,
they may have been presented with the following message:

CPAN: checksum security checks disabled because Digest::SHA not installed.
Please consider installing the Digest::SHA module.

This update corrects the spec file for the perl package to require the
perl-Digest-SHA package as a dependency, and cpan no longer displays the
above message. (BZ#640716)

* When using the "threads" module, continual creation and destruction of
threads could cause the Perl program to consume an increasing amount of
memory. With this update, the underlying source code has been corrected to
free the allocated memory when a thread is destroyed, and the continual
creation and destruction of threads in Perl programs no longer leads to
memory leaks. (BZ#640720)

* Due to a packaging error, the perl packages did not include the
"NDBM_File" module. This update corrects this error, and "NDBM_File" is now
included as expected. (BZ#640729)

* Prior to this update, the prove(1) manual page and the "prove --help"
command listed "--fork" as a valid command line option. However, version
3.17 of the Test::Harness distribution removed the support for the
fork-based parallel testing, and the prove utility thus no longer supports
this option. This update corrects both the manual page and the output of
the "prove --help" command, so that "--fork" is no longer included in the
list of available command line options. (BZ#609492)

Users of Perl, especially those of Perl threads, are advised to upgrade to
these updated packages, which correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

609492 - unknown option fork with prove
626330 - Sending signal to thread without signal handler in thread causes perl to segfault
640716 - Let perl-CPAN Require: perl(Digest::SHA)
640720 - Thread desctructor leaks
640729 - NDBM_File module is missing in perl core
658976 - perl-CGI, perl-CGI-Simple: CVE-2010-2761 - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
692898 - CVE-2011-1487 perl: lc(), uc() routines are laundering tainted data

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm

i386:
perl-5.10.1-119.el6.i686.rpm
perl-Archive-Extract-0.38-119.el6.i686.rpm
perl-Archive-Tar-1.58-119.el6.i686.rpm
perl-CGI-3.51-119.el6.i686.rpm
perl-CPAN-1.9402-119.el6.i686.rpm
perl-CPANPLUS-0.88-119.el6.i686.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.i686.rpm
perl-Compress-Zlib-2.020-119.el6.i686.rpm
perl-Digest-SHA-5.47-119.el6.i686.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.i686.rpm
perl-ExtUtils-Embed-1.28-119.el6.i686.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.i686.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.i686.rpm
perl-File-Fetch-0.26-119.el6.i686.rpm
perl-IO-Compress-Base-2.020-119.el6.i686.rpm
perl-IO-Compress-Zlib-2.020-119.el6.i686.rpm
perl-IO-Zlib-1.09-119.el6.i686.rpm
perl-IPC-Cmd-0.56-119.el6.i686.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.i686.rpm
perl-Log-Message-0.02-119.el6.i686.rpm
perl-Log-Message-Simple-0.04-119.el6.i686.rpm
perl-Module-Build-0.3500-119.el6.i686.rpm
perl-Module-CoreList-2.18-119.el6.i686.rpm
perl-Module-Load-0.16-119.el6.i686.rpm
perl-Module-Load-Conditional-0.30-119.el6.i686.rpm
perl-Module-Loaded-0.02-119.el6.i686.rpm
perl-Module-Pluggable-3.90-119.el6.i686.rpm
perl-Object-Accessor-0.34-119.el6.i686.rpm
perl-Package-Constants-0.02-119.el6.i686.rpm
perl-Params-Check-0.26-119.el6.i686.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.i686.rpm
perl-Pod-Escapes-1.04-119.el6.i686.rpm
perl-Pod-Simple-3.13-119.el6.i686.rpm
perl-Term-UI-0.20-119.el6.i686.rpm
perl-Test-Harness-3.17-119.el6.i686.rpm
perl-Test-Simple-0.92-119.el6.i686.rpm
perl-Time-HiRes-1.9721-119.el6.i686.rpm
perl-Time-Piece-1.15-119.el6.i686.rpm
perl-core-5.10.1-119.el6.i686.rpm
perl-debuginfo-5.10.1-119.el6.i686.rpm
perl-devel-5.10.1-119.el6.i686.rpm
perl-libs-5.10.1-119.el6.i686.rpm
perl-parent-0.221-119.el6.i686.rpm
perl-suidperl-5.10.1-119.el6.i686.rpm
perl-version-0.77-119.el6.i686.rpm

x86_64:
perl-5.10.1-119.el6.x86_64.rpm
perl-Archive-Extract-0.38-119.el6.x86_64.rpm
perl-Archive-Tar-1.58-119.el6.x86_64.rpm
perl-CGI-3.51-119.el6.x86_64.rpm
perl-CPAN-1.9402-119.el6.x86_64.rpm
perl-CPANPLUS-0.88-119.el6.x86_64.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm
perl-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-Digest-SHA-5.47-119.el6.x86_64.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm
perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm
perl-File-Fetch-0.26-119.el6.x86_64.rpm
perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm
perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-IO-Zlib-1.09-119.el6.x86_64.rpm
perl-IPC-Cmd-0.56-119.el6.x86_64.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm
perl-Log-Message-0.02-119.el6.x86_64.rpm
perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm
perl-Module-Build-0.3500-119.el6.x86_64.rpm
perl-Module-CoreList-2.18-119.el6.x86_64.rpm
perl-Module-Load-0.16-119.el6.x86_64.rpm
perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm
perl-Module-Loaded-0.02-119.el6.x86_64.rpm
perl-Module-Pluggable-3.90-119.el6.x86_64.rpm
perl-Object-Accessor-0.34-119.el6.x86_64.rpm
perl-Package-Constants-0.02-119.el6.x86_64.rpm
perl-Params-Check-0.26-119.el6.x86_64.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm
perl-Pod-Escapes-1.04-119.el6.x86_64.rpm
perl-Pod-Simple-3.13-119.el6.x86_64.rpm
perl-Term-UI-0.20-119.el6.x86_64.rpm
perl-Test-Harness-3.17-119.el6.x86_64.rpm
perl-Test-Simple-0.92-119.el6.x86_64.rpm
perl-Time-HiRes-1.9721-119.el6.x86_64.rpm
perl-Time-Piece-1.15-119.el6.x86_64.rpm
perl-core-5.10.1-119.el6.x86_64.rpm
perl-debuginfo-5.10.1-119.el6.i686.rpm
perl-debuginfo-5.10.1-119.el6.x86_64.rpm
perl-devel-5.10.1-119.el6.i686.rpm
perl-devel-5.10.1-119.el6.x86_64.rpm
perl-libs-5.10.1-119.el6.i686.rpm
perl-libs-5.10.1-119.el6.x86_64.rpm
perl-parent-0.221-119.el6.x86_64.rpm
perl-suidperl-5.10.1-119.el6.x86_64.rpm
perl-version-0.77-119.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm

x86_64:
perl-5.10.1-119.el6.x86_64.rpm
perl-Archive-Extract-0.38-119.el6.x86_64.rpm
perl-Archive-Tar-1.58-119.el6.x86_64.rpm
perl-CGI-3.51-119.el6.x86_64.rpm
perl-CPAN-1.9402-119.el6.x86_64.rpm
perl-CPANPLUS-0.88-119.el6.x86_64.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm
perl-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-Digest-SHA-5.47-119.el6.x86_64.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm
perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm
perl-File-Fetch-0.26-119.el6.x86_64.rpm
perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm
perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-IO-Zlib-1.09-119.el6.x86_64.rpm
perl-IPC-Cmd-0.56-119.el6.x86_64.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm
perl-Log-Message-0.02-119.el6.x86_64.rpm
perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm
perl-Module-Build-0.3500-119.el6.x86_64.rpm
perl-Module-CoreList-2.18-119.el6.x86_64.rpm
perl-Module-Load-0.16-119.el6.x86_64.rpm
perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm
perl-Module-Loaded-0.02-119.el6.x86_64.rpm
perl-Module-Pluggable-3.90-119.el6.x86_64.rpm
perl-Object-Accessor-0.34-119.el6.x86_64.rpm
perl-Package-Constants-0.02-119.el6.x86_64.rpm
perl-Params-Check-0.26-119.el6.x86_64.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm
perl-Pod-Escapes-1.04-119.el6.x86_64.rpm
perl-Pod-Simple-3.13-119.el6.x86_64.rpm
perl-Term-UI-0.20-119.el6.x86_64.rpm
perl-Test-Harness-3.17-119.el6.x86_64.rpm
perl-Test-Simple-0.92-119.el6.x86_64.rpm
perl-Time-HiRes-1.9721-119.el6.x86_64.rpm
perl-Time-Piece-1.15-119.el6.x86_64.rpm
perl-core-5.10.1-119.el6.x86_64.rpm
perl-debuginfo-5.10.1-119.el6.i686.rpm
perl-debuginfo-5.10.1-119.el6.x86_64.rpm
perl-devel-5.10.1-119.el6.i686.rpm
perl-devel-5.10.1-119.el6.x86_64.rpm
perl-libs-5.10.1-119.el6.i686.rpm
perl-libs-5.10.1-119.el6.x86_64.rpm
perl-parent-0.221-119.el6.x86_64.rpm
perl-suidperl-5.10.1-119.el6.x86_64.rpm
perl-version-0.77-119.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm

i386:
perl-5.10.1-119.el6.i686.rpm
perl-Archive-Extract-0.38-119.el6.i686.rpm
perl-Archive-Tar-1.58-119.el6.i686.rpm
perl-CGI-3.51-119.el6.i686.rpm
perl-CPAN-1.9402-119.el6.i686.rpm
perl-CPANPLUS-0.88-119.el6.i686.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.i686.rpm
perl-Compress-Zlib-2.020-119.el6.i686.rpm
perl-Digest-SHA-5.47-119.el6.i686.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.i686.rpm
perl-ExtUtils-Embed-1.28-119.el6.i686.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.i686.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.i686.rpm
perl-File-Fetch-0.26-119.el6.i686.rpm
perl-IO-Compress-Base-2.020-119.el6.i686.rpm
perl-IO-Compress-Zlib-2.020-119.el6.i686.rpm
perl-IO-Zlib-1.09-119.el6.i686.rpm
perl-IPC-Cmd-0.56-119.el6.i686.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.i686.rpm
perl-Log-Message-0.02-119.el6.i686.rpm
perl-Log-Message-Simple-0.04-119.el6.i686.rpm
perl-Module-Build-0.3500-119.el6.i686.rpm
perl-Module-CoreList-2.18-119.el6.i686.rpm
perl-Module-Load-0.16-119.el6.i686.rpm
perl-Module-Load-Conditional-0.30-119.el6.i686.rpm
perl-Module-Loaded-0.02-119.el6.i686.rpm
perl-Module-Pluggable-3.90-119.el6.i686.rpm
perl-Object-Accessor-0.34-119.el6.i686.rpm
perl-Package-Constants-0.02-119.el6.i686.rpm
perl-Params-Check-0.26-119.el6.i686.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.i686.rpm
perl-Pod-Escapes-1.04-119.el6.i686.rpm
perl-Pod-Simple-3.13-119.el6.i686.rpm
perl-Term-UI-0.20-119.el6.i686.rpm
perl-Test-Harness-3.17-119.el6.i686.rpm
perl-Test-Simple-0.92-119.el6.i686.rpm
perl-Time-HiRes-1.9721-119.el6.i686.rpm
perl-Time-Piece-1.15-119.el6.i686.rpm
perl-core-5.10.1-119.el6.i686.rpm
perl-debuginfo-5.10.1-119.el6.i686.rpm
perl-devel-5.10.1-119.el6.i686.rpm
perl-libs-5.10.1-119.el6.i686.rpm
perl-parent-0.221-119.el6.i686.rpm
perl-suidperl-5.10.1-119.el6.i686.rpm
perl-version-0.77-119.el6.i686.rpm

ppc64:
perl-5.10.1-119.el6.ppc64.rpm
perl-Archive-Extract-0.38-119.el6.ppc64.rpm
perl-Archive-Tar-1.58-119.el6.ppc64.rpm
perl-CGI-3.51-119.el6.ppc64.rpm
perl-CPAN-1.9402-119.el6.ppc64.rpm
perl-CPANPLUS-0.88-119.el6.ppc64.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.ppc64.rpm
perl-Compress-Zlib-2.020-119.el6.ppc64.rpm
perl-Digest-SHA-5.47-119.el6.ppc64.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.ppc64.rpm
perl-ExtUtils-Embed-1.28-119.el6.ppc64.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.ppc64.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.ppc64.rpm
perl-File-Fetch-0.26-119.el6.ppc64.rpm
perl-IO-Compress-Base-2.020-119.el6.ppc64.rpm
perl-IO-Compress-Zlib-2.020-119.el6.ppc64.rpm
perl-IO-Zlib-1.09-119.el6.ppc64.rpm
perl-IPC-Cmd-0.56-119.el6.ppc64.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.ppc64.rpm
perl-Log-Message-0.02-119.el6.ppc64.rpm
perl-Log-Message-Simple-0.04-119.el6.ppc64.rpm
perl-Module-Build-0.3500-119.el6.ppc64.rpm
perl-Module-CoreList-2.18-119.el6.ppc64.rpm
perl-Module-Load-0.16-119.el6.ppc64.rpm
perl-Module-Load-Conditional-0.30-119.el6.ppc64.rpm
perl-Module-Loaded-0.02-119.el6.ppc64.rpm
perl-Module-Pluggable-3.90-119.el6.ppc64.rpm
perl-Object-Accessor-0.34-119.el6.ppc64.rpm
perl-Package-Constants-0.02-119.el6.ppc64.rpm
perl-Params-Check-0.26-119.el6.ppc64.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.ppc64.rpm
perl-Pod-Escapes-1.04-119.el6.ppc64.rpm
perl-Pod-Simple-3.13-119.el6.ppc64.rpm
perl-Term-UI-0.20-119.el6.ppc64.rpm
perl-Test-Harness-3.17-119.el6.ppc64.rpm
perl-Test-Simple-0.92-119.el6.ppc64.rpm
perl-Time-HiRes-1.9721-119.el6.ppc64.rpm
perl-Time-Piece-1.15-119.el6.ppc64.rpm
perl-core-5.10.1-119.el6.ppc64.rpm
perl-debuginfo-5.10.1-119.el6.ppc.rpm
perl-debuginfo-5.10.1-119.el6.ppc64.rpm
perl-devel-5.10.1-119.el6.ppc.rpm
perl-devel-5.10.1-119.el6.ppc64.rpm
perl-libs-5.10.1-119.el6.ppc.rpm
perl-libs-5.10.1-119.el6.ppc64.rpm
perl-parent-0.221-119.el6.ppc64.rpm
perl-suidperl-5.10.1-119.el6.ppc64.rpm
perl-version-0.77-119.el6.ppc64.rpm

s390x:
perl-5.10.1-119.el6.s390x.rpm
perl-Archive-Extract-0.38-119.el6.s390x.rpm
perl-Archive-Tar-1.58-119.el6.s390x.rpm
perl-CGI-3.51-119.el6.s390x.rpm
perl-CPAN-1.9402-119.el6.s390x.rpm
perl-CPANPLUS-0.88-119.el6.s390x.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.s390x.rpm
perl-Compress-Zlib-2.020-119.el6.s390x.rpm
perl-Digest-SHA-5.47-119.el6.s390x.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.s390x.rpm
perl-ExtUtils-Embed-1.28-119.el6.s390x.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.s390x.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.s390x.rpm
perl-File-Fetch-0.26-119.el6.s390x.rpm
perl-IO-Compress-Base-2.020-119.el6.s390x.rpm
perl-IO-Compress-Zlib-2.020-119.el6.s390x.rpm
perl-IO-Zlib-1.09-119.el6.s390x.rpm
perl-IPC-Cmd-0.56-119.el6.s390x.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.s390x.rpm
perl-Log-Message-0.02-119.el6.s390x.rpm
perl-Log-Message-Simple-0.04-119.el6.s390x.rpm
perl-Module-Build-0.3500-119.el6.s390x.rpm
perl-Module-CoreList-2.18-119.el6.s390x.rpm
perl-Module-Load-0.16-119.el6.s390x.rpm
perl-Module-Load-Conditional-0.30-119.el6.s390x.rpm
perl-Module-Loaded-0.02-119.el6.s390x.rpm
perl-Module-Pluggable-3.90-119.el6.s390x.rpm
perl-Object-Accessor-0.34-119.el6.s390x.rpm
perl-Package-Constants-0.02-119.el6.s390x.rpm
perl-Params-Check-0.26-119.el6.s390x.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.s390x.rpm
perl-Pod-Escapes-1.04-119.el6.s390x.rpm
perl-Pod-Simple-3.13-119.el6.s390x.rpm
perl-Term-UI-0.20-119.el6.s390x.rpm
perl-Test-Harness-3.17-119.el6.s390x.rpm
perl-Test-Simple-0.92-119.el6.s390x.rpm
perl-Time-HiRes-1.9721-119.el6.s390x.rpm
perl-Time-Piece-1.15-119.el6.s390x.rpm
perl-core-5.10.1-119.el6.s390x.rpm
perl-debuginfo-5.10.1-119.el6.s390.rpm
perl-debuginfo-5.10.1-119.el6.s390x.rpm
perl-devel-5.10.1-119.el6.s390.rpm
perl-devel-5.10.1-119.el6.s390x.rpm
perl-libs-5.10.1-119.el6.s390.rpm
perl-libs-5.10.1-119.el6.s390x.rpm
perl-parent-0.221-119.el6.s390x.rpm
perl-suidperl-5.10.1-119.el6.s390x.rpm
perl-version-0.77-119.el6.s390x.rpm

x86_64:
perl-5.10.1-119.el6.x86_64.rpm
perl-Archive-Extract-0.38-119.el6.x86_64.rpm
perl-Archive-Tar-1.58-119.el6.x86_64.rpm
perl-CGI-3.51-119.el6.x86_64.rpm
perl-CPAN-1.9402-119.el6.x86_64.rpm
perl-CPANPLUS-0.88-119.el6.x86_64.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm
perl-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-Digest-SHA-5.47-119.el6.x86_64.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm
perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm
perl-File-Fetch-0.26-119.el6.x86_64.rpm
perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm
perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-IO-Zlib-1.09-119.el6.x86_64.rpm
perl-IPC-Cmd-0.56-119.el6.x86_64.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm
perl-Log-Message-0.02-119.el6.x86_64.rpm
perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm
perl-Module-Build-0.3500-119.el6.x86_64.rpm
perl-Module-CoreList-2.18-119.el6.x86_64.rpm
perl-Module-Load-0.16-119.el6.x86_64.rpm
perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm
perl-Module-Loaded-0.02-119.el6.x86_64.rpm
perl-Module-Pluggable-3.90-119.el6.x86_64.rpm
perl-Object-Accessor-0.34-119.el6.x86_64.rpm
perl-Package-Constants-0.02-119.el6.x86_64.rpm
perl-Params-Check-0.26-119.el6.x86_64.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm
perl-Pod-Escapes-1.04-119.el6.x86_64.rpm
perl-Pod-Simple-3.13-119.el6.x86_64.rpm
perl-Term-UI-0.20-119.el6.x86_64.rpm
perl-Test-Harness-3.17-119.el6.x86_64.rpm
perl-Test-Simple-0.92-119.el6.x86_64.rpm
perl-Time-HiRes-1.9721-119.el6.x86_64.rpm
perl-Time-Piece-1.15-119.el6.x86_64.rpm
perl-core-5.10.1-119.el6.x86_64.rpm
perl-debuginfo-5.10.1-119.el6.i686.rpm
perl-debuginfo-5.10.1-119.el6.x86_64.rpm
perl-devel-5.10.1-119.el6.i686.rpm
perl-devel-5.10.1-119.el6.x86_64.rpm
perl-libs-5.10.1-119.el6.i686.rpm
perl-libs-5.10.1-119.el6.x86_64.rpm
perl-parent-0.221-119.el6.x86_64.rpm
perl-suidperl-5.10.1-119.el6.x86_64.rpm
perl-version-0.77-119.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm

i386:
perl-5.10.1-119.el6.i686.rpm
perl-Archive-Extract-0.38-119.el6.i686.rpm
perl-Archive-Tar-1.58-119.el6.i686.rpm
perl-CGI-3.51-119.el6.i686.rpm
perl-CPAN-1.9402-119.el6.i686.rpm
perl-CPANPLUS-0.88-119.el6.i686.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.i686.rpm
perl-Compress-Zlib-2.020-119.el6.i686.rpm
perl-Digest-SHA-5.47-119.el6.i686.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.i686.rpm
perl-ExtUtils-Embed-1.28-119.el6.i686.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.i686.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.i686.rpm
perl-File-Fetch-0.26-119.el6.i686.rpm
perl-IO-Compress-Base-2.020-119.el6.i686.rpm
perl-IO-Compress-Zlib-2.020-119.el6.i686.rpm
perl-IO-Zlib-1.09-119.el6.i686.rpm
perl-IPC-Cmd-0.56-119.el6.i686.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.i686.rpm
perl-Log-Message-0.02-119.el6.i686.rpm
perl-Log-Message-Simple-0.04-119.el6.i686.rpm
perl-Module-Build-0.3500-119.el6.i686.rpm
perl-Module-CoreList-2.18-119.el6.i686.rpm
perl-Module-Load-0.16-119.el6.i686.rpm
perl-Module-Load-Conditional-0.30-119.el6.i686.rpm
perl-Module-Loaded-0.02-119.el6.i686.rpm
perl-Module-Pluggable-3.90-119.el6.i686.rpm
perl-Object-Accessor-0.34-119.el6.i686.rpm
perl-Package-Constants-0.02-119.el6.i686.rpm
perl-Params-Check-0.26-119.el6.i686.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.i686.rpm
perl-Pod-Escapes-1.04-119.el6.i686.rpm
perl-Pod-Simple-3.13-119.el6.i686.rpm
perl-Term-UI-0.20-119.el6.i686.rpm
perl-Test-Harness-3.17-119.el6.i686.rpm
perl-Test-Simple-0.92-119.el6.i686.rpm
perl-Time-HiRes-1.9721-119.el6.i686.rpm
perl-Time-Piece-1.15-119.el6.i686.rpm
perl-core-5.10.1-119.el6.i686.rpm
perl-debuginfo-5.10.1-119.el6.i686.rpm
perl-devel-5.10.1-119.el6.i686.rpm
perl-libs-5.10.1-119.el6.i686.rpm
perl-parent-0.221-119.el6.i686.rpm
perl-suidperl-5.10.1-119.el6.i686.rpm
perl-version-0.77-119.el6.i686.rpm

x86_64:
perl-5.10.1-119.el6.x86_64.rpm
perl-Archive-Extract-0.38-119.el6.x86_64.rpm
perl-Archive-Tar-1.58-119.el6.x86_64.rpm
perl-CGI-3.51-119.el6.x86_64.rpm
perl-CPAN-1.9402-119.el6.x86_64.rpm
perl-CPANPLUS-0.88-119.el6.x86_64.rpm
perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm
perl-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-Digest-SHA-5.47-119.el6.x86_64.rpm
perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm
perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm
perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm
perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm
perl-File-Fetch-0.26-119.el6.x86_64.rpm
perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm
perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm
perl-IO-Zlib-1.09-119.el6.x86_64.rpm
perl-IPC-Cmd-0.56-119.el6.x86_64.rpm
perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm
perl-Log-Message-0.02-119.el6.x86_64.rpm
perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm
perl-Module-Build-0.3500-119.el6.x86_64.rpm
perl-Module-CoreList-2.18-119.el6.x86_64.rpm
perl-Module-Load-0.16-119.el6.x86_64.rpm
perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm
perl-Module-Loaded-0.02-119.el6.x86_64.rpm
perl-Module-Pluggable-3.90-119.el6.x86_64.rpm
perl-Object-Accessor-0.34-119.el6.x86_64.rpm
perl-Package-Constants-0.02-119.el6.x86_64.rpm
perl-Params-Check-0.26-119.el6.x86_64.rpm
perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm
perl-Pod-Escapes-1.04-119.el6.x86_64.rpm
perl-Pod-Simple-3.13-119.el6.x86_64.rpm
perl-Term-UI-0.20-119.el6.x86_64.rpm
perl-Test-Harness-3.17-119.el6.x86_64.rpm
perl-Test-Simple-0.92-119.el6.x86_64.rpm
perl-Time-HiRes-1.9721-119.el6.x86_64.rpm
perl-Time-Piece-1.15-119.el6.x86_64.rpm
perl-core-5.10.1-119.el6.x86_64.rpm
perl-debuginfo-5.10.1-119.el6.i686.rpm
perl-debuginfo-5.10.1-119.el6.x86_64.rpm
perl-devel-5.10.1-119.el6.i686.rpm
perl-devel-5.10.1-119.el6.x86_64.rpm
perl-libs-5.10.1-119.el6.i686.rpm
perl-libs-5.10.1-119.el6.x86_64.rpm
perl-parent-0.221-119.el6.x86_64.rpm
perl-suidperl-5.10.1-119.el6.x86_64.rpm
perl-version-0.77-119.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2761.html
https://www.redhat.com/security/data/cve/CVE-2010-4410.html
https://www.redhat.com/security/data/cve/CVE-2011-1487.html
https://access.redhat.com/security/updates/classification/#moderate
http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.51/Changes

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Qq8XlSAg2UNWIIRAnl5AJ9VtiEPh3HoqB6KLv092cgnr0SgwQCeO6d4
lynbKxajACsYHgRzieerq28=
=MXN1
-----END PGP SIGNATURE-----

[RHSA-2011:0779-01] Moderate: avahi security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: avahi security and bug fix update
Advisory ID: RHSA-2011:0779-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0779.html
Issue date: 2011-05-19
CVE Names: CVE-2011-1002
=====================================================================

1. Summary:

Updated avahi packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Avahi is an implementation of the DNS Service Discovery and Multicast DNS
specifications for Zero Configuration Networking. It facilitates service
discovery on a local network. Avahi and Avahi-aware applications allow you
to plug your computer into a network and, with no configuration, view other
people to chat with, view printers to print to, and find shared files on
other computers.

A flaw was found in the way the Avahi daemon (avahi-daemon) processed
Multicast DNS (mDNS) packets with an empty payload. An attacker on the
local network could use this flaw to cause avahi-daemon on a target system
to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002)

This update also fixes the following bug:

* Previously, the avahi packages in Red Hat Enterprise Linux 6 were not
compiled with standard RPM CFLAGS; therefore, the Stack Protector and
Fortify Source protections were not enabled, and the debuginfo packages did
not contain the information required for debugging. This update corrects
this issue by using proper CFLAGS when compiling the packages. (BZ#629954,
BZ#684276)

All users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues. After installing the update,
avahi-daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

667187 - CVE-2011-1002 avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)
684276 - [PATCH] avahi debuginfo useless

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

i386:
avahi-0.6.25-11.el6.i686.rpm
avahi-autoipd-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-glib-0.6.25-11.el6.i686.rpm
avahi-gobject-0.6.25-11.el6.i686.rpm
avahi-libs-0.6.25-11.el6.i686.rpm
avahi-tools-0.6.25-11.el6.i686.rpm
avahi-ui-0.6.25-11.el6.i686.rpm

x86_64:
avahi-0.6.25-11.el6.i686.rpm
avahi-0.6.25-11.el6.x86_64.rpm
avahi-autoipd-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-glib-0.6.25-11.el6.i686.rpm
avahi-glib-0.6.25-11.el6.x86_64.rpm
avahi-gobject-0.6.25-11.el6.x86_64.rpm
avahi-libs-0.6.25-11.el6.i686.rpm
avahi-libs-0.6.25-11.el6.x86_64.rpm
avahi-tools-0.6.25-11.el6.x86_64.rpm
avahi-ui-0.6.25-11.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

i386:
avahi-compat-howl-0.6.25-11.el6.i686.rpm
avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-devel-0.6.25-11.el6.i686.rpm
avahi-dnsconfd-0.6.25-11.el6.i686.rpm
avahi-glib-devel-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.i686.rpm
avahi-qt3-0.6.25-11.el6.i686.rpm
avahi-qt3-devel-0.6.25-11.el6.i686.rpm
avahi-qt4-0.6.25-11.el6.i686.rpm
avahi-qt4-devel-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.i686.rpm
avahi-ui-tools-0.6.25-11.el6.i686.rpm

x86_64:
avahi-compat-howl-0.6.25-11.el6.i686.rpm
avahi-compat-howl-0.6.25-11.el6.x86_64.rpm
avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm
avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-devel-0.6.25-11.el6.i686.rpm
avahi-devel-0.6.25-11.el6.x86_64.rpm
avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm
avahi-glib-devel-0.6.25-11.el6.i686.rpm
avahi-glib-devel-0.6.25-11.el6.x86_64.rpm
avahi-gobject-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt3-0.6.25-11.el6.i686.rpm
avahi-qt3-0.6.25-11.el6.x86_64.rpm
avahi-qt3-devel-0.6.25-11.el6.i686.rpm
avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt4-0.6.25-11.el6.i686.rpm
avahi-qt4-0.6.25-11.el6.x86_64.rpm
avahi-qt4-devel-0.6.25-11.el6.i686.rpm
avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-tools-0.6.25-11.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

x86_64:
avahi-0.6.25-11.el6.i686.rpm
avahi-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-libs-0.6.25-11.el6.i686.rpm
avahi-libs-0.6.25-11.el6.x86_64.rpm
avahi-tools-0.6.25-11.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

x86_64:
avahi-autoipd-0.6.25-11.el6.x86_64.rpm
avahi-compat-howl-0.6.25-11.el6.i686.rpm
avahi-compat-howl-0.6.25-11.el6.x86_64.rpm
avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm
avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-devel-0.6.25-11.el6.i686.rpm
avahi-devel-0.6.25-11.el6.x86_64.rpm
avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm
avahi-glib-0.6.25-11.el6.i686.rpm
avahi-glib-0.6.25-11.el6.x86_64.rpm
avahi-glib-devel-0.6.25-11.el6.i686.rpm
avahi-glib-devel-0.6.25-11.el6.x86_64.rpm
avahi-gobject-0.6.25-11.el6.i686.rpm
avahi-gobject-0.6.25-11.el6.x86_64.rpm
avahi-gobject-devel-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt3-0.6.25-11.el6.i686.rpm
avahi-qt3-0.6.25-11.el6.x86_64.rpm
avahi-qt3-devel-0.6.25-11.el6.i686.rpm
avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt4-0.6.25-11.el6.i686.rpm
avahi-qt4-0.6.25-11.el6.x86_64.rpm
avahi-qt4-devel-0.6.25-11.el6.i686.rpm
avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-0.6.25-11.el6.i686.rpm
avahi-ui-0.6.25-11.el6.x86_64.rpm
avahi-ui-devel-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-tools-0.6.25-11.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

i386:
avahi-0.6.25-11.el6.i686.rpm
avahi-autoipd-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-glib-0.6.25-11.el6.i686.rpm
avahi-gobject-0.6.25-11.el6.i686.rpm
avahi-libs-0.6.25-11.el6.i686.rpm
avahi-tools-0.6.25-11.el6.i686.rpm
avahi-ui-0.6.25-11.el6.i686.rpm

ppc64:
avahi-0.6.25-11.el6.ppc.rpm
avahi-0.6.25-11.el6.ppc64.rpm
avahi-autoipd-0.6.25-11.el6.ppc64.rpm
avahi-debuginfo-0.6.25-11.el6.ppc.rpm
avahi-debuginfo-0.6.25-11.el6.ppc64.rpm
avahi-glib-0.6.25-11.el6.ppc.rpm
avahi-glib-0.6.25-11.el6.ppc64.rpm
avahi-gobject-0.6.25-11.el6.ppc64.rpm
avahi-libs-0.6.25-11.el6.ppc.rpm
avahi-libs-0.6.25-11.el6.ppc64.rpm
avahi-tools-0.6.25-11.el6.ppc64.rpm
avahi-ui-0.6.25-11.el6.ppc64.rpm

s390x:
avahi-0.6.25-11.el6.s390.rpm
avahi-0.6.25-11.el6.s390x.rpm
avahi-autoipd-0.6.25-11.el6.s390x.rpm
avahi-debuginfo-0.6.25-11.el6.s390.rpm
avahi-debuginfo-0.6.25-11.el6.s390x.rpm
avahi-glib-0.6.25-11.el6.s390.rpm
avahi-glib-0.6.25-11.el6.s390x.rpm
avahi-gobject-0.6.25-11.el6.s390x.rpm
avahi-libs-0.6.25-11.el6.s390.rpm
avahi-libs-0.6.25-11.el6.s390x.rpm
avahi-tools-0.6.25-11.el6.s390x.rpm
avahi-ui-0.6.25-11.el6.s390x.rpm

x86_64:
avahi-0.6.25-11.el6.i686.rpm
avahi-0.6.25-11.el6.x86_64.rpm
avahi-autoipd-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-glib-0.6.25-11.el6.i686.rpm
avahi-glib-0.6.25-11.el6.x86_64.rpm
avahi-gobject-0.6.25-11.el6.x86_64.rpm
avahi-libs-0.6.25-11.el6.i686.rpm
avahi-libs-0.6.25-11.el6.x86_64.rpm
avahi-tools-0.6.25-11.el6.x86_64.rpm
avahi-ui-0.6.25-11.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

i386:
avahi-compat-howl-0.6.25-11.el6.i686.rpm
avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-devel-0.6.25-11.el6.i686.rpm
avahi-dnsconfd-0.6.25-11.el6.i686.rpm
avahi-glib-devel-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.i686.rpm
avahi-qt3-0.6.25-11.el6.i686.rpm
avahi-qt3-devel-0.6.25-11.el6.i686.rpm
avahi-qt4-0.6.25-11.el6.i686.rpm
avahi-qt4-devel-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.i686.rpm
avahi-ui-tools-0.6.25-11.el6.i686.rpm

ppc64:
avahi-compat-howl-0.6.25-11.el6.ppc.rpm
avahi-compat-howl-0.6.25-11.el6.ppc64.rpm
avahi-compat-howl-devel-0.6.25-11.el6.ppc.rpm
avahi-compat-howl-devel-0.6.25-11.el6.ppc64.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.ppc.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.ppc64.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.ppc.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.ppc64.rpm
avahi-debuginfo-0.6.25-11.el6.ppc.rpm
avahi-debuginfo-0.6.25-11.el6.ppc64.rpm
avahi-devel-0.6.25-11.el6.ppc.rpm
avahi-devel-0.6.25-11.el6.ppc64.rpm
avahi-dnsconfd-0.6.25-11.el6.ppc64.rpm
avahi-glib-devel-0.6.25-11.el6.ppc.rpm
avahi-glib-devel-0.6.25-11.el6.ppc64.rpm
avahi-gobject-0.6.25-11.el6.ppc.rpm
avahi-gobject-devel-0.6.25-11.el6.ppc.rpm
avahi-gobject-devel-0.6.25-11.el6.ppc64.rpm
avahi-qt3-0.6.25-11.el6.ppc.rpm
avahi-qt3-0.6.25-11.el6.ppc64.rpm
avahi-qt3-devel-0.6.25-11.el6.ppc.rpm
avahi-qt3-devel-0.6.25-11.el6.ppc64.rpm
avahi-qt4-0.6.25-11.el6.ppc.rpm
avahi-qt4-0.6.25-11.el6.ppc64.rpm
avahi-qt4-devel-0.6.25-11.el6.ppc.rpm
avahi-qt4-devel-0.6.25-11.el6.ppc64.rpm
avahi-ui-0.6.25-11.el6.ppc.rpm
avahi-ui-devel-0.6.25-11.el6.ppc.rpm
avahi-ui-devel-0.6.25-11.el6.ppc64.rpm
avahi-ui-tools-0.6.25-11.el6.ppc64.rpm

s390x:
avahi-compat-howl-0.6.25-11.el6.s390.rpm
avahi-compat-howl-0.6.25-11.el6.s390x.rpm
avahi-compat-howl-devel-0.6.25-11.el6.s390.rpm
avahi-compat-howl-devel-0.6.25-11.el6.s390x.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.s390.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.s390x.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.s390.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.s390x.rpm
avahi-debuginfo-0.6.25-11.el6.s390.rpm
avahi-debuginfo-0.6.25-11.el6.s390x.rpm
avahi-devel-0.6.25-11.el6.s390.rpm
avahi-devel-0.6.25-11.el6.s390x.rpm
avahi-dnsconfd-0.6.25-11.el6.s390x.rpm
avahi-glib-devel-0.6.25-11.el6.s390.rpm
avahi-glib-devel-0.6.25-11.el6.s390x.rpm
avahi-gobject-0.6.25-11.el6.s390.rpm
avahi-gobject-devel-0.6.25-11.el6.s390.rpm
avahi-gobject-devel-0.6.25-11.el6.s390x.rpm
avahi-qt3-0.6.25-11.el6.s390.rpm
avahi-qt3-0.6.25-11.el6.s390x.rpm
avahi-qt3-devel-0.6.25-11.el6.s390.rpm
avahi-qt3-devel-0.6.25-11.el6.s390x.rpm
avahi-qt4-0.6.25-11.el6.s390.rpm
avahi-qt4-0.6.25-11.el6.s390x.rpm
avahi-qt4-devel-0.6.25-11.el6.s390.rpm
avahi-qt4-devel-0.6.25-11.el6.s390x.rpm
avahi-ui-0.6.25-11.el6.s390.rpm
avahi-ui-devel-0.6.25-11.el6.s390.rpm
avahi-ui-devel-0.6.25-11.el6.s390x.rpm
avahi-ui-tools-0.6.25-11.el6.s390x.rpm

x86_64:
avahi-compat-howl-0.6.25-11.el6.i686.rpm
avahi-compat-howl-0.6.25-11.el6.x86_64.rpm
avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm
avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-devel-0.6.25-11.el6.i686.rpm
avahi-devel-0.6.25-11.el6.x86_64.rpm
avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm
avahi-glib-devel-0.6.25-11.el6.i686.rpm
avahi-glib-devel-0.6.25-11.el6.x86_64.rpm
avahi-gobject-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt3-0.6.25-11.el6.i686.rpm
avahi-qt3-0.6.25-11.el6.x86_64.rpm
avahi-qt3-devel-0.6.25-11.el6.i686.rpm
avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt4-0.6.25-11.el6.i686.rpm
avahi-qt4-0.6.25-11.el6.x86_64.rpm
avahi-qt4-devel-0.6.25-11.el6.i686.rpm
avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-tools-0.6.25-11.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

i386:
avahi-0.6.25-11.el6.i686.rpm
avahi-autoipd-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-glib-0.6.25-11.el6.i686.rpm
avahi-gobject-0.6.25-11.el6.i686.rpm
avahi-libs-0.6.25-11.el6.i686.rpm
avahi-tools-0.6.25-11.el6.i686.rpm
avahi-ui-0.6.25-11.el6.i686.rpm

x86_64:
avahi-0.6.25-11.el6.i686.rpm
avahi-0.6.25-11.el6.x86_64.rpm
avahi-autoipd-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-glib-0.6.25-11.el6.i686.rpm
avahi-glib-0.6.25-11.el6.x86_64.rpm
avahi-gobject-0.6.25-11.el6.x86_64.rpm
avahi-libs-0.6.25-11.el6.i686.rpm
avahi-libs-0.6.25-11.el6.x86_64.rpm
avahi-tools-0.6.25-11.el6.x86_64.rpm
avahi-ui-0.6.25-11.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm

i386:
avahi-compat-howl-0.6.25-11.el6.i686.rpm
avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-devel-0.6.25-11.el6.i686.rpm
avahi-dnsconfd-0.6.25-11.el6.i686.rpm
avahi-glib-devel-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.i686.rpm
avahi-qt3-0.6.25-11.el6.i686.rpm
avahi-qt3-devel-0.6.25-11.el6.i686.rpm
avahi-qt4-0.6.25-11.el6.i686.rpm
avahi-qt4-devel-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.i686.rpm
avahi-ui-tools-0.6.25-11.el6.i686.rpm

x86_64:
avahi-compat-howl-0.6.25-11.el6.i686.rpm
avahi-compat-howl-0.6.25-11.el6.x86_64.rpm
avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm
avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm
avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm
avahi-debuginfo-0.6.25-11.el6.i686.rpm
avahi-debuginfo-0.6.25-11.el6.x86_64.rpm
avahi-devel-0.6.25-11.el6.i686.rpm
avahi-devel-0.6.25-11.el6.x86_64.rpm
avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm
avahi-glib-devel-0.6.25-11.el6.i686.rpm
avahi-glib-devel-0.6.25-11.el6.x86_64.rpm
avahi-gobject-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.i686.rpm
avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt3-0.6.25-11.el6.i686.rpm
avahi-qt3-0.6.25-11.el6.x86_64.rpm
avahi-qt3-devel-0.6.25-11.el6.i686.rpm
avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm
avahi-qt4-0.6.25-11.el6.i686.rpm
avahi-qt4-0.6.25-11.el6.x86_64.rpm
avahi-qt4-devel-0.6.25-11.el6.i686.rpm
avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.i686.rpm
avahi-ui-devel-0.6.25-11.el6.x86_64.rpm
avahi-ui-tools-0.6.25-11.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1002.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Q6mXlSAg2UNWIIRAg49AJ92b8pfd94npJLWQJPsOdscfl9hAwCeJ2FX
L0YWgIMHNid3DSIXsAwkzYA=
=i1+X
-----END PGP SIGNATURE-----

[RHSA-2011:0677-01] Moderate: openssl security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: openssl security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0677-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0677.html
Issue date: 2011-05-19
CVE Names: CVE-2011-0014
=====================================================================

1. Summary:

Updated openssl packages that fix one security issue, two bugs, and add two
enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A buffer over-read flaw was discovered in the way OpenSSL parsed the
Certificate Status Request TLS extensions in ClientHello TLS handshake
messages. A remote attacker could possibly use this flaw to crash an SSL
server using the affected OpenSSL functionality. (CVE-2011-0014)

This update fixes the following bugs:

* The "openssl speed" command (which provides algorithm speed measurement)
failed when openssl was running in FIPS (Federal Information Processing
Standards) mode, even if testing of FIPS approved algorithms was requested.
FIPS mode disables ciphers and cryptographic hash algorithms that are not
approved by the NIST (National Institute of Standards and Technology)
standards. With this update, the "openssl speed" command no longer fails.
(BZ#619762)

* The "openssl pkcs12 -export" command failed to export a PKCS#12 file in
FIPS mode. The default algorithm for encrypting a certificate in the
PKCS#12 file was not FIPS approved and thus did not work. The command now
uses a FIPS approved algorithm by default in FIPS mode. (BZ#673453)

This update also adds the following enhancements:

* The "openssl s_server" command, which previously accepted connections
only over IPv4, now accepts connections over IPv6. (BZ#601612)

* For the purpose of allowing certain maintenance commands to be run (such
as "rsync"), an "OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW" environment variable
has been added. When a system is configured for FIPS mode and is in a
maintenance state, this newly added environment variable can be set to
allow software that requires the use of an MD5 cryptographic hash algorithm
to be run, even though the hash algorithm is not approved by the FIPS-140-2
standard. (BZ#673071)

Users of OpenSSL are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues and add these
enhancements. For the update to take effect, all services linked to the
OpenSSL library must be restarted, or the system rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

601612 - s_server doesn't listen for ipv6 connections
619762 - openssl speed cmd fails on FIPS enabled machine
676063 - CVE-2011-0014 openssl: OCSP stapling vulnerability

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

i386:
openssl-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.i686.rpm

x86_64:
openssl-1.0.0-10.el6.i686.rpm
openssl-1.0.0-10.el6.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

i386:
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-devel-1.0.0-10.el6.i686.rpm
openssl-perl-1.0.0-10.el6.i686.rpm
openssl-static-1.0.0-10.el6.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm
openssl-devel-1.0.0-10.el6.i686.rpm
openssl-devel-1.0.0-10.el6.x86_64.rpm
openssl-perl-1.0.0-10.el6.x86_64.rpm
openssl-static-1.0.0-10.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

x86_64:
openssl-1.0.0-10.el6.i686.rpm
openssl-1.0.0-10.el6.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm
openssl-devel-1.0.0-10.el6.i686.rpm
openssl-devel-1.0.0-10.el6.x86_64.rpm
openssl-perl-1.0.0-10.el6.x86_64.rpm
openssl-static-1.0.0-10.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

i386:
openssl-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-devel-1.0.0-10.el6.i686.rpm

ppc64:
openssl-1.0.0-10.el6.ppc.rpm
openssl-1.0.0-10.el6.ppc64.rpm
openssl-debuginfo-1.0.0-10.el6.ppc.rpm
openssl-debuginfo-1.0.0-10.el6.ppc64.rpm
openssl-devel-1.0.0-10.el6.ppc.rpm
openssl-devel-1.0.0-10.el6.ppc64.rpm

s390x:
openssl-1.0.0-10.el6.s390.rpm
openssl-1.0.0-10.el6.s390x.rpm
openssl-debuginfo-1.0.0-10.el6.s390.rpm
openssl-debuginfo-1.0.0-10.el6.s390x.rpm
openssl-devel-1.0.0-10.el6.s390.rpm
openssl-devel-1.0.0-10.el6.s390x.rpm

x86_64:
openssl-1.0.0-10.el6.i686.rpm
openssl-1.0.0-10.el6.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm
openssl-devel-1.0.0-10.el6.i686.rpm
openssl-devel-1.0.0-10.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

i386:
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-perl-1.0.0-10.el6.i686.rpm
openssl-static-1.0.0-10.el6.i686.rpm

ppc64:
openssl-debuginfo-1.0.0-10.el6.ppc64.rpm
openssl-perl-1.0.0-10.el6.ppc64.rpm
openssl-static-1.0.0-10.el6.ppc64.rpm

s390x:
openssl-debuginfo-1.0.0-10.el6.s390x.rpm
openssl-perl-1.0.0-10.el6.s390x.rpm
openssl-static-1.0.0-10.el6.s390x.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm
openssl-perl-1.0.0-10.el6.x86_64.rpm
openssl-static-1.0.0-10.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

i386:
openssl-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-devel-1.0.0-10.el6.i686.rpm

x86_64:
openssl-1.0.0-10.el6.i686.rpm
openssl-1.0.0-10.el6.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm
openssl-devel-1.0.0-10.el6.i686.rpm
openssl-devel-1.0.0-10.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm

i386:
openssl-debuginfo-1.0.0-10.el6.i686.rpm
openssl-perl-1.0.0-10.el6.i686.rpm
openssl-static-1.0.0-10.el6.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6.x86_64.rpm
openssl-perl-1.0.0-10.el6.x86_64.rpm
openssl-static-1.0.0-10.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0014.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Q5dXlSAg2UNWIIRAvGtAKCIXLWM3iaTbveCYs1au3kBa0Q3egCgtx4T
drM+YTZ/0+hAma8uIsMqsMo=
=x7Vd
-----END PGP SIGNATURE-----

[RHSA-2011:0568-01] Low: eclipse security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: eclipse security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0568-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0568.html
Issue date: 2011-05-19
CVE Names: CVE-2010-4647
=====================================================================

1. Summary:

Updated eclipse packages that fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

The Eclipse software development environment provides a set of tools for
C/C++ and Java development.

A cross-site scripting (XSS) flaw was found in the Eclipse Help Contents
web application. An attacker could use this flaw to perform a cross-site
scripting attack against victims by tricking them into visiting a
specially-crafted Eclipse Help URL. (CVE-2010-4647)

The following Eclipse packages have been upgraded to the versions found in
the official upstream Eclipse Helios SR1 release, providing a number of
bug fixes and enhancements over the previous versions:

* eclipse to 3.6.1. (BZ#656329)
* eclipse-cdt to 7.0.1. (BZ#656333)
* eclipse-birt to 2.6.0. (BZ#656391)
* eclipse-emf to 2.6.0. (BZ#656344)
* eclipse-gef to 3.6.1. (BZ#656347)
* eclipse-mylyn to 3.4.2. (BZ#656337)
* eclipse-rse to 3.2. (BZ#656338)
* eclipse-dtp to 1.8.1. (BZ#656397)
* eclipse-changelog to 2.7.0. (BZ#669499)
* eclipse-valgrind to 0.6.1. (BZ#669460)
* eclipse-callgraph to 0.6.1. (BZ#669462)
* eclipse-oprofile to 0.6.1. (BZ#670228)
* eclipse-linuxprofilingframework to 0.6.1. (BZ#669461)

In addition, the following updates were made to the dependencies of the
Eclipse packages above:

* icu4j to 4.2.1. (BZ#656342)
* sat4j to 2.2.0. (BZ#661842)
* objectweb-asm to 3.2. (BZ#664019)
* jetty-eclipse to 6.1.24. (BZ#661845)

This update includes numerous upstream bug fixes and enhancements, such as:

* The Eclipse IDE and Java Development Tools (JDT):

- - projects and folders can filter out resources in the workspace.
- - new virtual folder and linked files support.
- - the full set of UNIX file permissions is now supported.
- - addition of the stop button to cancel long-running wizard tasks.
- - Java editor now shows multiple quick-fixes via problem hover.
- - new support for running JUnit version 4 tests.
- - over 200 upstream bug fixes.

* The Eclipse C/C++ Development Tooling (CDT):

- - new Codan framework has been added for static code analysis.
- - refactoring improvements such as stored refactoring history.
- - compile and build errors now highlighted in the build console.
- - switch to the new DSF debugger framework.
- - new template view support.
- - over 600 upstream bug fixes.

This update also fixes the following bugs:

* Incorrect URIs for GNU Tools in the "Help Contents" window have been
fixed. (BZ#622713)

* The profiling of binaries did not work if an Eclipse project was not in
an Eclipse workspace. This update adds an automated test for external
project profiling, which corrects this issue. (BZ#622867)

* Running a C/C++ application in Eclipse successfully terminated, but
returned an I/O exception not related to the application itself in the
Error Log window. With this update, the exception is no longer returned.
(BZ#668890)

* The eclipse-mylyn package showed a "20100916-0100-e3x" qualifier. The
qualifier has been modified to "v20100902-0100-e3x" to match the upstream
version of eclipse-mylyn. (BZ#669819)

* Installing the eclipse-mylyn package failed and returned a "Resource
temporarily unavailable" error message due to a bug in the packaging. This
update fixes this bug and installation now works as expected. (BZ#673174)

* Building the eclipse-cdt package could fail due to an incorrect
interaction with the local file system. Interaction with the local file
system is now prevented and the build no longer fails. (BZ#678364)

* The libhover plug-in, provided by the eclipse-cdt package, used binary
data to search for hover topics. The data location was specified externally
as a URL which could cause an exception to occur on a system with no
Internet access. This update modifies the plug-in so that it pulls the
needed data from a local location. (BZ#679543)

Users of eclipse should upgrade to these updated packages, which correct
these issues and add these enhancements.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

622713 - Help Contents: Wrong URIs to GNU Tools
622867 - Profiling of binaries does not work if Eclipse project is NOT in Eclipse workspace
656329 - [eclipse] Re-base to Helios SR1
656333 - [eclipse-cdt] Re-base to Helios SR1(7.0.1)
656337 - [eclipse-mylyn] Re-base to Helios SR1(3.4.0)
656338 - [eclipse-rse] Re-base to Helios SR1(3.2.0)
656342 - Re-base icu4j to 4.2.1
656344 - [eclipse-emf] Re-base to Helios SR1(2.6.0)
656347 - [eclipse-gef] Re-base to Helios SR1(3.6.0)
656391 - Re-base eclipse-birt to Helios SR1(2.6.0)
656397 - [eclipse-dtp] Re-base to Helios SR1(1.8.0)
661842 - Re-base to sat4j 2.2.0
661845 - Re-base to jetty-eclipse 6.1.24
661901 - CVE-2010-4647 eclipse: Help Content web application vulnerable to multiple XSS
664019 - Re-base to objectweb-asm 3.2
668890 - Debug core logs spawner IO exception when running C/C++ executable
669460 - [eclipse-valgrind] Update to work with updated eclipse-birt
669461 - [eclipse-linuxprofilingframework] new version to allow updated eclipse-valgrind
669462 - [eclipse-callgraph] Updates to callgraph to work with newer GEF
669499 - [eclipse-changelog] Update eclipse-changelog plug-in
669819 - Update eclipse-mylyn qualifier to 20100916-0100-e3x
670228 - [eclipse-oprofile] Re-base to upstream 0.6.1 release
673174 - error: unpacking of archive failed: cpio: lstat failed - Resource temporarily unavailable
678364 - eclipse-cdt build touching local filesystem

6. Package List:

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-3.6.1-6.13.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-birt-2.6.0-1.1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-callgraph-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-changelog-2.7.0-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-dtp-1.8.1-1.1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-linuxprofilingframework-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-mylyn-3.4.2-9.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-oprofile-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-rse-3.2-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-valgrind-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/jetty-eclipse-6.1.24-2.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sat4j-2.2.0-4.0.el6.src.rpm

i386:
eclipse-birt-2.6.0-1.1.el6.i686.rpm
eclipse-callgraph-0.6.1-1.el6.i686.rpm
eclipse-cdt-7.0.1-4.el6.i686.rpm
eclipse-changelog-2.7.0-1.el6.i686.rpm
eclipse-debuginfo-3.6.1-6.13.el6.i686.rpm
eclipse-dtp-1.8.1-1.1.el6.i686.rpm
eclipse-emf-2.6.0-1.el6.i686.rpm
eclipse-gef-3.6.1-3.el6.i686.rpm
eclipse-jdt-3.6.1-6.13.el6.i686.rpm
eclipse-linuxprofilingframework-0.6.1-1.el6.i686.rpm
eclipse-mylyn-3.4.2-9.el6.i686.rpm
eclipse-mylyn-cdt-3.4.2-9.el6.i686.rpm
eclipse-mylyn-java-3.4.2-9.el6.i686.rpm
eclipse-mylyn-pde-3.4.2-9.el6.i686.rpm
eclipse-mylyn-trac-3.4.2-9.el6.i686.rpm
eclipse-mylyn-webtasks-3.4.2-9.el6.i686.rpm
eclipse-mylyn-wikitext-3.4.2-9.el6.i686.rpm
eclipse-oprofile-0.6.1-1.el6.i686.rpm
eclipse-oprofile-debuginfo-0.6.1-1.el6.i686.rpm
eclipse-pde-3.6.1-6.13.el6.i686.rpm
eclipse-platform-3.6.1-6.13.el6.i686.rpm
eclipse-rcp-3.6.1-6.13.el6.i686.rpm
eclipse-rse-3.2-1.el6.i686.rpm
eclipse-swt-3.6.1-6.13.el6.i686.rpm
eclipse-valgrind-0.6.1-1.el6.i686.rpm
icu4j-eclipse-4.2.1-5.el6.i686.rpm

noarch:
jetty-eclipse-6.1.24-2.el6.noarch.rpm
objectweb-asm-3.2-2.1.el6.noarch.rpm
sat4j-2.2.0-4.0.el6.noarch.rpm

x86_64:
eclipse-birt-2.6.0-1.1.el6.x86_64.rpm
eclipse-callgraph-0.6.1-1.el6.x86_64.rpm
eclipse-cdt-7.0.1-4.el6.x86_64.rpm
eclipse-changelog-2.7.0-1.el6.x86_64.rpm
eclipse-debuginfo-3.6.1-6.13.el6.x86_64.rpm
eclipse-dtp-1.8.1-1.1.el6.x86_64.rpm
eclipse-emf-2.6.0-1.el6.x86_64.rpm
eclipse-gef-3.6.1-3.el6.x86_64.rpm
eclipse-jdt-3.6.1-6.13.el6.x86_64.rpm
eclipse-linuxprofilingframework-0.6.1-1.el6.x86_64.rpm
eclipse-mylyn-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-cdt-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-java-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-pde-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-trac-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-webtasks-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-wikitext-3.4.2-9.el6.x86_64.rpm
eclipse-oprofile-0.6.1-1.el6.x86_64.rpm
eclipse-oprofile-debuginfo-0.6.1-1.el6.x86_64.rpm
eclipse-pde-3.6.1-6.13.el6.x86_64.rpm
eclipse-platform-3.6.1-6.13.el6.x86_64.rpm
eclipse-rcp-3.6.1-6.13.el6.x86_64.rpm
eclipse-rse-3.2-1.el6.x86_64.rpm
eclipse-swt-3.6.1-6.13.el6.x86_64.rpm
eclipse-valgrind-0.6.1-1.el6.x86_64.rpm
icu4j-eclipse-4.2.1-5.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm

i386:
eclipse-cdt-parsers-7.0.1-4.el6.i686.rpm
eclipse-cdt-sdk-7.0.1-4.el6.i686.rpm
eclipse-emf-examples-2.6.0-1.el6.i686.rpm
eclipse-emf-sdk-2.6.0-1.el6.i686.rpm
eclipse-emf-xsd-2.6.0-1.el6.i686.rpm
eclipse-emf-xsd-sdk-2.6.0-1.el6.i686.rpm
eclipse-gef-examples-3.6.1-3.el6.i686.rpm
eclipse-gef-sdk-3.6.1-3.el6.i686.rpm
icu4j-4.2.1-5.el6.i686.rpm
icu4j-javadoc-4.2.1-5.el6.i686.rpm

noarch:
objectweb-asm-javadoc-3.2-2.1.el6.noarch.rpm

x86_64:
eclipse-cdt-parsers-7.0.1-4.el6.x86_64.rpm
eclipse-cdt-sdk-7.0.1-4.el6.x86_64.rpm
eclipse-emf-examples-2.6.0-1.el6.x86_64.rpm
eclipse-emf-sdk-2.6.0-1.el6.x86_64.rpm
eclipse-emf-xsd-2.6.0-1.el6.x86_64.rpm
eclipse-emf-xsd-sdk-2.6.0-1.el6.x86_64.rpm
eclipse-gef-examples-3.6.1-3.el6.x86_64.rpm
eclipse-gef-sdk-3.6.1-3.el6.x86_64.rpm
icu4j-4.2.1-5.el6.x86_64.rpm
icu4j-javadoc-4.2.1-5.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-3.6.1-6.13.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-birt-2.6.0-1.1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-callgraph-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-changelog-2.7.0-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-dtp-1.8.1-1.1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-linuxprofilingframework-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-mylyn-3.4.2-9.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-oprofile-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-rse-3.2-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-valgrind-0.6.1-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/jetty-eclipse-6.1.24-2.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sat4j-2.2.0-4.0.el6.src.rpm

i386:
eclipse-birt-2.6.0-1.1.el6.i686.rpm
eclipse-callgraph-0.6.1-1.el6.i686.rpm
eclipse-cdt-7.0.1-4.el6.i686.rpm
eclipse-changelog-2.7.0-1.el6.i686.rpm
eclipse-debuginfo-3.6.1-6.13.el6.i686.rpm
eclipse-dtp-1.8.1-1.1.el6.i686.rpm
eclipse-emf-2.6.0-1.el6.i686.rpm
eclipse-gef-3.6.1-3.el6.i686.rpm
eclipse-jdt-3.6.1-6.13.el6.i686.rpm
eclipse-linuxprofilingframework-0.6.1-1.el6.i686.rpm
eclipse-mylyn-3.4.2-9.el6.i686.rpm
eclipse-mylyn-cdt-3.4.2-9.el6.i686.rpm
eclipse-mylyn-java-3.4.2-9.el6.i686.rpm
eclipse-mylyn-pde-3.4.2-9.el6.i686.rpm
eclipse-mylyn-trac-3.4.2-9.el6.i686.rpm
eclipse-mylyn-webtasks-3.4.2-9.el6.i686.rpm
eclipse-mylyn-wikitext-3.4.2-9.el6.i686.rpm
eclipse-oprofile-0.6.1-1.el6.i686.rpm
eclipse-oprofile-debuginfo-0.6.1-1.el6.i686.rpm
eclipse-pde-3.6.1-6.13.el6.i686.rpm
eclipse-platform-3.6.1-6.13.el6.i686.rpm
eclipse-rcp-3.6.1-6.13.el6.i686.rpm
eclipse-rse-3.2-1.el6.i686.rpm
eclipse-swt-3.6.1-6.13.el6.i686.rpm
eclipse-valgrind-0.6.1-1.el6.i686.rpm
icu4j-eclipse-4.2.1-5.el6.i686.rpm

noarch:
jetty-eclipse-6.1.24-2.el6.noarch.rpm
objectweb-asm-3.2-2.1.el6.noarch.rpm
sat4j-2.2.0-4.0.el6.noarch.rpm

x86_64:
eclipse-birt-2.6.0-1.1.el6.x86_64.rpm
eclipse-callgraph-0.6.1-1.el6.x86_64.rpm
eclipse-cdt-7.0.1-4.el6.x86_64.rpm
eclipse-changelog-2.7.0-1.el6.x86_64.rpm
eclipse-debuginfo-3.6.1-6.13.el6.x86_64.rpm
eclipse-dtp-1.8.1-1.1.el6.x86_64.rpm
eclipse-emf-2.6.0-1.el6.x86_64.rpm
eclipse-gef-3.6.1-3.el6.x86_64.rpm
eclipse-jdt-3.6.1-6.13.el6.x86_64.rpm
eclipse-linuxprofilingframework-0.6.1-1.el6.x86_64.rpm
eclipse-mylyn-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-cdt-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-java-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-pde-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-trac-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-webtasks-3.4.2-9.el6.x86_64.rpm
eclipse-mylyn-wikitext-3.4.2-9.el6.x86_64.rpm
eclipse-oprofile-0.6.1-1.el6.x86_64.rpm
eclipse-oprofile-debuginfo-0.6.1-1.el6.x86_64.rpm
eclipse-pde-3.6.1-6.13.el6.x86_64.rpm
eclipse-platform-3.6.1-6.13.el6.x86_64.rpm
eclipse-rcp-3.6.1-6.13.el6.x86_64.rpm
eclipse-rse-3.2-1.el6.x86_64.rpm
eclipse-swt-3.6.1-6.13.el6.x86_64.rpm
eclipse-valgrind-0.6.1-1.el6.x86_64.rpm
icu4j-eclipse-4.2.1-5.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm

i386:
eclipse-cdt-parsers-7.0.1-4.el6.i686.rpm
eclipse-cdt-sdk-7.0.1-4.el6.i686.rpm
eclipse-emf-examples-2.6.0-1.el6.i686.rpm
eclipse-emf-sdk-2.6.0-1.el6.i686.rpm
eclipse-emf-xsd-2.6.0-1.el6.i686.rpm
eclipse-emf-xsd-sdk-2.6.0-1.el6.i686.rpm
eclipse-gef-examples-3.6.1-3.el6.i686.rpm
eclipse-gef-sdk-3.6.1-3.el6.i686.rpm
icu4j-4.2.1-5.el6.i686.rpm
icu4j-javadoc-4.2.1-5.el6.i686.rpm

noarch:
objectweb-asm-javadoc-3.2-2.1.el6.noarch.rpm

x86_64:
eclipse-cdt-parsers-7.0.1-4.el6.x86_64.rpm
eclipse-cdt-sdk-7.0.1-4.el6.x86_64.rpm
eclipse-emf-examples-2.6.0-1.el6.x86_64.rpm
eclipse-emf-sdk-2.6.0-1.el6.x86_64.rpm
eclipse-emf-xsd-2.6.0-1.el6.x86_64.rpm
eclipse-emf-xsd-sdk-2.6.0-1.el6.x86_64.rpm
eclipse-gef-examples-3.6.1-3.el6.x86_64.rpm
eclipse-gef-sdk-3.6.1-3.el6.x86_64.rpm
icu4j-4.2.1-5.el6.x86_64.rpm
icu4j-javadoc-4.2.1-5.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4647.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Qs1XlSAg2UNWIIRAjEDAJ0aIDI/bkHdgtqTllPColMoPxJeHwCfSRck
JxlAVx058J8LJeUA5whe5A8=
=WbiO
-----END PGP SIGNATURE-----

[RHSA-2011:0542-01] Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update
Advisory ID: RHSA-2011:0542-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0542.html
Issue date: 2011-05-19
CVE Names: CVE-2010-4251 CVE-2011-0999 CVE-2011-1010
CVE-2011-1023 CVE-2011-1082 CVE-2011-1090
CVE-2011-1163 CVE-2011-1170 CVE-2011-1171
CVE-2011-1172 CVE-2011-1494 CVE-2011-1495
CVE-2011-1581
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues, address several
hundred bugs and add numerous enhancements are now available as part of the
ongoing support and maintenance of Red Hat Enterprise Linux version 6. This
is the first regular update.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* Multiple buffer overflow flaws were found in the Linux kernel's
Management Module Support for Message Passing Technology (MPT) based
controllers. A local, unprivileged user could use these flaws to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)

* A flaw was found in the Linux kernel's Ethernet bonding driver
implementation. Packets coming in from network devices that have more
than 16 receive queues to a bonding interface could cause a denial of
service. (CVE-2011-1581, Important)

* A flaw was found in the Linux kernel's networking subsystem. If the
number of packets received exceeded the receiver's buffer limit, they were
queued in a backlog, consuming memory, instead of being discarded. A remote
attacker could abuse this flaw to cause a denial of service (out-of-memory
condition). (CVE-2010-4251, Moderate)

* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)
implementation. A local, unprivileged user could abuse this flaw to allow
the user stack (when it is using huge pages) to grow and cause a denial of
service. (CVE-2011-0999, Moderate)

* A flaw was found in the transmit methods (xmit) for the loopback and
InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS)
implementation. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2011-1023, Moderate)

* A flaw in the Linux kernel's Event Poll (epoll) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-1082, Moderate)

* An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)

* A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created
on Mac OS operating systems. A local attacker could use this flaw to cause
a denial of service by mounting a disk that contains specially-crafted
partitions. (CVE-2011-1010, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Timo Warns for
reporting CVE-2011-1010 and CVE-2011-1163; and Vasiliy Kulikov for
reporting CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172.

This update also fixes several hundred bugs and adds enhancements. Refer to
the Red Hat Enterprise Linux 6.1 Release Notes for information on the most
significant of these changes, and the Technical Notes for further
information, both linked to in the References.

All Red Hat Enterprise Linux 6 users are advised to install these updated
packages, which correct these issues, and fix the bugs and add the
enhancements noted in the Red Hat Enterprise Linux 6.1 Release Notes and
Technical Notes. The system must be rebooted for this update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

463842 - [LTC 6.0 FEAT] 201227:NFS over RDMA support
519467 - new ext4 ioctls, tunables etc undocumented
550724 - xen PV guest kernel 2.6.32 processes lock up in D state
583064 - Virtio Net/Disk block devices get wrong parent in node device info
588638 - [abrt] crash in kernel: Your BIOS is broken; DMAR reported at address fed90000 returns all ones!
590404 - Garbled image with zc3xx-based webcam
591335 - IPv6 tproxy support is not present in RHEL 6 Beta
591466 - [abrt] WARNING: at fs/buffer.c:1159 mark_buffer_dirty+0x82/0xa0()
593766 - ACPI Error: Illegal I/O port address/length above 64K
597333 - CDTRDSR missing from
601849 - bonding: backport code to allow user-controlled output slave detection.
607262 - Read from /proc/xen/xenbus does not honor O_NONBLOCK
610237 - [6u0] Bonding in ALB mode sends ARP in loop
612436 - udevd report unexpected exit when guest boot up with nmi_watchdog = 1 and using debugfs tracing KVM (AMD)
616105 - problems with 64b division on 32b platforms.
616296 - guest kernel panic when boot with nmi_watchdog=1
616660 - mrg buffers: migration breaks between systems with/without vhost
617199 - make exclusively owned pages belong to the local anon_vma on swapin
618175 - cifs: NT_STATUS_MEDIA_WRITE_PROTECTED not being mapped appropriately to POSIX error
618440 - jbd2/ocfs2: Fix block checksumming when a buffer is used in several transactions
618602 - core_pattern handler truncates parameters
619426 - RHEL UV: kernel patch for kexec
619430 - Intel HDA audio: popping/clicking sound distortion
619455 - Host kernel oops after a series of virsh {attach,detach}-device
621103 - backport wireless 2.6.32-longterm fixes
622575 - networking may go away after migration due to missing arp update
623199 - Bonded and vlan tagged network does not work in KVM guest
623201 - [RHEL6][Kernel] BUG: spinlock wrong CPU on CPU#2, modprobe/713 (Not tainted)
623968 - K10 temp support in lm_sensors
624069 - Upgrading NFS client to 2.6.36 release.
624628 - read from virtio-serial returns if the host side is not connect to pipe
625173 - [RHEL6][Kernel] FATAL: Error inserting ipv6, Cannot allocate memory, causes panic
626561 - GFS2: [RFE] fallocate support for GFS2
626989 - block IO controller: Pull in Group idle tunable patches from upstream
627926 - [RHEL6.0] e1000e devices fail to initialize interrupts properly
627958 - be2net: A bad assert in processing async messages from NIC
628805 - Fix hot-unplug handling of virtio-console ports
629178 - kernel: Problem with execve(2) reintroduced [rhel-6.1]
629197 - i8259 state is corrupted during migration
629418 - modpost segmentation fault
629423 - module signing failing on cross-builds due to linker misuse
629629 - groups_search() cannot handle large gid correctly
629715 - kernel ABI whitelist request for kspice-usb driver [Red Hat]
629920 - GFS1 vs GFS2 performance issue
630562 - kernel: additional stack guard patches [rhel-6.1]
631833 - Big performance regression found on connect/request/response test through IPSEC (openswan) transport
632021 - Cannot unplug emulated ide and rtl8139 devices in RHEL6 HVM xen guest
632631 - block: fix s390 tape block driver crash that occurs when it switches the IO scheduler
632745 - [6.1 FEAT] KVM Network Performance: mergeable rx buffers support in vhost-net
633825 - kswapd0 100%
634100 - migrate_cancel under STRESS caused guest to hang
634232 - PATCH: virtio_console: Fix poll blocking even though there is data to read
634303 - audit filtering on selinux label of userspace audit messages
634316 - tg3: Disable TSS
635041 - GFS2: inode glock stuck without holder
635535 - Disallow 0-sized writes to virtio ports to go through to host (leading to VM crash)
635537 - Disable lseek(2) for virtio ports
635539 - WinXP BSOD when boot up with -cpu Penryn
635853 - ptrace: the tracee can get the extra trap after PTRACE_DETACH
636291 - [LSI 6.1 bug] RHEL 6.0 iSCSI offload (cxgb3i) sessions do not log back in after several controller reset cycles [LSI CR184419]
636906 - 32bit compat vectored aio routines are broken
636994 - [NetApp 6.1 bug] SCSI ALUA handler fails to handle ALUA transitioning properly
637278 - Bug fixes to the 2.6.36 NFS Client
637279 - Bug fixes to the 2.6.36 NFS Server
637972 - GFS2: Not enough space reserved in gfs2_write_begin and possibly elsewhere.
638133 - Panic when inserting tcrypt in fips mode
638176 - Replies to broadcast SNMP and NetBIOS queries are dropped
638269 - NFS4 clients cannot reclaim locks after server reboot
638657 - GFS2 fatal: filesystem consistency error on rename
639815 - Ensure we detect removed symbols in check-kabi
640690 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover
641315 - Backport upstream cacheing fix for optimizing reads from /proc/vmcore
642206 - /proc/bus/usb/devices formatting error
643236 - iscsi: get nopout and conn errors.
643237 - [NetApp 6.1 bug] regression: allow offlined devs to be set to running
643290 - sysctl: bad user of proc_doulongvec_minmax() can oops the kernel
643750 - virtio_console driver never returns from selecting for write when the queue is full
643751 - writing to a virtio serial port while no one is listening on the host side hangs the guest
644903 - Kernel divide by zero in find_busiest_group
644987 - Enable extraction of hugepage pfn(s) from /proc//pagemap
645287 - [PATCH] fix size checks for mmap() on /proc/bus/pci files
645793 - Backport support for TCP thin-streams
645800 - Expose hw packet timestamps to network packet capture utilities - backport from 2.6.36
645824 - ext4: Don't error out the fs if the user tries to make a file too big
645898 - [6.1 FEAT] Port KVM bug fixes for cr_access to RHEL 6
646223 - cifs: multiuser mount support
646369 - [kvm] VIRT-IO NIC state is reported as 'unknown' on vm running over RHEL6 host
646384 - kernel BUG at mm/migrate.c:113!
646498 - [6.0] write system call returns with 0 when it should return with EFBIG.
646505 - Kernel warning at boot: i7core_edac: probe of 0000:80:14.0 failed with error -22
647334 - Allow KSM to split hugepages
647367 - kvm: guest stale memory after migration
647440 - install_process_keyring() may return wrong error code
648632 - ext4: writeback performance fixes
649248 - ethtool: Provide a default implementation of ethtool_ops::get_drvinfo
651005 - Excessive fpu swap entering and exiting kvm from host userspace
651021 - Enable discard/UNMAP/WRITE_SAME for enterprise class arrays
651332 - RHEL6.1: EHCI: AMD periodic frame list table quirk
651373 - NULL pointer dereference in reading vs. truncating race
651584 - GFS2: BUG_ON kernel panic in gfs2_glock_hold on 2.6.18-226
651639 - On AMD host, running an F14 guest with 2 cores assigned hangs for "a long time" (several 10's of minutes) at start of boot
651865 - cifs: bug fixes for 6.1
651878 - cifs: mfsymlinks support
652013 - If EXT4_EXTENTS_FL flag is not set, the max file size of write() is different than seek().
652371 - temporary loss of path to SAN results in persistent EIO with msync
653066 - Upgrading NFS client to 2.6.37 release
653068 - Upgrading NFS server to 2.6.37 release
653245 - kernel: restrict unprivileged access to kernel syslog [rhel-6.1]
654532 - Guest BSOD during installation
654665 - EFI/UEFI page table initialization is incorrect for x86_64 in physical mode.
655231 - kernel 2.6.32-84.el6 breaks systemtap
655521 - e1000 driver tracebacks when running under VMware ESX4
655718 - Win2008 and Win7 fail to load files at the beginning of installation
655875 - jbd2_stats_proc_init has wrong location.
655889 - kabitool blocks custom kernel builds when kernel version > 2.6.18-53.1.21.el5
655935 - [Emulex 6.1] Update lpfc driver to 8.3.5.28
656042 - [RFE] Include autogroup patch to aid in automatic creation of cgroups
656461 - cifs: fix problems with filehandle management and reporting of writeback errors
656835 - Memory leak in virtio-console driver if driver probe routine fails
656939 - GFS2: [RFE] glock scalability patches
657261 - Guest kernels need 'noapic' to get kexec working with virtio-blk
657303 - CVE-2010-4251 kernel: unlimited socket backlog DoS
657553 - [xfstests 243] ext4 incosistency with EOFBLOCK_FL
658248 - [Emulex 6.1 feat] add BSG and FC Transport patches from Upstream
658437 - guest kernel panic when transfering file from host to guest during migration
658482 - block IO controller: Allow creation of cgroup hierarchies
658518 - neighbour update causes an Oops when using tunnel device
658590 - GFS2: Use 512 B block sizes to communicate with userland quota tools
659119 - khugepaged numa memcg minor memleak
659137 - GFS2: Kernel changes necessary to allow growing completely full filesystems.
659480 - UV: WAR for interrupt-IOPort deadlock
660674 - (Mellanox) Add CX3 PCI IDs to mlx4 driver
660680 - iw_cxgb3 advertises incorrect max cq depth causing stalls on large MPI clusters
661048 - fsck.gfs2 reported statfs error after gfs2_grow
661172 - MCP55 message on screen at boot even with quiet
662125 - lldpad is generating selinux errors on 6.0-RC-4.
662589 - nfs4 callback from client returned to wrong address
662660 - OS halt on the login screen
662782 - Bug fixes to the 2.6.37 NFS Client
663042 - gfs2 FIEMAP oops
663119 - [Emulex 6.1 feat] Update lpfc driver to 8.3.5.30
663222 - [Cisco 6.1 bug] Fix memory leak in fnic and bump version to 1.5.0.1
663280 - Update drivers/media to 2.6.38 codebase
663448 - Bug fixes to the 2.6.37 NFS Server
663538 - Add AES to CPUID ext_features recognized by kvm..
663749 - Btrfs: update to latest upstream
663755 - RHEL6 Xen domU freeze after migrate to lower (MHz) CPU
663864 - kernel: restrict access to /proc/kcore to just elf headers [rhel-6.1]
663994 - kernels don't build on make-3.82
664364 - [6.0] System reset when changing EFI variable on large memory system
664772 - THP updates from -mm
665110 - System panic in pskb_expand_head When arp_validate option is specified in bonding ARP monitor mode
665169 - kexec: limit root to call kexec_load()
665360 - vhost-net/kvm lacks fixes/optimizations in net-next as of Dec 23
665970 - KVM crashes inside SeaBIOS when attempting to boot MS-DOS
666264 - ftrace: kernel/trace/ring_buffer.c:1987 rb_reserve_next_event
667186 - Add upstream performance enhancement to reduce time page fault handler holds mmap_sem semaphore.
667281 - Bug for patches outside AGP/DRM required for AGP/DRM backport.
667328 - lib: fix vscnprintf() if @size is == 0
667340 - kexec: Make sure to stop all CPUs before exiting the kernel
667354 - PV cdrom should be disabled on HVM guests
667356 - xen: unplug the emulated devices at resume time
667359 - forward port xen pvops changes for evtchn
667361 - xenfs: enable for HVM domains too
667654 - cifs.upcall not called when mounting second CIFS share from same server using different krb5 credentials
667661 - [NetApp 6.1 Bug] Include new NetApp PID entry to the alua_dev_list array in the ALUA hardware handler
667686 - update Documentation/vm/page-types.c to latest upstream
668114 - fcoe fails to login with Cisco Eaglehawk switch firmware on VFC shut/no shut
668340 - NUMA is not recognized for nec-em25.rhts.eng.bos.redhat.com
668478 - PCI sysfs rom file needs owner write access
668825 - Server cannot boot with kernel-2.6.32-85
668915 - setfacl does not update ctime when changing file permission on ext3/4
669252 - [XEN]RHEL6 guest fail to save/restore
669272 - xfs: need upstream unaligned aio/dio data corruption fixes
669373 - ath9k: inconsistent lock state
669418 - khugepaged blocking on page locks
669737 - net: add receive functions that return GRO result codes
669749 - netif_vdbg() is broken, does not compile if VERBOSE_DEBUG is not defined
669773 - disable NUMA for Xen PV guests
669787 - Additional upstream functions that make backporting easier
669813 - [Broadcom 6.1 feat] bnx2: Update firmware to 6.2.1+
669877 - GFS2: Blocks not marked free on delete
670063 - pages stuck in ksm pages_volatile
670572 - [NetApp 6.0 Bug] Erroneous TPG ID check in SCSI ALUA Handler
670734 - kernel panic at __rpc_create_common() when mounting nfs
670907 - [RHEL6.1][Kernel] BUG: unable to handle kernel NULL pointer dereference, IP: [] get_rps_cpu+0x290/0x340
671147 - xen 64-bit PV guests fail to save-restore with kernels >= -95
671161 - xen microcode WARN on save-restore
671267 - GFS2: allow gfs2 to update quota usage through quotactl
671477 - [RHEL6.1] possible vmalloc_sync_all() bug
672234 - add POLLPRI to sock_def_readable()
672305 - Repeatable NFS mount hang
672600 - GFS2: recovery stuck on transaction lock
672844 - section mismatch due to wrong annotation of hugetlb_sysfs_add_hstate()
672937 - backport set_iounmap_nonlazy() to speedup reading of /proc/vmcore
673496 - DOMU-HVM FULLVIRT Guest issue
673532 - sfc: the rss_cpus module parameter is ignored
674064 - [RHEL6] panic in scsi_init_io() during connectathon
674147 - SPECsfs NFS V3 workload on RHEL6 running kernels 2.6.32-85 have a massive performance regression due to compact-kswap behavior
674286 - mmapping a read only file on a gfs2 filesystem incorrectly acquires an exclusive glock
674409 - usb: latest xhci fixes
675102 - kernel-headers 2.6.32-112.el6 broken
675270 - GFS2: Fails to clear glocks during unmount
675294 - [RHEL6.1] s/390x hang while running LTP test
675299 - 'tail -f' waits forever for inotify
675304 - Fix potential deadlock in intel-iommu
675745 - GFS2: panics on quotacheck update
675815 - Back port Bug fixes from the 2.6.38 NFS Client to the RHEL6 Client
675998 - /dev/crash does not require CAP_SYS_RAWIO for access
676009 - xen fix save/restore: unmask event channel for IRQF_TIMER
676099 - ip_gre module throws slab corruption errors upon removal from the kernel
676134 - [Cisco 6.1 Bug Fix] enic: Update enic driver to latest upstream version 2.1.1.10
676346 - drivers/xen/events.c clean up section mismatch warning
676579 - virtio_net: missing schedule on oom
676875 - ixgbe: update to 3.0.12-k2 causing a panic on boot
676948 - [RFE][6.1] sched: Try not to migrate higher priority RT tasks
677314 - system_reset cause KVM internal error. Suberror: 2
677532 - [kdump] WARNING: at kernel/watchdog.c:229 watchdog_overflow_callback+0xa9/0xd0() (Not tainted
677786 - Panic in get_rps_cpu+0x1ad/0x320 on kvm guest when attempting to run LTP containers test.
678067 - qeth: allow channel path changes in recovery
678209 - CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the user stack
678357 - online disk resizing may cause data corruption
678429 - [RHEL6.1] [Kernel] When booting previous kernel we are missing the firmware
679002 - Wifi connection speed is very slow (intel PRO/Wireless 3945ABG), caused by plcp check
679021 - semantic difference between mapped file counters of memcg and global VM
679025 - memcg: upstream backport of various race condition fixes
679096 - md: Do not replace request queue lock internally
679282 - CVE-2011-1010 kernel: fs/partitions: Validate map_count in Mac partition tables
679514 - qeth: remove needless IPA-commands in offline
680105 - [ext4/xfstests] kernel BUG at fs/jbd2/transaction.c:1027!
680126 - kernel: BUG: warning at drivers/char/tty_audit.c:55/tty_audit_buf_free()
680140 - emc_clariion error handler panics with multiple failures
680345 - CVE-2011-1023 kernel: BUG_ON() in rds_send_xmit()
681017 - 82576 stuck after PCI AER error
681133 - RHEL 5.6 32bit SMP guest hang at boot up
681306 - tape: deadlock on global work queue
681360 - block IO controller: Do not use kblockd workqueue for throttle work
681439 - [ext4/xfstests] 133 task blocked for more than 120 seconds
681575 - CVE-2011-1082 kernel: potential kernel deadlock when creating circular epoll file structures
682110 - kdump dont't work on megaraid_sas
682265 - [RHEL 6] libsas: flush initial device discovery before completing ->scan_finished()
682641 - CVE-2011-1090 kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
682726 - fix skb leak in iwlwifi
682742 - iwlagn: Support new 5000 microcode
682831 - Bad ext4 sync performance on 16 TB GPT partition
682951 - GFS2: umount stuck on gfs2_gl_hash_clear
683073 - page_referenced() sometime ignores young bits with THP
684008 - pE for /sbin/init has special logic that makes it unboundable
684705 - missed unlock_page() in gfs2_write_begin()
684719 - Windows guests hang when rebooting with kernel-2.6.32-121.el6
684816 - occasional NVS 3100 X server lockups
684957 - RHEL6.1-Alpha: kABI breakage on UV
685161 - memcg: premature oom-kill with transparent huge pages
687918 - thp+memcg-numa: fix BUG at include/linux/mm.h:370!
687921 - nfsv4 server leaking struct file on every lock operation
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
688547 - RHEL6.1-20110316.1 dell-pe2800 NMI received for unknown reason
689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace
689551 - cfq-iosched: Fix a potential crash upon frequent group weight change
689566 - mark drivers as tech preview
690224 - Veritas SF 5.1 disagrees about version of symbol aio_complete
690754 - NFS4 with sec=krb5 does not work with 6.1 beta
690865 - kernel BUG at drivers/gpu/drm/i915/i915_gem.c:4238!
690900 - slab corruption after seeing some nfs-related BUG: warning
690921 - Fix compaction deadlock with SLUB and loop over tmpfs
691339 - RHEL6.1 HVM guest with hda+hdc or hdb+hdd crashes; plus hdb/hdd are mapped incorrectly to xvde
692515 - sha512hmac expects different checksum, fails on PPC64
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows
695585 - [regression] fix be2iscsi rmmod
696029 - CVE-2011-1581 kernel: bonding: Incorrect TX queue offset
696275 - [Broadcom 6.1 feat] Support bnx2i hba-mode and non-hba mode for boot in kernel
696337 - Bond interface flapping and increasing rx_missed_errors
696376 - server BUG() on receipt of bad NFSv4 lock request

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm

i386:
kernel-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.i686.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.0.15.el6.i686.rpm
kernel-devel-2.6.32-131.0.15.el6.i686.rpm
kernel-headers-2.6.32-131.0.15.el6.i686.rpm
perf-2.6.32-131.0.15.el6.i686.rpm
perf-debuginfo-2.6.32-131.0.15.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.0.15.el6.noarch.rpm
kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm
kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm
perf-2.6.32-131.0.15.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm

noarch:
kernel-doc-2.6.32-131.0.15.el6.noarch.rpm
kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm
kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm
perf-2.6.32-131.0.15.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm

i386:
kernel-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.i686.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.0.15.el6.i686.rpm
kernel-devel-2.6.32-131.0.15.el6.i686.rpm
kernel-headers-2.6.32-131.0.15.el6.i686.rpm
perf-2.6.32-131.0.15.el6.i686.rpm
perf-debuginfo-2.6.32-131.0.15.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.0.15.el6.noarch.rpm
kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm

ppc64:
kernel-2.6.32-131.0.15.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-131.0.15.el6.ppc64.rpm
kernel-debug-2.6.32-131.0.15.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.ppc64.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.ppc64.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-131.0.15.el6.ppc64.rpm
kernel-devel-2.6.32-131.0.15.el6.ppc64.rpm
kernel-headers-2.6.32-131.0.15.el6.ppc64.rpm
perf-2.6.32-131.0.15.el6.ppc64.rpm
perf-debuginfo-2.6.32-131.0.15.el6.ppc64.rpm

s390x:
kernel-2.6.32-131.0.15.el6.s390x.rpm
kernel-debug-2.6.32-131.0.15.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.s390x.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.s390x.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-131.0.15.el6.s390x.rpm
kernel-devel-2.6.32-131.0.15.el6.s390x.rpm
kernel-headers-2.6.32-131.0.15.el6.s390x.rpm
kernel-kdump-2.6.32-131.0.15.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-131.0.15.el6.s390x.rpm
kernel-kdump-devel-2.6.32-131.0.15.el6.s390x.rpm
perf-2.6.32-131.0.15.el6.s390x.rpm
perf-debuginfo-2.6.32-131.0.15.el6.s390x.rpm

x86_64:
kernel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm
kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm
perf-2.6.32-131.0.15.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm

i386:
kernel-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.i686.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.i686.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.0.15.el6.i686.rpm
kernel-devel-2.6.32-131.0.15.el6.i686.rpm
kernel-headers-2.6.32-131.0.15.el6.i686.rpm
perf-2.6.32-131.0.15.el6.i686.rpm
perf-debuginfo-2.6.32-131.0.15.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.0.15.el6.noarch.rpm
kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm
kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm
kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm
perf-2.6.32-131.0.15.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4251.html
https://www.redhat.com/security/data/cve/CVE-2011-0999.html
https://www.redhat.com/security/data/cve/CVE-2011-1010.html
https://www.redhat.com/security/data/cve/CVE-2011-1023.html
https://www.redhat.com/security/data/cve/CVE-2011-1082.html
https://www.redhat.com/security/data/cve/CVE-2011-1090.html
https://www.redhat.com/security/data/cve/CVE-2011-1163.html
https://www.redhat.com/security/data/cve/CVE-2011-1170.html
https://www.redhat.com/security/data/cve/CVE-2011-1171.html
https://www.redhat.com/security/data/cve/CVE-2011-1172.html
https://www.redhat.com/security/data/cve/CVE-2011-1494.html
https://www.redhat.com/security/data/cve/CVE-2011-1495.html
https://www.redhat.com/security/data/cve/CVE-2011-1581.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.1_Release_Notes/index.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.1_Technical_Notes/index.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1QkdXlSAg2UNWIIRAhHgAJkB4GapVEpsipKlOJSB0yGXSL4mvQCggcJX
JghBB2a5H0tlXvtvBrmcZ6s=
=KPsX
-----END PGP SIGNATURE-----

[RHSA-2011:0616-01] Low: pidgin security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: pidgin security and bug fix update
Advisory ID: RHSA-2011:0616-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0616.html
Issue date: 2011-05-19
CVE Names: CVE-2011-1091
=====================================================================

1. Summary:

Updated pidgin packages that fix multiple security issues and various bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

Multiple NULL pointer dereference flaws were found in the way the Pidgin
Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote
attacker could use these flaws to crash Pidgin via a specially-crafted
notification message. (CVE-2011-1091)

Red Hat would like to thank the Pidgin project for reporting these issues.
Upstream acknowledges Marius Wachtler as the original reporter.

This update also fixes the following bugs:

* Previous versions of the pidgin package did not properly clear certain
data structures used in libpurple/cipher.c when attempting to free them.
Partial information could potentially be extracted from the incorrectly
cleared regions of the previously freed memory. With this update, data
structures are properly cleared when freed. (BZ#684685)

* This erratum upgrades Pidgin to upstream version 2.7.9. For a list of all
changes addressed in this upgrade, refer to
http://developer.pidgin.im/wiki/ChangeLog (BZ#616917)

* Some incomplete translations for the kn_IN and ta_IN locales have been
corrected. (BZ#633860, BZ#640170)

Users of pidgin should upgrade to these updated packages, which resolve
these issues. Pidgin must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

633860 - [kn_IN] Translation is not complete, untranslated message in Screenshot
640170 - [ta_IN] Translation need to review for "Add Account"
683031 - CVE-2011-1091 Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in
684685 - Cipher API information disclosure in pidgin

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm

i386:
libpurple-2.7.9-3.el6.i686.rpm
pidgin-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm

x86_64:
libpurple-2.7.9-3.el6.i686.rpm
libpurple-2.7.9-3.el6.x86_64.rpm
pidgin-2.7.9-3.el6.x86_64.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm

i386:
finch-2.7.9-3.el6.i686.rpm
finch-devel-2.7.9-3.el6.i686.rpm
libpurple-devel-2.7.9-3.el6.i686.rpm
libpurple-perl-2.7.9-3.el6.i686.rpm
libpurple-tcl-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-devel-2.7.9-3.el6.i686.rpm
pidgin-docs-2.7.9-3.el6.i686.rpm
pidgin-perl-2.7.9-3.el6.i686.rpm

x86_64:
finch-2.7.9-3.el6.i686.rpm
finch-2.7.9-3.el6.x86_64.rpm
finch-devel-2.7.9-3.el6.i686.rpm
finch-devel-2.7.9-3.el6.x86_64.rpm
libpurple-devel-2.7.9-3.el6.i686.rpm
libpurple-devel-2.7.9-3.el6.x86_64.rpm
libpurple-perl-2.7.9-3.el6.x86_64.rpm
libpurple-tcl-2.7.9-3.el6.x86_64.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm
pidgin-devel-2.7.9-3.el6.i686.rpm
pidgin-devel-2.7.9-3.el6.x86_64.rpm
pidgin-docs-2.7.9-3.el6.x86_64.rpm
pidgin-perl-2.7.9-3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm

i386:
finch-2.7.9-3.el6.i686.rpm
finch-devel-2.7.9-3.el6.i686.rpm
libpurple-2.7.9-3.el6.i686.rpm
libpurple-devel-2.7.9-3.el6.i686.rpm
libpurple-perl-2.7.9-3.el6.i686.rpm
libpurple-tcl-2.7.9-3.el6.i686.rpm
pidgin-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-devel-2.7.9-3.el6.i686.rpm
pidgin-docs-2.7.9-3.el6.i686.rpm
pidgin-perl-2.7.9-3.el6.i686.rpm

ppc64:
finch-2.7.9-3.el6.ppc.rpm
finch-2.7.9-3.el6.ppc64.rpm
finch-devel-2.7.9-3.el6.ppc.rpm
finch-devel-2.7.9-3.el6.ppc64.rpm
libpurple-2.7.9-3.el6.ppc.rpm
libpurple-2.7.9-3.el6.ppc64.rpm
libpurple-devel-2.7.9-3.el6.ppc.rpm
libpurple-devel-2.7.9-3.el6.ppc64.rpm
libpurple-perl-2.7.9-3.el6.ppc64.rpm
libpurple-tcl-2.7.9-3.el6.ppc64.rpm
pidgin-2.7.9-3.el6.ppc64.rpm
pidgin-debuginfo-2.7.9-3.el6.ppc.rpm
pidgin-debuginfo-2.7.9-3.el6.ppc64.rpm
pidgin-devel-2.7.9-3.el6.ppc.rpm
pidgin-devel-2.7.9-3.el6.ppc64.rpm
pidgin-docs-2.7.9-3.el6.ppc64.rpm
pidgin-perl-2.7.9-3.el6.ppc64.rpm

x86_64:
finch-2.7.9-3.el6.i686.rpm
finch-2.7.9-3.el6.x86_64.rpm
finch-devel-2.7.9-3.el6.i686.rpm
finch-devel-2.7.9-3.el6.x86_64.rpm
libpurple-2.7.9-3.el6.i686.rpm
libpurple-2.7.9-3.el6.x86_64.rpm
libpurple-devel-2.7.9-3.el6.i686.rpm
libpurple-devel-2.7.9-3.el6.x86_64.rpm
libpurple-perl-2.7.9-3.el6.x86_64.rpm
libpurple-tcl-2.7.9-3.el6.x86_64.rpm
pidgin-2.7.9-3.el6.x86_64.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm
pidgin-devel-2.7.9-3.el6.i686.rpm
pidgin-devel-2.7.9-3.el6.x86_64.rpm
pidgin-docs-2.7.9-3.el6.x86_64.rpm
pidgin-perl-2.7.9-3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm

i386:
libpurple-2.7.9-3.el6.i686.rpm
pidgin-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm

x86_64:
libpurple-2.7.9-3.el6.i686.rpm
libpurple-2.7.9-3.el6.x86_64.rpm
pidgin-2.7.9-3.el6.x86_64.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm

i386:
finch-2.7.9-3.el6.i686.rpm
finch-devel-2.7.9-3.el6.i686.rpm
libpurple-devel-2.7.9-3.el6.i686.rpm
libpurple-perl-2.7.9-3.el6.i686.rpm
libpurple-tcl-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-devel-2.7.9-3.el6.i686.rpm
pidgin-docs-2.7.9-3.el6.i686.rpm
pidgin-perl-2.7.9-3.el6.i686.rpm

x86_64:
finch-2.7.9-3.el6.i686.rpm
finch-2.7.9-3.el6.x86_64.rpm
finch-devel-2.7.9-3.el6.i686.rpm
finch-devel-2.7.9-3.el6.x86_64.rpm
libpurple-devel-2.7.9-3.el6.i686.rpm
libpurple-devel-2.7.9-3.el6.x86_64.rpm
libpurple-perl-2.7.9-3.el6.x86_64.rpm
libpurple-tcl-2.7.9-3.el6.x86_64.rpm
pidgin-debuginfo-2.7.9-3.el6.i686.rpm
pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm
pidgin-devel-2.7.9-3.el6.i686.rpm
pidgin-devel-2.7.9-3.el6.x86_64.rpm
pidgin-docs-2.7.9-3.el6.x86_64.rpm
pidgin-perl-2.7.9-3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1091.html
https://access.redhat.com/security/updates/classification/#low
http://developer.pidgin.im/wiki/ChangeLog

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD4DBQFN1Q4dXlSAg2UNWIIRAplcAKC3xLdwGDYp0iH3O5Dg7MqX3n2mpQCVHMLq
Quq+M9zbgN38q+YxwisEjg==
=m+W4
-----END PGP SIGNATURE-----

[RHSA-2011:0545-01] Low: squid security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: squid security and bug fix update
Advisory ID: RHSA-2011:0545-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0545.html
Issue date: 2011-05-19
CVE Names: CVE-2010-3072
=====================================================================

1. Summary:

An updated squid package that fixes one security issue and two bugs is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

It was found that string comparison functions in Squid did not properly
handle the comparisons of NULL and empty strings. A remote, trusted web
client could use this flaw to cause the squid daemon to crash via a
specially-crafted request. (CVE-2010-3072)

This update also fixes the following bugs:

* A small memory leak in Squid caused multiple "ctx: enter level" messages
to be logged to "/var/log/squid/cache.log". This update resolves the memory
leak. (BZ#666533)

* This erratum upgrades Squid to upstream version 3.1.10. This upgraded
version supports the Google Instant service and introduces various code
improvements. (BZ#639365)

Users of squid should upgrade to this updated package, which resolves these
issues. After installing this update, the squid service will be restarted
automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

630444 - CVE-2010-3072 Squid: Denial of service due internal error in string handling (SQUID-2010:3)
639365 - Rebase squid to version 3.1.10
666533 - small memleak in squid-3.1.4

6. Package List:

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6.src.rpm

i386:
squid-3.1.10-1.el6.i686.rpm
squid-debuginfo-3.1.10-1.el6.i686.rpm

ppc64:
squid-3.1.10-1.el6.ppc64.rpm
squid-debuginfo-3.1.10-1.el6.ppc64.rpm

s390x:
squid-3.1.10-1.el6.s390x.rpm
squid-debuginfo-3.1.10-1.el6.s390x.rpm

x86_64:
squid-3.1.10-1.el6.x86_64.rpm
squid-debuginfo-3.1.10-1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6.src.rpm

i386:
squid-3.1.10-1.el6.i686.rpm
squid-debuginfo-3.1.10-1.el6.i686.rpm

x86_64:
squid-3.1.10-1.el6.x86_64.rpm
squid-debuginfo-3.1.10-1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3072.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1QoVXlSAg2UNWIIRAus+AJ9KG64p9VxJTdV0rL1nV2EmGfd1dgCeJv+d
n0b5YLJ5FOoorECMonve9XE=
=r2vM
-----END PGP SIGNATURE-----

[RHSA-2011:0554-01] Moderate: python security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: python security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0554-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0554.html
Issue date: 2011-05-19
CVE Names: CVE-2010-3493 CVE-2011-1015 CVE-2011-1521
=====================================================================

1. Summary:

Updated python packages that fix three security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming
language.

A flaw was found in the Python urllib and urllib2 libraries where they
would not differentiate between different target URLs when handling
automatic redirects. This caused Python applications using these modules to
follow any new URL that they understood, including the "file://" URL type.
This could allow a remote server to force a local Python application to
read a local file instead of the remote one, possibly exposing local files
that were not meant to be exposed. (CVE-2011-1521)

A race condition was found in the way the Python smtpd module handled new
connections. A remote user could use this flaw to cause a Python script
using the smtpd module to terminate. (CVE-2010-3493)

An information disclosure flaw was found in the way the Python
CGIHTTPServer module processed certain HTTP GET requests. A remote attacker
could use a specially-crafted request to obtain the CGI script's source
code. (CVE-2011-1015)

This erratum also upgrades Python to upstream version 2.6.6, and includes a
number of bug fixes and enhancements. Documentation for these bug fixes
and enhancements is available from the Technical Notes document, linked to
in the References section.

All users of Python are advised to upgrade to these updated packages, which
correct these issues, and fix the bugs and add the enhancements noted in
the Technical Notes.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

603073 - python >>> help() >>> modules command traceback when used without DISPLAY
614680 - Try to print repr() when a fatal garbage collection assertion fails
625393 - adjust test_commands unit test to the updated output of the ls command
625395 - include the tests/data directory in the python-test rpm
626756 - test_dbm fails on ppc64 & s390x
627301 - Rebase python from 2.6.5 to 2.6.6 in RHEL 6.1
632200 - CVE-2010-3493 Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129)
634944 - rpmlint errors and warnings
639392 - Generating python backtrace with "py-bt" fails with a traceback
649274 - Infinite recursion in urllib2 on basicauth failure
650588 - subprocess fails in select when descriptors are large (rhel6)
669847 - urllib2's AbstractBasicAuthHandler is limited to 6 requests
680094 - CVE-2011-1015 python (CGIHTTPServer): CGI script source code disclosure
684991 - python update causes rhythmbox to crash
690315 - python occasionally fails to build on machines with more than one core
690560 - CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-20.el6.src.rpm

i386:
python-2.6.6-20.el6.i686.rpm
python-debuginfo-2.6.6-20.el6.i686.rpm
python-libs-2.6.6-20.el6.i686.rpm
tkinter-2.6.6-20.el6.i686.rpm

x86_64:
python-2.6.6-20.el6.x86_64.rpm
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-libs-2.6.6-20.el6.x86_64.rpm
tkinter-2.6.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-20.el6.src.rpm

i386:
python-debuginfo-2.6.6-20.el6.i686.rpm
python-devel-2.6.6-20.el6.i686.rpm
python-test-2.6.6-20.el6.i686.rpm
python-tools-2.6.6-20.el6.i686.rpm

x86_64:
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-devel-2.6.6-20.el6.x86_64.rpm
python-test-2.6.6-20.el6.x86_64.rpm
python-tools-2.6.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-20.el6.src.rpm

x86_64:
python-2.6.6-20.el6.x86_64.rpm
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-libs-2.6.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-20.el6.src.rpm

x86_64:
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-devel-2.6.6-20.el6.x86_64.rpm
python-test-2.6.6-20.el6.x86_64.rpm
python-tools-2.6.6-20.el6.x86_64.rpm
tkinter-2.6.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-20.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-docs-2.6.6-2.el6.src.rpm

i386:
python-2.6.6-20.el6.i686.rpm
python-debuginfo-2.6.6-20.el6.i686.rpm
python-devel-2.6.6-20.el6.i686.rpm
python-libs-2.6.6-20.el6.i686.rpm
tkinter-2.6.6-20.el6.i686.rpm

noarch:
python-docs-2.6.6-2.el6.noarch.rpm

ppc64:
python-2.6.6-20.el6.ppc64.rpm
python-debuginfo-2.6.6-20.el6.ppc64.rpm
python-devel-2.6.6-20.el6.ppc64.rpm
python-libs-2.6.6-20.el6.ppc64.rpm
tkinter-2.6.6-20.el6.ppc64.rpm

s390x:
python-2.6.6-20.el6.s390x.rpm
python-debuginfo-2.6.6-20.el6.s390x.rpm
python-devel-2.6.6-20.el6.s390x.rpm
python-libs-2.6.6-20.el6.s390x.rpm

x86_64:
python-2.6.6-20.el6.x86_64.rpm
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-devel-2.6.6-20.el6.x86_64.rpm
python-libs-2.6.6-20.el6.x86_64.rpm
tkinter-2.6.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-20.el6.src.rpm

i386:
python-debuginfo-2.6.6-20.el6.i686.rpm
python-test-2.6.6-20.el6.i686.rpm
python-tools-2.6.6-20.el6.i686.rpm

ppc64:
python-debuginfo-2.6.6-20.el6.ppc64.rpm
python-test-2.6.6-20.el6.ppc64.rpm
python-tools-2.6.6-20.el6.ppc64.rpm

s390x:
python-debuginfo-2.6.6-20.el6.s390x.rpm
python-test-2.6.6-20.el6.s390x.rpm
python-tools-2.6.6-20.el6.s390x.rpm
tkinter-2.6.6-20.el6.s390x.rpm

x86_64:
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-test-2.6.6-20.el6.x86_64.rpm
python-tools-2.6.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-20.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-docs-2.6.6-2.el6.src.rpm

i386:
python-2.6.6-20.el6.i686.rpm
python-debuginfo-2.6.6-20.el6.i686.rpm
python-devel-2.6.6-20.el6.i686.rpm
python-libs-2.6.6-20.el6.i686.rpm
tkinter-2.6.6-20.el6.i686.rpm

noarch:
python-docs-2.6.6-2.el6.noarch.rpm

x86_64:
python-2.6.6-20.el6.x86_64.rpm
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-devel-2.6.6-20.el6.x86_64.rpm
python-libs-2.6.6-20.el6.x86_64.rpm
tkinter-2.6.6-20.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-20.el6.src.rpm

i386:
python-debuginfo-2.6.6-20.el6.i686.rpm
python-test-2.6.6-20.el6.i686.rpm
python-tools-2.6.6-20.el6.i686.rpm

x86_64:
python-debuginfo-2.6.6-20.el6.x86_64.rpm
python-test-2.6.6-20.el6.x86_64.rpm
python-tools-2.6.6-20.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3493.html
https://www.redhat.com/security/data/cve/CVE-2011-1015.html
https://www.redhat.com/security/data/cve/CVE-2011-1521.html
https://access.redhat.com/security/updates/classification/#moderate
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/python.html
http://www.python.org/download/releases/2.6.6/NEWS.txt

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Qo8XlSAg2UNWIIRAiqyAJ9QP+xc6uNVsrvVNOqgs0XgxNn01wCff30f
qbgNNQreEAiLlPKT2e2qSDY=
=WT99
-----END PGP SIGNATURE-----

[RHSA-2011:0534-01] Important: qemu-kvm security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: qemu-kvm security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0534-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0534.html
Issue date: 2011-05-19
CVE Names: CVE-2011-1750 CVE-2011-1751
=====================================================================

1. Summary:

Updated qemu-kvm packages that fix two security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM.

It was found that the virtio-blk driver in qemu-kvm did not properly
validate read and write requests from guests. A privileged guest user could
use this flaw to crash the guest or, possibly, execute arbitrary code on
the host. (CVE-2011-1750)

It was found that the PIIX4 Power Management emulation layer in qemu-kvm
did not properly check for hot plug eligibility during device removals. A
privileged guest user could use this flaw to crash the guest or, possibly,
execute arbitrary code on the host. (CVE-2011-1751)

Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1751.

This update also fixes several bugs and adds various enhancements.
Documentation for these bug fixes and enhancements will be available
shortly from the Technical Notes document, linked to in the References
section.

All users of qemu-kvm should upgrade to these updated packages, which
contain backported patches to resolve these issues, and fix the bugs and
add the enhancements noted in the Technical Notes. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

482427 - support high resolutions
581750 - Vhost: Segfault when assigning a none vhostfd
596610 - "Guest moved used index from 0 to 61440" if remove virtio serial device before virtserialport
599307 - info snapshot return "bdrv_snapshot_list: error -95"
602205 - Could not ping guest successfully after changing e1000 MTU
603413 - RHEL3.9 guest netdump hung with e1000
604992 - index is empty in qemu-doc.html
607598 - Incorrect & misleading error reporting when failing to open a drive due to block driver whitelist denial
608548 - QEMU doesn't respect hardware sector size of underlying block device when doing O_DIRECT
609016 - incorrect committed memory on idle host
613893 - [RFE] qemu-io enable truncate function for qcow2.
615947 - RFE QMP: support of query spice for guest
616187 - vmware device emulation enabled but not supported
616659 - mrg buffers: migration breaks between systems with/without vhost
616703 - qemu-kvm core dump with virtio-serial-pci max-port greater than 31
617119 - Qemu becomes unresponsive during unattended_installation
619168 - qemu should more clearly indicate internal detection of this host out-of-memory condition at startup..
619259 - qemu "-cpu [check | enforce ]" should work even when a model name is not specified on the command line
623552 - SCP image fails from host to guest with vhost on when do migration
623735 - hot unplug of vhost net virtio NIC causes qemu segfault
624396 - migration failed after hot-unplug virtserialport - Unknown savevm section or instance '0000:00:07.0/virtio-console' 0
624572 - time drift after guest running for more than 12 hours
624607 - [qemu] [rhel6] guest installation stop (pause) on 'eother' event over COW disks (thin-provisioning)
624721 - [qemu] [rhel6] bad error handling when qemu has no 'read' permissions over {kernel,initrd} files [pass boot options]
624767 - Replace virtio-net TX timer mitigation with bottom half handler
624790 - pass through fails with KVM using Neterion Inc's X3100 Series 10GbE PCIe I/O Virtualized Server Adapter in Multifunction mode.
625319 - Failed to update the media in floppy device
625333 - qemu treatment of -nodefconfig and -readconfig problematic for debug
625681 - RFE QMP: should have command to disconnect and connect network card for whql testing
625948 - qemu exits when hot adding rtl8139 nic to win2k8 guest
628634 - vhost_net: untested error handling in vhost_net_start
631522 - spice: prepare qxl for 6.1 update.
632257 - Duplicate CPU fea.tures in cpu-x86_64.conf
632458 - Guest may core dump when booting with spice and qxl.
632722 - [6.1 FEAT] QEMU static tracing framework
633394 - [6.1 FEAT] virtio-blk ioeventfd support
633699 - Cannot hot-plug nic in windows VM when the vmem is larger
634153 - coredumped when enable qxl without spice
635354 - Can not commit copy-on-write image's data to raw backing-image
635418 - Allow enable/disable ksm per VM
635527 - KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk
635954 - RFE: Assigned device should block migration
636494 - -cpu check does not correctly enforce CPUID items
637180 - watchdog timer isn't reset when qemu resets
637976 - ksmtuned: give a nicer message if retune is called while ksmtuned is off
638468 - [qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug
639437 - Incorrect russian vnc keymap
641127 - qemu-img ignores close() errors
642131 - qemu-kvm aborts of 'qemu_spice_display_create_update: unhandled depth: 0 bits'
643681 - Do not advertise boot=on capability to libvirt
643687 - Allow to specify boot order on qemu command line.
643970 - guest migration turns failed by the end (16G + stress load)
645342 - Implement QEMU driver for modern sound device like Intel HDA
647307 - Support slow mapping of PCI Bars
647308 - Support Westmere as a CPU model or included within existing models..
647447 - QMP: provide a hmp_passthrough command to allow execution of non-converted commands
647865 - support 2560x1440 in qxl
648333 - TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS
653582 - Changing media with -snapshot deletes image file
653972 - qcow2: Backport performance related patches
655735 - qemu-kvm (or libvirt?) permission denied errors when exporting readonly IDE disk to guest
656198 - Can only see 16 virtio ports while assigned 30 virtio serial ports on commandLine
658288 - Include (disabled by default) -fake-machine patch on qemu-kvm RPM spec
662633 - Fix build problem with recent compilers
662701 - Option -enable-kvm should exit when KVM is unavailable
665025 - lost double clicks on slow connections
665299 - load vhost-net by default
667188 - device-assignment leaks option ROM memory
669268 - WinXP hang when reboot after setup copies files to the installation folders
670539 - Block devices don't implement correct flush error handling
670787 - Hot plug the 14st VF to guest causes guest shut down
671100 - possible migration failure due to erroneous interpretation of subsection
672187 - Improper responsive message when shrinking qcow2 image
672191 - spicevmc: flow control on the spice agent channel is missing in both directions
672229 - romfile memory leak
672441 - Tracetool autogenerate qemu-kvm.stp with wrong qemu-kvm path
672720 - getting 'ctrl buffer too small' error on USB passthrough
674539 - slow guests block other guests on the same lan
674562 - disable vhost-net for rhel5 and older guests
675229 - Install of cpu-x86_64.conf bombs for an out of tree build..
676015 - set_link off not working with vhost-net
676529 - core dumped when save snapshot to non-exist disk
677222 - segment fault happens after hot drive add then drive delete
677712 - disabling vmware device emulation breaks old->new migration
678208 - qemu-kvm hangs when installing guest with -spice option
678524 - Exec based migration randomly fails, particularly under high load
680058 - can't hotplug second vf successful with message "Too many open files"
681777 - floppy I/O error after live migration while floppy in use
683295 - qemu-kvm: Invalid parameter 'vhostforce'
684076 - Segfault occurred during migration
685147 - guest with assigned nic got kernel panic when send system_reset signal in QEMU monitor
688058 - Drive serial number gets truncated
688119 - qcow2: qcow2_open doesn't return useful errors
688146 - qcow2: Some paths fail to handle I/O errors
688147 - qcow2: Reads fail with backing file smaller than snapshot
688428 - qemu-kvm -no-kvm segfaults on pci_add
688572 - spice-server does not switch back to server mouse mode if guest spice-agent dies.
690267 - Backport qemu_get_ram_ptr() performance improvement
693741 - qemu-img re-base fail with read-only new backing file
694095 - Migration fails when migrate guest from RHEL6.1 host to RHEL6 host with the same libvirt version
694196 - RHEL 6.1 qemu-kvm: Specifying ipv6 addresses breaks migration
698906 - CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests
699773 - CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm

x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm

x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm

x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm

x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1750.html
https://www.redhat.com/security/data/cve/CVE-2011-1751.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.1_Technical_Notes/index.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN1Qj/XlSAg2UNWIIRAqafAKCbkaKWoKm2p7+5J7MktEREE47vWQCdEtt0
2pENBq7h9GybHcXQfnXA2Gc=
=GToj
-----END PGP SIGNATURE-----