Red Hat 9037 Published by

Red Hat has released 19 updates for Red Hat Enterprise Linux: [RHSA-2012:0303-03] Low: xorg-x11-server security and bug fix update, [RHSA-2012:0304-03] Low: vixie-cron security, bug fix, and enhancement update, [RHSA-2012:0149-03] Moderate: kvm security and bug fix update, [RHSA-2012:0301-03] Low: ImageMagick security and bug fix update, [RHSA-2012:0152-03] Moderate: kexec-tools security, bug fix, and enhancement update, [RHSA-2012:0150-03] Moderate: Red Hat Enterprise Linux 5.8 kernel update, [RHSA-2012:0302-03] Low: cups security and bug fix update, [RHSA-2012:0151-03] Moderate: conga security, bug fix, and enhancement update, [RHSA-2012:0305-03] Low: boost security and bug fix update, [RHSA-2012:0306-03] Low: krb5 security and bug fix update, [RHSA-2012:0307-03] Low: util-linux security, bug fix, and enhancement update, [RHSA-2012:0308-03] Low: busybox security and bug fix update, [RHSA-2012:0312-03] Low: initscripts security and bug fix update, [RHSA-2012:0309-03] Low: sudo security and bug fix update, [RHSA-2012:0311-03] Low: ibutils security and bug fix update, [RHSA-2012:0310-03] Low: nfs-utils security, bug fix, and enhancement update, [RHSA-2012:0313-03] Low: samba security, bug fix, and enhancement update, [RHSA-2012:0153-03] Low: sos security, bug fix, and enhancement update, and [RHSA-2012:0317-01] Important: libpng security update



[RHSA-2012:0303-03] Low: xorg-x11-server security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: xorg-x11-server security and bug fix update
Advisory ID: RHSA-2012:0303-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0303.html
Issue date: 2012-02-21
Keywords: fbdev installer
CVE Names: CVE-2011-4028
=====================================================================

1. Summary:

Updated xorg-x11-server packages that fix one security issue and various
bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

X.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

A flaw was found in the way the X.Org server handled lock files. A local
user with access to the system console could use this flaw to determine the
existence of a file in a directory not accessible to the user, via a
symbolic link attack. (CVE-2011-4028)

Red Hat would like to thank the researcher with the nickname vladz for
reporting this issue.

This update also fixes the following bugs:

* In rare cases, if the front and back buffer of the miDbePositionWindow()
function were not both allocated in video memory, or were both allocated in
system memory, the X Window System sometimes terminated unexpectedly. A
patch has been provided to address this issue and X no longer crashes in
the described scenario. (BZ#596899)

* Previously, when the miSetShape() function called the miRegionDestroy()
function with a NULL region, X terminated unexpectedly if the backing store
was enabled. Now, X no longer crashes in the described scenario.
(BZ#676270)

* On certain workstations running in 32-bit mode, the X11 mouse cursor
occasionally became stuck near the left edge of the X11 screen. A patch has
been provided to address this issue and the mouse cursor no longer becomes
stuck in the described scenario. (BZ#529717)

* On certain workstations with a dual-head graphics adapter using the r500
driver in Zaphod mode, the mouse pointer was confined to one monitor screen
and could not move to the other screen. A patch has been provided to
address this issue and the mouse cursor works properly across both screens.
(BZ#559964)

* Due to a double free operation, Xvfb (X virtual framebuffer) terminated
unexpectedly with a segmentation fault randomly when the last client
disconnected, that is when the server reset. This bug has been fixed in the
miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)

* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an
integrated graphics adapter caused the server to terminate unexpectedly.
This bug has been fixed in the code and Xephyr no longer crashes in the
described scenario. (BZ#454409)

* Previously, when a client made a request bigger than 1/4th of the limit
advertised in the BigRequestsEnable reply, the X server closed the
connection unexpectedly. With this update, the maxBigRequestSize variable
has been added to the code to check the size of client requests, thus
fixing this bug. (BZ#555000)

* When an X client running on a big-endian system called the
XineramaQueryScreens() function, the X server terminated unexpectedly. This
bug has been fixed in the xf86Xinerama module and the X server no longer
crashes in the described scenario. (BZ#588346)

* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p
blade server, the installer did not set the correct mode on the built-in
KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a
very long time to appear and then was displayed incorrectly. A patch has
been provided to address this issue and the graphical installer now works
as expected in the described scenario. Note that this fix requires the
Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)

* Lines longer than 46,340 pixels can be drawn with one of the coordinates
being negative. However, for dashed lines, the miPolyBuildPoly() function
overflowed the "int" type when setting up edges for a section of a dashed
line. Consequently, dashed segments were not drawn at all. An upstream
patch has been applied to address this issue and dashed lines are now drawn
correctly. (BZ#649810)

All users of xorg-x11-server are advised to upgrade to these updated
packages, which correct these issues. All running X.Org server instances
must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

454409 - Xephyr ends with Segmentation fault
529717 - [RHEL5] HP DC5850: mice get stuck on left edge (X11 acceleration overflow?)
555000 - Using BIG-REQUESTS cause XIO and connection close
559964 - Pointer confined to one monitor with r500 in zaphod mode
588346 - XineramaQueryScreens() from an X client on a big endian machine cause the Xserver to crash
649810 - Integer overflow for dashed lines longer than 46340
676270 - Xserver segfaults in miwindow.c when backing store is enabled
745755 - CVE-2011-4028 xorg-x11, xorg-x11-server: File existence disclosure vulnerability

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.90.el5.src.rpm

i386:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm

x86_64:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.90.el5.src.rpm

i386:
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm

x86_64:
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xorg-x11-server-1.1.1-48.90.el5.src.rpm

i386:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm
xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm

ia64:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.ia64.rpm
xorg-x11-server-Xephyr-1.1.1-48.90.el5.ia64.rpm
xorg-x11-server-Xnest-1.1.1-48.90.el5.ia64.rpm
xorg-x11-server-Xorg-1.1.1-48.90.el5.ia64.rpm
xorg-x11-server-Xvfb-1.1.1-48.90.el5.ia64.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ia64.rpm
xorg-x11-server-debuginfo-1.1.1-48.90.el5.ia64.rpm
xorg-x11-server-sdk-1.1.1-48.90.el5.ia64.rpm

ppc:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.ppc.rpm
xorg-x11-server-Xephyr-1.1.1-48.90.el5.ppc.rpm
xorg-x11-server-Xnest-1.1.1-48.90.el5.ppc.rpm
xorg-x11-server-Xorg-1.1.1-48.90.el5.ppc.rpm
xorg-x11-server-Xvfb-1.1.1-48.90.el5.ppc.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ppc.rpm
xorg-x11-server-debuginfo-1.1.1-48.90.el5.ppc.rpm
xorg-x11-server-sdk-1.1.1-48.90.el5.ppc.rpm

s390x:
xorg-x11-server-Xephyr-1.1.1-48.90.el5.s390x.rpm
xorg-x11-server-Xnest-1.1.1-48.90.el5.s390x.rpm
xorg-x11-server-Xvfb-1.1.1-48.90.el5.s390x.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.s390x.rpm
xorg-x11-server-debuginfo-1.1.1-48.90.el5.s390x.rpm

x86_64:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm
xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4028.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyUCXlSAg2UNWIIRAv0eAJ9f7w2ltsugubo8T1UxHbrR0yhIXwCeNboK
pObvvcc4xLEOcsfD68/cTRM=
=zrCM
-----END PGP SIGNATURE-----


[RHSA-2012:0304-03] Low: vixie-cron security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: vixie-cron security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0304-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0304.html
Issue date: 2012-02-21
Keywords: orphan, pam, pie
CVE Names: CVE-2010-0424
=====================================================================

1. Summary:

An updated vixie-cron package that fixes one security issue, several bugs,
and adds one enhancement is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times. The
vixie-cron package adds improved security and more powerful configuration
options to the standard version of cron.

A race condition was found in the way the crontab program performed file
time stamp updates on a temporary file created when editing a user crontab
file. A local attacker could use this flaw to change the modification time
of arbitrary system files via a symbolic link attack. (CVE-2010-0424)

Red Hat would like to thank Dan Rosenberg for reporting this issue.

This update also fixes the following bugs:

* Cron jobs of users with home directories mounted on a Lightweight
Directory Access Protocol (LDAP) server or Network File System (NFS) were
often refused because jobs were marked as orphaned (typically due to a
temporary NSS lookup failure, when NIS and LDAP servers were unreachable).
With this update, a database of orphans is created, and cron jobs are
performed as expected. (BZ#455664)

* Previously, cron did not log any errors if a cron job file located in the
/etc/cron.d/ directory contained invalid entries. An upstream patch has
been applied to address this problem and invalid entries in the cron job
files now produce warning messages. (BZ#460070)

* Previously, the "@reboot" crontab macro incorrectly ran jobs when the
crond daemon was restarted. If the user used the macro on multiple
machines, all entries with the "@reboot" option were executed every time
the crond daemon was restarted. With this update, jobs are executed only
when the machine is rebooted. (BZ#476972)

* The crontab utility is now compiled as a position-independent executable
(PIE), which enhances the security of the system. (BZ#480930)

* When the parent crond daemon was stopped, but a child crond daemon was
running (executing a program), the "service crond status" command
incorrectly reported that crond was running. The source code has been
modified, and the "service crond status" command now correctly reports that
crond is stopped. (BZ#529632)

* According to the pam(8) manual page, the cron daemon, crond, supports
access control with PAM (Pluggable Authentication Module). However, the PAM
configuration file for crond did not export environment variables correctly
and, consequently, setting PAM variables via cron did not work. This update
includes a corrected /etc/pam.d/crond file that exports environment
variables correctly. Setting pam variables via cron now works as documented
in the pam(8) manual page. (BZ#541189)

* Previously, the mcstransd daemon modified labels for the crond daemon.
When the crond daemon attempted to use the modified label and mcstransd was
not running, crond used an incorrect label. Consequently, Security-Enhanced
Linux (SELinux) denials filled up the cron log, no jobs were executed, and
crond had to be restarted. With this update, both mcstransd and crond use
raw SELinux labels, which prevents the problem. (BZ#625016)

* Previously, the crontab(1) and cron(8) manual pages contained multiple
typographical errors. This update fixes those errors. (BZ#699620,
BZ#699621)

In addition, this update adds the following enhancement:

* Previously, the crontab utility did not use the Pluggable Authentication
Module (PAM) for verification of users. As a consequence, a user could
access crontab even if access had been restricted (usually by being denied
in the access.conf file). With this update, crontab returns an error
message that the user is not allowed to access crontab because of PAM
configuration. (BZ#249512)

All vixie-cron users should upgrade to this updated package, which resolves
these issues and adds this enhancement.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

455664 - Adoptions at the crontab orphanage needed
460070 - cronjobs in /etc/cron.d entries with an invalid username produce no error in the logs
476972 - crontab error with @reboot entry
480930 - Make crontab a PIE
529632 - [PATCH] "service crond status" return invalid status
541189 - cron and /etc/security/pam_env.conf problem
565809 - CVE-2010-0424 vixie-cron, cronie: Race condition by setting timestamp of user's crontab file, when editing the file
625016 - crond requires a restart if mcstransd is stopped
699620 - Typo in patch for crond manpage removes mention of cron.d
699621 - man page typo -- two be -- should be not two be's :wink:

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vixie-cron-4.1-81.el5.src.rpm

i386:
vixie-cron-4.1-81.el5.i386.rpm
vixie-cron-debuginfo-4.1-81.el5.i386.rpm

x86_64:
vixie-cron-4.1-81.el5.x86_64.rpm
vixie-cron-debuginfo-4.1-81.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vixie-cron-4.1-81.el5.src.rpm

i386:
vixie-cron-4.1-81.el5.i386.rpm
vixie-cron-debuginfo-4.1-81.el5.i386.rpm

ia64:
vixie-cron-4.1-81.el5.ia64.rpm
vixie-cron-debuginfo-4.1-81.el5.ia64.rpm

ppc:
vixie-cron-4.1-81.el5.ppc.rpm
vixie-cron-debuginfo-4.1-81.el5.ppc.rpm

s390x:
vixie-cron-4.1-81.el5.s390x.rpm
vixie-cron-debuginfo-4.1-81.el5.s390x.rpm

x86_64:
vixie-cron-4.1-81.el5.x86_64.rpm
vixie-cron-debuginfo-4.1-81.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0424.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyTdXlSAg2UNWIIRAsf/AJ0Rnii8h7UKh/bB9cHIRiKzVWQQ9QCfY/YT
EAoMEyKMLLcrhkaqoQEkMW0=
=LyP3
-----END PGP SIGNATURE-----

[RHSA-2012:0149-03] Moderate: kvm security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: kvm security and bug fix update
Advisory ID: RHSA-2012:0149-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0149.html
Issue date: 2012-02-21
CVE Names: CVE-2011-4347
=====================================================================

1. Summary:

Updated kvm packages that fix one security issue and several bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Multi OS (v. 5 client) - x86_64
RHEL Virtualization (v. 5 server) - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

It was found that the kvm_vm_ioctl_assign_device() function in the KVM
subsystem of a Linux kernel did not check if the user requesting device
assignment was privileged or not. A member of the kvm group on the host
could assign unused PCI devices, or even devices that were in use and
whose resources were not properly claimed by the respective drivers, which
could result in the host crashing. (CVE-2011-4347)

Red Hat would like to thank Sasha Levin for reporting this issue.

These updated kvm packages include several bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the
References, for information on the most significant of these changes.

All KVM users should upgrade to these updated packages, which contain
backported patches to correct these issues. Note: The procedure in the
Solution section must be performed before this update will take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

5. Bugs fixed (http://bugzilla.redhat.com/):

701616 - limitation on max number of assigned devices does not take effect if hot-plug pci devices
703335 - KVM guest clocks jump forward one hour on reboot
703446 - Failed to ping guest after MTU is changed
704081 - mouse responds very slowly with huge memory
725876 - RTC interrupt problems with RHEL5 qemu/kvm (0.10 based) on 2.6.38+ guest kernels.
753860 - Fix kvm userspace compilation on RHEL-5 to match the kernel changes
756084 - CVE-2011-4347 kernel: kvm: device assignment DoS

6. Package List:

RHEL Desktop Multi OS (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-249.el5.src.rpm

x86_64:
kmod-kvm-83-249.el5.x86_64.rpm
kmod-kvm-debug-83-249.el5.x86_64.rpm
kvm-83-249.el5.x86_64.rpm
kvm-debuginfo-83-249.el5.x86_64.rpm
kvm-qemu-img-83-249.el5.x86_64.rpm
kvm-tools-83-249.el5.x86_64.rpm

RHEL Virtualization (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-249.el5.src.rpm

x86_64:
kmod-kvm-83-249.el5.x86_64.rpm
kmod-kvm-debug-83-249.el5.x86_64.rpm
kvm-83-249.el5.x86_64.rpm
kvm-debuginfo-83-249.el5.x86_64.rpm
kvm-qemu-img-83-249.el5.x86_64.rpm
kvm-tools-83-249.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4347.html
https://access.redhat.com/security/updates/classification/#moderate
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kvm.html#RHSA-2012-0149

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQySTXlSAg2UNWIIRArlTAJ0WoKPpeN65MwnhycwM8+RzPo1dNACff1HW
NKHsqhoy0Aa32Ro59AEwoXw=
=5ijl
-----END PGP SIGNATURE-----

[RHSA-2012:0301-03] Low: ImageMagick security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: ImageMagick security and bug fix update
Advisory ID: RHSA-2012:0301-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0301.html
Issue date: 2012-02-21
CVE Names: CVE-2010-4167
=====================================================================

1. Summary:

Updated ImageMagick packages that fix one security issue and multiple bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

It was found that ImageMagick utilities tried to load ImageMagick
configuration files from the current working directory. If a user ran an
ImageMagick utility in an attacker-controlled directory containing a
specially-crafted ImageMagick configuration file, it could cause the
utility to execute arbitrary code. (CVE-2010-4167)

This update also fixes the following bugs:

* Previously, the "identify -verbose" command failed with an assertion if
there was no image information available. An upstream patch has been
applied, so that GetImageOption() is now called correctly. Now, the
"identify -verbose" command works correctly even if no image information is
available. (BZ#502626)

* Previously, an incorrect use of the semaphore data type led to a
deadlock. As a consequence, the ImageMagick utility could become
unresponsive when converting JPEG files to PDF (Portable Document Format)
files. A patch has been applied to address the deadlock issue, and JPEG
files can now be properly converted to PDF files. (BZ#530592)

* Previously, running the "convert" command with the "-color" option failed
with a memory allocation error. The source code has been modified to fix
problems with memory allocation. Now, using the "convert" command with the
"-color" option works correctly. (BZ#616538)

* Previously, ImageMagick could become unresponsive when using the
"display" command on damaged GIF files. The source code has been revised to
prevent the issue. ImageMagick now produces an error message in the
described scenario. A file selector is now opened so the user can choose
another image to display. (BZ#693989)

* Prior to this update, the "convert" command did not handle rotated PDF
files correctly. As a consequence, the output was rendered as a portrait
with the content being cropped. With this update, the PDF render geometry
is modified, and the output produced by the "convert" command is properly
rendered as a landscape. (BZ#694922)

All users of ImageMagick are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of ImageMagick must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

580535 - Using "-page" option in ImageMagick's "convert" set bogus page size in PostScript
652860 - CVE-2010-4167 ImageMagick: configuration files read from $CWD may allow arbitrary code execution

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ImageMagick-6.2.8.0-12.el5.src.rpm

i386:
ImageMagick-6.2.8.0-12.el5.i386.rpm
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm
ImageMagick-perl-6.2.8.0-12.el5.i386.rpm

x86_64:
ImageMagick-6.2.8.0-12.el5.i386.rpm
ImageMagick-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
ImageMagick-c++-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-perl-6.2.8.0-12.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ImageMagick-6.2.8.0-12.el5.src.rpm

i386:
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm

x86_64:
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm
ImageMagick-devel-6.2.8.0-12.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ImageMagick-6.2.8.0-12.el5.src.rpm

i386:
ImageMagick-6.2.8.0-12.el5.i386.rpm
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm
ImageMagick-perl-6.2.8.0-12.el5.i386.rpm

ia64:
ImageMagick-6.2.8.0-12.el5.ia64.rpm
ImageMagick-c++-6.2.8.0-12.el5.ia64.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.ia64.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.ia64.rpm
ImageMagick-devel-6.2.8.0-12.el5.ia64.rpm
ImageMagick-perl-6.2.8.0-12.el5.ia64.rpm

ppc:
ImageMagick-6.2.8.0-12.el5.ppc.rpm
ImageMagick-6.2.8.0-12.el5.ppc64.rpm
ImageMagick-c++-6.2.8.0-12.el5.ppc.rpm
ImageMagick-c++-6.2.8.0-12.el5.ppc64.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.ppc.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.ppc64.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.ppc.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.ppc64.rpm
ImageMagick-devel-6.2.8.0-12.el5.ppc.rpm
ImageMagick-devel-6.2.8.0-12.el5.ppc64.rpm
ImageMagick-perl-6.2.8.0-12.el5.ppc.rpm

s390x:
ImageMagick-6.2.8.0-12.el5.s390.rpm
ImageMagick-6.2.8.0-12.el5.s390x.rpm
ImageMagick-c++-6.2.8.0-12.el5.s390.rpm
ImageMagick-c++-6.2.8.0-12.el5.s390x.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.s390.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.s390x.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.s390.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.s390x.rpm
ImageMagick-devel-6.2.8.0-12.el5.s390.rpm
ImageMagick-devel-6.2.8.0-12.el5.s390x.rpm
ImageMagick-perl-6.2.8.0-12.el5.s390x.rpm

x86_64:
ImageMagick-6.2.8.0-12.el5.i386.rpm
ImageMagick-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
ImageMagick-c++-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
ImageMagick-c++-devel-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm
ImageMagick-debuginfo-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm
ImageMagick-devel-6.2.8.0-12.el5.x86_64.rpm
ImageMagick-perl-6.2.8.0-12.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4167.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyUvXlSAg2UNWIIRAn6yAJ9m6aDVE39cwPtzbME8/CVZ32X1NwCfS8Ig
EGMPF79JWJQMG+dJRLWFXS4=
=QwXY
-----END PGP SIGNATURE-----

[RHSA-2012:0152-03] Moderate: kexec-tools security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: kexec-tools security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0152-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0152.html
Issue date: 2012-02-21
CVE Names: CVE-2011-3588 CVE-2011-3589 CVE-2011-3590
=====================================================================

1. Summary:

An updated kexec-tools package that resolves three security issues,
fixes several bugs and adds various enhancements is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The kexec-tools package contains the /sbin/kexec binary and utilities that
together form the user-space component of the kernel's kexec feature. The
/sbin/kexec binary facilitates a new kernel to boot using the kernel's
kexec feature either on a normal or a panic reboot. The kexec fastboot
mechanism allows booting a Linux kernel from the context of an already
running kernel.

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
dumping to SSH targets, causing the target kdump server's SSH host key not
to be checked. This could make it easier for a man-in-the-middle attacker
on the local network to impersonate the kdump SSH target server and
possibly gain access to sensitive information in the vmcore dumps.
(CVE-2011-3588)

The mkdumprd utility created initrd files with world-readable permissions.
A local user could possibly use this flaw to gain access to sensitive
information, such as the private SSH key used to authenticate to a remote
server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

The mkdumprd utility included unneeded sensitive files (such as all files
from the "/root/.ssh/" directory and the host's private SSH keys) in the
resulting initrd. This could lead to an information leak when initrd
files were previously created with world-readable permissions. Note: With
this update, only the SSH client configuration, known hosts files, and the
SSH key configured via the newly introduced sshkey option in
"/etc/kdump.conf" are included in the initrd. The default is the key
generated when running the "service kdump propagate" command,
"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

Red Hat would like to thank Kevan Carstensen for reporting these issues.

This updated kexec-tools package also includes numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All users of kexec-tools are advised to upgrade to this updated package,
which resolves these security issues, fixes these bugs and adds these
enhancements.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

662530 - ln: creating symbolic link `/tmp/initrd.ta4308/lib/libc.so.6' to `/lib/power6/libc.so.6': File exists
678308 - kexec kernel crashes due to use of reserved memory range
709622 - Non-portable "while" loop form used
716439 - CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
748319 - fsck: WARNING: couldn't open /etc/fstab: No such file or directory

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kexec-tools-1.102pre-154.el5.src.rpm

i386:
kexec-tools-1.102pre-154.el5.i386.rpm
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm

x86_64:
kexec-tools-1.102pre-154.el5.x86_64.rpm
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kexec-tools-1.102pre-154.el5.src.rpm

i386:
kexec-tools-1.102pre-154.el5.i386.rpm
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm

ia64:
kexec-tools-1.102pre-154.el5.ia64.rpm
kexec-tools-debuginfo-1.102pre-154.el5.ia64.rpm

ppc:
kexec-tools-1.102pre-154.el5.ppc64.rpm
kexec-tools-debuginfo-1.102pre-154.el5.ppc64.rpm

s390x:
kexec-tools-1.102pre-154.el5.s390x.rpm
kexec-tools-debuginfo-1.102pre-154.el5.s390x.rpm

x86_64:
kexec-tools-1.102pre-154.el5.x86_64.rpm
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3588.html
https://www.redhat.com/security/data/cve/CVE-2011-3589.html
https://www.redhat.com/security/data/cve/CVE-2011-3590.html
https://access.redhat.com/security/updates/classification/#moderate
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kexec-tools.html#RHSA-2012-0152

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyQMXlSAg2UNWIIRApq/AJ0ZwqFYHbah41BGXco+XPVy8jG9RQCfbf1A
ktTcdfCXzt+fLDHf6wyNNWQ=
=Seoe
-----END PGP SIGNATURE-----

[RHSA-2012:0150-03] Moderate: Red Hat Enterprise Linux 5.8 kernel update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Enterprise Linux 5.8 kernel update
Advisory ID: RHSA-2012:0150-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0150.html
Issue date: 2012-02-21
CVE Names: CVE-2011-1083
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue, address several
hundred bugs, and add numerous enhancements are now available as part of
the ongoing support and maintenance of Red Hat Enterprise Linux version 5.
This is the eighth regular update.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled large, nested epoll structures. A local, unprivileged
user could use this flaw to cause a denial of service. (CVE-2011-1083,
Moderate)

Red Hat would like to thank Nelson Elhage for reporting this issue.

These updated kernel packages include a number of bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All Red Hat Enterprise Linux 5 users are advised to install these updated
packages, which correct these issues and add these enhancements. The system
must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

485173 - kernel/module-verify-sig.c with memory uncleaned bug
516170 - kernel multipath driver behaves badly on medium errors
526862 - [RHEL5 Xen]: Mask out CPU features by default
543064 - No NUMA node hash function found on a EX machine
571737 - Cannot use Quickcam Pro 9000 with Ekiga, fails with "uvcvideo: Failed to query ..."
585935 - Bug in RHEL-5.4/5.5 nfs_access_cache_shrinker
608156 - kernel panic if bonding initialization fails
618317 - RFE: RHEL5 Xen: support online dynamic resize of guest virtual disks
664653 - [5.4] OS cannot recognize DVD disk replace in rescue mode.
668027 - unexpected error message when sending a unsolicited NA from user code
668529 - Spare disk added to a raid1 array by mdadm command is dropped upon next boot.
674663 - vlapic: Fix possible guest tick losing after save/restore
681578 - CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures
681902 - GFS2: Add readahead to sequential directory traversal
683372 - NFS4: Incorrect server behavior when using OPEN call with O_CREATE on a directory on which the process has no WRITE permissions.
688673 - PCI Virtual Function Passthrough - SR-IOV, Paravirt Guest fails to obtain IRQ after reboot
688791 - dropwatch>stop: Waiting for deactivation ack (forever)
691087 - Incorrect values in /proc/sys/vm/dirty_writeback_centises and dirty_expire_centisecs
694625 - Non-responsive scsi target leads to excessive scsi recovery and dm-mp failover time
697021 - Patch needed to allow MTU >1500 on vif prior to connecting to bridge
698842 - kvmclock: MP-BIOS bug: 8254 timer not connected to IO-APIC
698928 - VLAN interface with changed MAC address fails to communicate
700565 - RHEL6.1 32bit xen hvm guest crash randomly
700752 - 32-bit PV guest crash on restore on x64_86 host
700886 - RHEL5.6 TSC used as default clock source on multi-chassis system
703150 - multiple resource leaks on error paths in blkfront and netfront
703505 - 300 seconds time shift in vdso version of clock_gettime()
704921 - panic in cifsd code after unexpected lookup error -88.
706339 - open/closed files in cifs mount points
707966 - 2.6.18-238.1.1.el5 or newer won't boot under Xen HVM due to linux-2.6-virt-nmi-don-t-print-nmi-stuck-messages-on-guests.patch
709271 - net.ipv6.conf.default.dad_transmits has no effect on tentative IPv6 addresses
709515 - Kernel panic at nfs4_callback_compound+0x2dd
711070 - mask the SMEP bit for PV, do the same or backport SMEP emulation for HVM
712439 - Backport "x86: extend debug key 't' to collect useful clock skew info"
712440 - Backport "vmx: Print advanced features during boot"
712441 - Backport "x86/hvm: fix off-by-one errors in vcpuid range checks"
713702 - pull missing fixes from upstream x86_emulate()
714053 - couple nice-to-have xen hypervisor patches
714670 - TCP_CRR and concurrent TCP stream tests over IPv6 sometime fails on rhel5.7
715501 - ext4: Don't error out the fs if the user tries to make a file too big
716834 - 'dmesg' command is swamped with the message: pci_set_power_state(): 0000:05:05.0: state=3, current state=5
717434 - Unable to attach a cdrom device to guest domain
717850 - miss xmit_hash_policy=layer2+3 in modinfo bonding output
718232 - [xfs] mis-sized O_DIRECT I/O results in hung task timeouts
718641 - Can't change lacp_rate in bonding mode=802.3ad
718988 - [EL5.7] igb: failed to activate WOL on 2nd LAN port on i350
720347 - RHEL 6.1 Xen paravirt guest is getting network outage during live migration (host side)
720551 - xfs_error_report() oops when passed-in mp is NULL
720936 - Windows guests may hang/BSOD on some AMD processors.
720986 - vlapic: backport EOI fast path
723755 - win2003 i386 guest BSOD when created with e1000 nic
728508 - Huge performance regression in NFS client
729261 - ext3/ext4 mbcache causes high CPU load
732752 - exclude VMX_PROCBASED_CTL2 from the MSRs a VMX guest is allowed to access
733416 - netfront MTU drops to 1500 after domain migration
734708 - xen modules - unable to handle kernel NULL pointer dereference
734900 - Panic, NMI Watchdog detected LOCKUP on CPU 6
735477 - nfs4_getfacl decoding causes kernel oops
740203 - Host crash when pass-through fails
740299 - [RTC] - The ioctl RTC_IRPQ_READ doesn't return the correct value
742880 - [RFE] backport Xen watchdog (hypervisor side only)
752626 - BNX2I: Fixed the endian on TTT for NOP out transmission
753729 - system cannot suspend with "stopping tasks timed out - bnx2i_thread/0 remaining"
771592 - Install RHEV-H to virtual machine cause VM kernel panic when boot
772578 - [ALL LANG] [anaconda] The installation halted when clicking 'Skip' button (select 'Skip entering Installation Number')

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.el5.src.rpm

i386:
kernel-2.6.18-308.el5.i686.rpm
kernel-PAE-2.6.18-308.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-308.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.el5.i686.rpm
kernel-debug-2.6.18-308.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-308.el5.i686.rpm
kernel-debug-devel-2.6.18-308.el5.i686.rpm
kernel-debuginfo-2.6.18-308.el5.i686.rpm
kernel-debuginfo-common-2.6.18-308.el5.i686.rpm
kernel-devel-2.6.18-308.el5.i686.rpm
kernel-headers-2.6.18-308.el5.i386.rpm
kernel-xen-2.6.18-308.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-308.el5.i686.rpm
kernel-xen-devel-2.6.18-308.el5.i686.rpm

noarch:
kernel-doc-2.6.18-308.el5.noarch.rpm

x86_64:
kernel-2.6.18-308.el5.x86_64.rpm
kernel-debug-2.6.18-308.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-308.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.el5.x86_64.rpm
kernel-debuginfo-2.6.18-308.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm
kernel-devel-2.6.18-308.el5.x86_64.rpm
kernel-headers-2.6.18-308.el5.x86_64.rpm
kernel-xen-2.6.18-308.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-308.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.el5.src.rpm

i386:
kernel-2.6.18-308.el5.i686.rpm
kernel-PAE-2.6.18-308.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-308.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.el5.i686.rpm
kernel-debug-2.6.18-308.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-308.el5.i686.rpm
kernel-debug-devel-2.6.18-308.el5.i686.rpm
kernel-debuginfo-2.6.18-308.el5.i686.rpm
kernel-debuginfo-common-2.6.18-308.el5.i686.rpm
kernel-devel-2.6.18-308.el5.i686.rpm
kernel-headers-2.6.18-308.el5.i386.rpm
kernel-xen-2.6.18-308.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-308.el5.i686.rpm
kernel-xen-devel-2.6.18-308.el5.i686.rpm

ia64:
kernel-2.6.18-308.el5.ia64.rpm
kernel-debug-2.6.18-308.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-308.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.el5.ia64.rpm
kernel-debuginfo-2.6.18-308.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-308.el5.ia64.rpm
kernel-devel-2.6.18-308.el5.ia64.rpm
kernel-headers-2.6.18-308.el5.ia64.rpm
kernel-xen-2.6.18-308.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-308.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-308.el5.noarch.rpm

ppc:
kernel-2.6.18-308.el5.ppc64.rpm
kernel-debug-2.6.18-308.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-308.el5.ppc64.rpm
kernel-debug-devel-2.6.18-308.el5.ppc64.rpm
kernel-debuginfo-2.6.18-308.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-308.el5.ppc64.rpm
kernel-devel-2.6.18-308.el5.ppc64.rpm
kernel-headers-2.6.18-308.el5.ppc.rpm
kernel-headers-2.6.18-308.el5.ppc64.rpm
kernel-kdump-2.6.18-308.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-308.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-308.el5.ppc64.rpm

s390x:
kernel-2.6.18-308.el5.s390x.rpm
kernel-debug-2.6.18-308.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-308.el5.s390x.rpm
kernel-debug-devel-2.6.18-308.el5.s390x.rpm
kernel-debuginfo-2.6.18-308.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-308.el5.s390x.rpm
kernel-devel-2.6.18-308.el5.s390x.rpm
kernel-headers-2.6.18-308.el5.s390x.rpm
kernel-kdump-2.6.18-308.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-308.el5.s390x.rpm
kernel-kdump-devel-2.6.18-308.el5.s390x.rpm

x86_64:
kernel-2.6.18-308.el5.x86_64.rpm
kernel-debug-2.6.18-308.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-308.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.el5.x86_64.rpm
kernel-debuginfo-2.6.18-308.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm
kernel-devel-2.6.18-308.el5.x86_64.rpm
kernel-headers-2.6.18-308.el5.x86_64.rpm
kernel-xen-2.6.18-308.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-308.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1083.html
https://access.redhat.com/security/updates/classification/#moderate
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kernel.html#RHSA-2012-0150

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyRGXlSAg2UNWIIRArL8AJ4p5o/4QRlcwsYv1Qg91KI+8qsrqwCeM1ks
+b77f5VxTGHGM3BoAB80Ymc=
=wl+4
-----END PGP SIGNATURE-----

[RHSA-2012:0302-03] Low: cups security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: cups security and bug fix update
Advisory ID: RHSA-2012:0302-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0302.html
Issue date: 2012-02-21
CVE Names: CVE-2011-2896
=====================================================================

1. Summary:

Updated cups packages that fix one security issue and various bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for Linux, UNIX, and similar operating systems.

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)
decompression algorithm implementation used by the CUPS GIF image format
reader. An attacker could create a malicious GIF image file that, when
printed, could possibly cause CUPS to crash or, potentially, execute
arbitrary code with the privileges of the "lp" user. (CVE-2011-2896)

This update also fixes the following bugs:

* Prior to this update, the "Show Completed Jobs," "Show All Jobs," and
"Show Active Jobs" buttons returned results globally across all printers
and not the results for the specified printer. With this update, jobs from
only the selected printer are shown. (BZ#625900)

* Prior to this update, the code of the serial backend contained a wrong
condition. As a consequence, print jobs on the raw print queue could not be
canceled. This update modifies the condition in the serial backend code.
Now, the user can cancel these print jobs. (BZ#625955)

* Prior to this update, the textonly filter did not work if used as a pipe,
for example when the command line did not specify the filename and the
number of copies was always 1. This update modifies the condition in the
textonly filter. Now, the data are sent to the printer regardless of the
number of copies specified. (BZ#660518)

* Prior to this update, the file descriptor count increased until it ran
out of resources when the cups daemon was running with enabled
Security-Enhanced Linux (SELinux) features. With this update, all resources
are allocated only once. (BZ#668009)

* Prior to this update, CUPS incorrectly handled the en_US.ASCII value for
the LANG environment variable. As a consequence, the lpadmin, lpstat, and
lpinfo binaries failed to write to standard output if using LANG with the
value. This update fixes the handling of the en_US.ASCII value and the
binaries now write to standard output properly. (BZ#759081)

All users of cups are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the cupsd daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

625900 - STR #3436: Jobs buttons not working correctly when viewing a specific printer
625955 - Serial back end has inverted SIGTERM block
660518 - textonly filter won't work as a pipe with copies=1
668009 - avc calls leak file descriptors
727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5.src.rpm

i386:
cups-1.3.7-30.el5.i386.rpm
cups-debuginfo-1.3.7-30.el5.i386.rpm
cups-libs-1.3.7-30.el5.i386.rpm
cups-lpd-1.3.7-30.el5.i386.rpm

x86_64:
cups-1.3.7-30.el5.x86_64.rpm
cups-debuginfo-1.3.7-30.el5.i386.rpm
cups-debuginfo-1.3.7-30.el5.x86_64.rpm
cups-libs-1.3.7-30.el5.i386.rpm
cups-libs-1.3.7-30.el5.x86_64.rpm
cups-lpd-1.3.7-30.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5.src.rpm

i386:
cups-debuginfo-1.3.7-30.el5.i386.rpm
cups-devel-1.3.7-30.el5.i386.rpm

x86_64:
cups-debuginfo-1.3.7-30.el5.i386.rpm
cups-debuginfo-1.3.7-30.el5.x86_64.rpm
cups-devel-1.3.7-30.el5.i386.rpm
cups-devel-1.3.7-30.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.3.7-30.el5.src.rpm

i386:
cups-1.3.7-30.el5.i386.rpm
cups-debuginfo-1.3.7-30.el5.i386.rpm
cups-devel-1.3.7-30.el5.i386.rpm
cups-libs-1.3.7-30.el5.i386.rpm
cups-lpd-1.3.7-30.el5.i386.rpm

ia64:
cups-1.3.7-30.el5.ia64.rpm
cups-debuginfo-1.3.7-30.el5.i386.rpm
cups-debuginfo-1.3.7-30.el5.ia64.rpm
cups-devel-1.3.7-30.el5.ia64.rpm
cups-libs-1.3.7-30.el5.i386.rpm
cups-libs-1.3.7-30.el5.ia64.rpm
cups-lpd-1.3.7-30.el5.ia64.rpm

ppc:
cups-1.3.7-30.el5.ppc.rpm
cups-debuginfo-1.3.7-30.el5.ppc.rpm
cups-debuginfo-1.3.7-30.el5.ppc64.rpm
cups-devel-1.3.7-30.el5.ppc.rpm
cups-devel-1.3.7-30.el5.ppc64.rpm
cups-libs-1.3.7-30.el5.ppc.rpm
cups-libs-1.3.7-30.el5.ppc64.rpm
cups-lpd-1.3.7-30.el5.ppc.rpm

s390x:
cups-1.3.7-30.el5.s390x.rpm
cups-debuginfo-1.3.7-30.el5.s390.rpm
cups-debuginfo-1.3.7-30.el5.s390x.rpm
cups-devel-1.3.7-30.el5.s390.rpm
cups-devel-1.3.7-30.el5.s390x.rpm
cups-libs-1.3.7-30.el5.s390.rpm
cups-libs-1.3.7-30.el5.s390x.rpm
cups-lpd-1.3.7-30.el5.s390x.rpm

x86_64:
cups-1.3.7-30.el5.x86_64.rpm
cups-debuginfo-1.3.7-30.el5.i386.rpm
cups-debuginfo-1.3.7-30.el5.x86_64.rpm
cups-devel-1.3.7-30.el5.i386.rpm
cups-devel-1.3.7-30.el5.x86_64.rpm
cups-libs-1.3.7-30.el5.i386.rpm
cups-libs-1.3.7-30.el5.x86_64.rpm
cups-lpd-1.3.7-30.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-2896.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyUZXlSAg2UNWIIRAmioAJ9gBk6Poy7RE22h7TKkzGLF98r4AACdFi4C
4f1Ci++Q+rq+4dall0u/lSw=
=YJGy
-----END PGP SIGNATURE-----

[RHSA-2012:0151-03] Moderate: conga security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: conga security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0151-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0151.html
Issue date: 2012-02-21
CVE Names: CVE-2010-1104 CVE-2011-1948
=====================================================================

1. Summary:

Updated conga packages that fix multiple security issues, several bugs,
and add one enhancement are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64

3. Description:

The conga packages provide a web-based administration tool for remote
cluster and storage management.

Multiple cross-site scripting (XSS) flaws were found in luci, the conga
web-based administration application. If a remote attacker could trick a
user, who was logged into the luci interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's luci session. (CVE-2010-1104, CVE-2011-1948)

These updated conga packages include several bug fixes and an enhancement.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to
in the References, for information on the most significant of these
changes.

Users of conga are advised to upgrade to these updated packages, which
correct these issues and add this enhancement. After installing the updated
packages, luci must be restarted ("service luci restart") for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

577019 - CVE-2010-1104 zope: XSS on error page
711494 - CVE-2011-1948 plone: A reflected cross site scripting vulnerability
723188 - Luci does not allow to modify __max_restarts and __restart_expire_time for independent subtrees, only for non-critical resources.
755935 - luci_admin man page is misleading
755941 - luci_admin restore is not consistent

6. Package List:

RHEL Clustering (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/conga-0.12.2-51.el5.src.rpm

i386:
conga-debuginfo-0.12.2-51.el5.i386.rpm
luci-0.12.2-51.el5.i386.rpm
ricci-0.12.2-51.el5.i386.rpm

ia64:
conga-debuginfo-0.12.2-51.el5.ia64.rpm
luci-0.12.2-51.el5.ia64.rpm
ricci-0.12.2-51.el5.ia64.rpm

ppc:
conga-debuginfo-0.12.2-51.el5.ppc.rpm
luci-0.12.2-51.el5.ppc.rpm
ricci-0.12.2-51.el5.ppc.rpm

x86_64:
conga-debuginfo-0.12.2-51.el5.x86_64.rpm
luci-0.12.2-51.el5.x86_64.rpm
ricci-0.12.2-51.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-1104.html
https://www.redhat.com/security/data/cve/CVE-2011-1948.html
https://access.redhat.com/security/updates/classification/#moderate
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/conga.html#RHSA-2012-0151

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyQjXlSAg2UNWIIRAmheAJ9lWpArqKMvkLzFk1ZlU49LDr9w7gCgsxQh
sjP8ZhSerATxxN1KP2qAzys=
=0qIh
-----END PGP SIGNATURE-----

[RHSA-2012:0305-03] Low: boost security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: boost security and bug fix update
Advisory ID: RHSA-2012:0305-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0305.html
Issue date: 2012-02-21
CVE Names: CVE-2008-0171 CVE-2008-0172
=====================================================================

1. Summary:

Updated boost packages that fix two security issues and two bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++ Standard
Library.

Invalid pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker able
to make an application using the Boost library process a specially-crafted
regular expression could cause that application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2008-0171)

NULL pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker able
to make an application using the Boost library process a specially-crafted
regular expression could cause that application to crash. (CVE-2008-0172)

Red Hat would like to thank Will Drewry for reporting these issues.

This update also fixes the following bugs:

* Prior to this update, the construction of a regular expression object
could fail when several regular expression objects were created
simultaneously, such as in a multi-threaded program. With this update, the
object variables have been moved from the shared memory to the stack. Now,
the constructing function is thread safe. (BZ#472384)

* Prior to this update, header files in several Boost libraries contained
preprocessor directives that the GNU Compiler Collection (GCC) 4.4 could
not handle. This update instead uses equivalent constructs that are
standard C. (BZ#567722)

All users of boost are advised to upgrade to these updated packages, which
fix these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

428316 - CVE-2008-0171 boost regular expression memory corruption flaws
428320 - CVE-2008-0172 boost regular expression NULL dereference flaw
472384 - Thread-safety bug in Boost.Regex-1.33.x
567722 - g++4.4 incompatible with numeric/ublas/matrix_sparse.hpp

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/boost-1.33.1-15.el5.src.rpm

i386:
boost-1.33.1-15.el5.i386.rpm
boost-debuginfo-1.33.1-15.el5.i386.rpm
boost-doc-1.33.1-15.el5.i386.rpm

x86_64:
boost-1.33.1-15.el5.i386.rpm
boost-1.33.1-15.el5.x86_64.rpm
boost-debuginfo-1.33.1-15.el5.i386.rpm
boost-debuginfo-1.33.1-15.el5.x86_64.rpm
boost-doc-1.33.1-15.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/boost-1.33.1-15.el5.src.rpm

i386:
boost-debuginfo-1.33.1-15.el5.i386.rpm
boost-devel-1.33.1-15.el5.i386.rpm

x86_64:
boost-debuginfo-1.33.1-15.el5.i386.rpm
boost-debuginfo-1.33.1-15.el5.x86_64.rpm
boost-devel-1.33.1-15.el5.i386.rpm
boost-devel-1.33.1-15.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/boost-1.33.1-15.el5.src.rpm

i386:
boost-1.33.1-15.el5.i386.rpm
boost-debuginfo-1.33.1-15.el5.i386.rpm
boost-devel-1.33.1-15.el5.i386.rpm
boost-doc-1.33.1-15.el5.i386.rpm

ia64:
boost-1.33.1-15.el5.ia64.rpm
boost-debuginfo-1.33.1-15.el5.ia64.rpm
boost-devel-1.33.1-15.el5.ia64.rpm
boost-doc-1.33.1-15.el5.ia64.rpm

ppc:
boost-1.33.1-15.el5.ppc.rpm
boost-1.33.1-15.el5.ppc64.rpm
boost-debuginfo-1.33.1-15.el5.ppc.rpm
boost-debuginfo-1.33.1-15.el5.ppc64.rpm
boost-devel-1.33.1-15.el5.ppc.rpm
boost-devel-1.33.1-15.el5.ppc64.rpm
boost-doc-1.33.1-15.el5.ppc.rpm

s390x:
boost-1.33.1-15.el5.s390.rpm
boost-1.33.1-15.el5.s390x.rpm
boost-debuginfo-1.33.1-15.el5.s390.rpm
boost-debuginfo-1.33.1-15.el5.s390x.rpm
boost-devel-1.33.1-15.el5.s390.rpm
boost-devel-1.33.1-15.el5.s390x.rpm
boost-doc-1.33.1-15.el5.s390x.rpm

x86_64:
boost-1.33.1-15.el5.i386.rpm
boost-1.33.1-15.el5.x86_64.rpm
boost-debuginfo-1.33.1-15.el5.i386.rpm
boost-debuginfo-1.33.1-15.el5.x86_64.rpm
boost-devel-1.33.1-15.el5.i386.rpm
boost-devel-1.33.1-15.el5.x86_64.rpm
boost-doc-1.33.1-15.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-0171.html
https://www.redhat.com/security/data/cve/CVE-2008-0172.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyRkXlSAg2UNWIIRAroBAKCGEZXW23BE8E+qdfRmVpWrNWAzSwCfeKtZ
/sGenut9thSZYPwT80Z7El8=
=bh8D
-----END PGP SIGNATURE-----

[RHSA-2012:0306-03] Low: krb5 security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: krb5 security and bug fix update
Advisory ID: RHSA-2012:0306-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0306.html
Issue date: 2012-02-21
CVE Names: CVE-2011-1526
=====================================================================

1. Summary:

Updated krb5 packages that fix one security issue and various bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).

It was found that ftpd, a Kerberos-aware FTP server, did not properly drop
privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check
for the potential failure of the effective group ID change system call. If
the group ID change failed, a remote FTP user could use this flaw to gain
unauthorized read or write access to files that are owned by the root
group. (CVE-2011-1526)

Red Hat would like to thank the MIT Kerberos project for reporting this
issue. Upstream acknowledges Tim Zingelman as the original reporter.

This update also fixes the following bugs:

* Due to a mistake in the Kerberos libraries, a client could fail to
contact a Key Distribution Center (KDC) or terminate unexpectedly if the
client had already more than 1024 file descriptors in use. This update
backports modifications to the Kerberos libraries and the libraries use
the poll() function instead of the select() function, as poll() does not
have this limitation. (BZ#701444)

* The KDC failed to release memory when processing a TGS (ticket-granting
server) request from a client if the client request included an
authenticator with a subkey. As a result, the KDC consumed an excessive
amount of memory. With this update, the code releasing the memory has been
added and the problem no longer occurs. (BZ#708516)

* Under certain circumstances, if services requiring Kerberos
authentication sent two authentication requests to the authenticating
server, the second authentication request was flagged as a replay attack.
As a result, the second authentication attempt was denied. This update
applies an upstream patch that fixes this bug. (BZ#713500)

* Previously, if Kerberos credentials had expired, the klist command could
terminate unexpectedly with a segmentation fault when invoked with the -s
option. This happened when klist encountered and failed to process an entry
with no realm name while scanning the credential cache. With this update,
the underlying code has been modified and the command handles such entries
correctly. (BZ#729067)

* Due to a regression, multi-line FTP macros terminated prematurely with a
segmentation fault. This occurred because the previously-added patch failed
to properly support multi-line macros. This update restores the support for
multi-line macros and the problem no longer occurs. (BZ#735363, BZ#736132)

All users of krb5 are advised to upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

701444 - Fix libkrb5 to work when > 1024 file descriptors are in use
708516 - memory leak during kdc TGS request
711419 - CVE-2011-1526 krb5, krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)
729067 - klist -s segfaults with expired credentials
750823 - Newly introduced defect into krb5

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.6.1-70.el5.src.rpm

i386:
krb5-debuginfo-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-workstation-1.6.1-70.el5.i386.rpm

x86_64:
krb5-debuginfo-1.6.1-70.el5.i386.rpm
krb5-debuginfo-1.6.1-70.el5.x86_64.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.x86_64.rpm
krb5-workstation-1.6.1-70.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.6.1-70.el5.src.rpm

i386:
krb5-debuginfo-1.6.1-70.el5.i386.rpm
krb5-devel-1.6.1-70.el5.i386.rpm
krb5-server-1.6.1-70.el5.i386.rpm
krb5-server-ldap-1.6.1-70.el5.i386.rpm

x86_64:
krb5-debuginfo-1.6.1-70.el5.i386.rpm
krb5-debuginfo-1.6.1-70.el5.x86_64.rpm
krb5-devel-1.6.1-70.el5.i386.rpm
krb5-devel-1.6.1-70.el5.x86_64.rpm
krb5-server-1.6.1-70.el5.x86_64.rpm
krb5-server-ldap-1.6.1-70.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/krb5-1.6.1-70.el5.src.rpm

i386:
krb5-debuginfo-1.6.1-70.el5.i386.rpm
krb5-devel-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-server-1.6.1-70.el5.i386.rpm
krb5-server-ldap-1.6.1-70.el5.i386.rpm
krb5-workstation-1.6.1-70.el5.i386.rpm

ia64:
krb5-debuginfo-1.6.1-70.el5.i386.rpm
krb5-debuginfo-1.6.1-70.el5.ia64.rpm
krb5-devel-1.6.1-70.el5.ia64.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.ia64.rpm
krb5-server-1.6.1-70.el5.ia64.rpm
krb5-server-ldap-1.6.1-70.el5.ia64.rpm
krb5-workstation-1.6.1-70.el5.ia64.rpm

ppc:
krb5-debuginfo-1.6.1-70.el5.ppc.rpm
krb5-debuginfo-1.6.1-70.el5.ppc64.rpm
krb5-devel-1.6.1-70.el5.ppc.rpm
krb5-devel-1.6.1-70.el5.ppc64.rpm
krb5-libs-1.6.1-70.el5.ppc.rpm
krb5-libs-1.6.1-70.el5.ppc64.rpm
krb5-server-1.6.1-70.el5.ppc.rpm
krb5-server-ldap-1.6.1-70.el5.ppc.rpm
krb5-workstation-1.6.1-70.el5.ppc.rpm

s390x:
krb5-debuginfo-1.6.1-70.el5.s390.rpm
krb5-debuginfo-1.6.1-70.el5.s390x.rpm
krb5-devel-1.6.1-70.el5.s390.rpm
krb5-devel-1.6.1-70.el5.s390x.rpm
krb5-libs-1.6.1-70.el5.s390.rpm
krb5-libs-1.6.1-70.el5.s390x.rpm
krb5-server-1.6.1-70.el5.s390x.rpm
krb5-server-ldap-1.6.1-70.el5.s390x.rpm
krb5-workstation-1.6.1-70.el5.s390x.rpm

x86_64:
krb5-debuginfo-1.6.1-70.el5.i386.rpm
krb5-debuginfo-1.6.1-70.el5.x86_64.rpm
krb5-devel-1.6.1-70.el5.i386.rpm
krb5-devel-1.6.1-70.el5.x86_64.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.x86_64.rpm
krb5-server-1.6.1-70.el5.x86_64.rpm
krb5-server-ldap-1.6.1-70.el5.x86_64.rpm
krb5-workstation-1.6.1-70.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1526.html
https://access.redhat.com/security/updates/classification/#low
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyNqXlSAg2UNWIIRAp5dAKDA7lUaUiUGF//stQQ4uVUoI9ovlgCdFfCs
odSE4hVfYjWSJazvR3Zb0jc=
=s8Va
-----END PGP SIGNATURE-----

[RHSA-2012:0307-03] Low: util-linux security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: util-linux security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0307-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0307.html
Issue date: 2012-02-21
Keywords: fdisk fsfreeze blockdev ipc
CVE Names: CVE-2011-1675 CVE-2011-1677
=====================================================================

1. Summary:

An updated util-linux package that fixes multiple security issues, various
bugs, and adds two enhancements is now available for Red Hat
Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among others,
util-linux contains the fdisk configuration tool and the login program.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use these
flaws to corrupt the mtab file and create a stale lock file, preventing
other users from mounting and unmounting file systems. (CVE-2011-1675,
CVE-2011-1677)

This update also fixes the following bugs:

* When the user logged into a telnet server, the login utility did not
update the utmp database properly if the utility was executed from the
telnetd daemon. This was due to telnetd not creating an appropriate entry
in a utmp file before executing login. With this update, correct entries
are created and the database is updated properly. (BZ#646300)

* Various options were not described on the blockdev(8) manual page. With
this update, the blockdev(8) manual page includes all the relevant options.
(BZ#650937)

* Prior to this update, the build process of the util-linux package failed
in the po directory with the following error message: "@MKINSTALLDIRS@:
No such file or directory". An upstream patch has been applied to address
this issue, and the util-linux package now builds successfully. (BZ#677452)

* Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid
option, "-b". With this update, only valid options are listed on those
manual pages. (BZ#678407)

* Previously, the mount(8) manual page contained incomplete information
about the ext4 and XFS file systems. With this update, the mount(8) manual
page contains the missing information. (BZ#699639)

In addition, this update adds the following enhancements:

* Previously, if DOS mode was enabled on a device, the fdisk utility could
report error messages similar to the following:

Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(0, 1, 1) logical=(0, 2, 7)

This update enables users to switch off DOS compatible mode (by specifying
the "-c" option), and such error messages are no longer displayed.
(BZ#678430)

* This update adds the "fsfreeze" command which halts access to a file
system on a disk. (BZ#726572)

All users of util-linux are advised to upgrade to this updated package,
which contains backported patches to correct these issues and add these
enhancements.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

646300 - login doesn't update /var/run/utmp properly
650937 - blockdev man page missing information
677452 - util-linux fails to build with gettext-0.17
678407 - [RHEL 5] ipcs and ipcrm in wrong man section
695916 - CVE-2011-1675 util-linux: mount fails to anticipate RLIMIT_FSIZE
695924 - CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file
699639 - mount man page is missing support for ext4/xfs

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/util-linux-2.13-0.59.el5.src.rpm

i386:
util-linux-2.13-0.59.el5.i386.rpm
util-linux-debuginfo-2.13-0.59.el5.i386.rpm

x86_64:
util-linux-2.13-0.59.el5.x86_64.rpm
util-linux-debuginfo-2.13-0.59.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/util-linux-2.13-0.59.el5.src.rpm

i386:
util-linux-2.13-0.59.el5.i386.rpm
util-linux-debuginfo-2.13-0.59.el5.i386.rpm

ia64:
util-linux-2.13-0.59.el5.ia64.rpm
util-linux-debuginfo-2.13-0.59.el5.ia64.rpm

ppc:
util-linux-2.13-0.59.el5.ppc.rpm
util-linux-debuginfo-2.13-0.59.el5.ppc.rpm

s390x:
util-linux-2.13-0.59.el5.s390x.rpm
util-linux-debuginfo-2.13-0.59.el5.s390x.rpm

x86_64:
util-linux-2.13-0.59.el5.x86_64.rpm
util-linux-debuginfo-2.13-0.59.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1675.html
https://www.redhat.com/security/data/cve/CVE-2011-1677.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyNEXlSAg2UNWIIRAlBTAKC7wU9LA81evd44RyV9FwsPwG2EPwCcCHvh
dthhpih+YRya55EStW9wwuA=
=7bun
-----END PGP SIGNATURE-----

[RHSA-2012:0308-03] Low: busybox security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: busybox security and bug fix update
Advisory ID: RHSA-2012:0308-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0308.html
Issue date: 2012-02-21
CVE Names: CVE-2006-1168 CVE-2011-2716
=====================================================================

1. Summary:

Updated busybox packages that fix two security issues and two bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially-crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user running
BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option's value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. (CVE-2011-2716)

This update also fixes the following bugs:

* Prior to this update, the cp command wrongly returned the exit code 0 to
indicate success if a device ran out of space while attempting to copy
files of more than 4 gigabytes. This update modifies BusyBox, so that in
such situations, the exit code 1 is returned. Now, the cp command shows
correctly whether a process failed. (BZ#689659)

* Prior to this update, the findfs command failed to check all existing
block devices on a system with thousands of block device nodes in "/dev/".
This update modifies BusyBox so that findfs checks all block devices even
in this case. (BZ#756723)

All users of busybox are advised to upgrade to these updated packages,
which correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

201919 - CVE-2006-1168 ncompress: .bss buffer underflow in decompression
689659 - "busybox cp" does not return a correct exit code when "No space left on device"
725364 - CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/busybox-1.2.0-13.el5.src.rpm

i386:
busybox-1.2.0-13.el5.i386.rpm
busybox-anaconda-1.2.0-13.el5.i386.rpm

x86_64:
busybox-1.2.0-13.el5.x86_64.rpm
busybox-anaconda-1.2.0-13.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/busybox-1.2.0-13.el5.src.rpm

i386:
busybox-1.2.0-13.el5.i386.rpm
busybox-anaconda-1.2.0-13.el5.i386.rpm

ia64:
busybox-1.2.0-13.el5.ia64.rpm
busybox-anaconda-1.2.0-13.el5.ia64.rpm

ppc:
busybox-1.2.0-13.el5.ppc.rpm
busybox-anaconda-1.2.0-13.el5.ppc.rpm

s390x:
busybox-1.2.0-13.el5.s390x.rpm
busybox-anaconda-1.2.0-13.el5.s390x.rpm

x86_64:
busybox-1.2.0-13.el5.x86_64.rpm
busybox-anaconda-1.2.0-13.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2006-1168.html
https://www.redhat.com/security/data/cve/CVE-2011-2716.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyMjXlSAg2UNWIIRAtsmAKCHQFq9zIBT1ytvuju+KpmtBHW4/gCeNg/5
E12Zm9ZS69gQP9qN8MdudeU=
=DWg5
-----END PGP SIGNATURE-----

[RHSA-2012:0312-03] Low: initscripts security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: initscripts security and bug fix update
Advisory ID: RHSA-2012:0312-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0312.html
Issue date: 2012-02-21
CVE Names: CVE-2008-1198
=====================================================================

1. Summary:

An updated initscripts package that fixes one security issue and four bugs
is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The initscripts package contains system scripts to boot your system, change
runlevels, activate and deactivate most network interfaces, and shut the
system down cleanly.

With the default IPsec (Internet Protocol Security) ifup script
configuration, the racoon IKE key management daemon used aggressive IKE
mode instead of main IKE mode. This resulted in the preshared key (PSK)
hash being sent unencrypted, which could make it easier for an attacker
able to sniff network traffic to obtain the plain text PSK from a
transmitted hash. (CVE-2008-1198)

Red Hat would like to thank Aleksander Adamowski for reporting this issue.

This update also fixes the following bugs:

* Prior to this update, the DHCPv6 client was not terminated when the
network service was stopped. This update modifies the source so that the
client is now terminated when stopping the network service. (BZ#568896)

* Prior to this update, on some systems the rm command failed and reported
the error message "rm: cannot remove directory `/var/run/dovecot/login/':
Is a directory" during system boot. This update modifies the source so that
this error message no longer appears. (BZ#679998)

* Prior to this update, the netconsole script could not discover and
resolve the MAC address of the router specified in the
/etc/sysconfig/netconsole file. This update modifies the netconsole script
so that the script no longer fails when the arping tool returns the MAC
address of the router more than once. (BZ#744734)

* Prior to this update, the arp_ip_target was, due to a logic error, not
correctly removed via sysfs. As a consequence, the error "ifdown-eth: line
64: echo: write error: Invalid argument" was reported when attempting to
shut down a bonding device. This update modifies the script so that the
error no longer appears and arp_ip_target is now correctly removed.
(BZ#745681)

All users of initscripts are advised to upgrade to this updated package,
which fixes these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

435274 - CVE-2008-1198 IPSec ifup script allows for aggressive IKE mode
679998 - [REG][5.6] rm command reports an error message during system booting.

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/initscripts-8.45.42-1.el5.src.rpm

i386:
initscripts-8.45.42-1.el5.i386.rpm
initscripts-debuginfo-8.45.42-1.el5.i386.rpm

x86_64:
initscripts-8.45.42-1.el5.x86_64.rpm
initscripts-debuginfo-8.45.42-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/initscripts-8.45.42-1.el5.src.rpm

i386:
initscripts-8.45.42-1.el5.i386.rpm
initscripts-debuginfo-8.45.42-1.el5.i386.rpm

ia64:
initscripts-8.45.42-1.el5.ia64.rpm
initscripts-debuginfo-8.45.42-1.el5.ia64.rpm

ppc:
initscripts-8.45.42-1.el5.ppc.rpm
initscripts-debuginfo-8.45.42-1.el5.ppc.rpm

s390x:
initscripts-8.45.42-1.el5.s390x.rpm
initscripts-debuginfo-8.45.42-1.el5.s390x.rpm

x86_64:
initscripts-8.45.42-1.el5.x86_64.rpm
initscripts-debuginfo-8.45.42-1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-1198.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyEwXlSAg2UNWIIRAhCUAKC16dMn6pWFawh9Ztfbw+oRsH6ksgCfT7Lk
0EPwOwihTvQZOVIpYMuEKcY=
=TejP
-----END PGP SIGNATURE-----

[RHSA-2012:0309-03] Low: sudo security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: sudo security and bug fix update
Advisory ID: RHSA-2012:0309-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0309.html
Issue date: 2012-02-21
CVE Names: CVE-2011-0010
=====================================================================

1. Summary:

An updated sudo package that fixes one security issue and various bugs is
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A flaw was found in the sudo password checking logic. In configurations
where the sudoers settings allowed a user to run a command using sudo
with only the group ID changed, sudo failed to prompt for the user's
password before running the specified command with the elevated group
privileges. (CVE-2011-0010)

In addition, this update fixes the following bugs:

* A NULL pointer dereference bug caused the sudo utility to terminate
unexpectedly with a segmentation fault. This happened if the utility was
run with the -g option and configured not to demand the password from the
user who ran the sudo utility. With this update, the code has been modified
and the problem no longer occurs. (BZ#673072)

* The sudo utility failed to load sudoers from an LDAP (Lightweight
Directory Access Protocol) server after the sudo tool was upgraded. This
happened because the upgraded nsswitch.conf file did not contain the
instruction to search for sudoers on the LDAP server. This update adds the
lost instruction to /etc/nsswitch.conf and the system searches for sources
of sudoers on the local file system and then on LDAP, if applicable.
(BZ#617061)

* The sudo tool interpreted a Runas alias specifying a group incorrectly as
a user alias and the alias seemed to be ignored. With this update, the code
for interpreting such aliases has been modified and the Runas group aliases
are honored as expected. (BZ#627543)

* Prior to this update, sudo did not parse comment characters (#) in the
ldap.conf file correctly and could fail to work. With this update, parsing
of the LDAP configuration file has been modified and the comment characters
are parsed correctly. (BZ#750318)

* The sudo utility formats its output to fit the width of the terminal
window. However, this behavior is undesirable if the output is redirected
through a pipeline. With this update, the output formatting is not applied
in the scenario described. (BZ#697111)

* Previously, the sudo utility performed Security-Enhanced Linux (SELinux)
related initialization after switching to an unprivileged user. This
prevented the correct setup of the SELinux environment before executing the
specified command and could potentially cause an access denial. The bug has
been fixed by backporting the SELinux related code and the execution model
from a newer version of sudo. (BZ#477185)

* On execv(3) function failure, the sudo tool executed an auditing call
before reporting the failure. The call reset the error state and,
consequently, the tool incorrectly reported that the command succeeded.
With this update, the code has been modified and the problem no longer
occurs. (BZ#673157)

All users of sudo are advised to upgrade to this updated package, which
resolves these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

477185 - sudo changes uid before calling SELInux calls, preventing it from setting terminal context when using non priv account
627543 - The Runas_Spec are ignored in sudoers file
668879 - CVE-2011-0010 sudo: does not ask for password on GID changes
673072 - sudo segfault
673157 - sudo fails to report error correctly when execv(3) fails
697111 - sudo -l inserts new lines based on terminal width, causing errors when output is piped.

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sudo-1.7.2p1-13.el5.src.rpm

i386:
sudo-1.7.2p1-13.el5.i386.rpm
sudo-debuginfo-1.7.2p1-13.el5.i386.rpm

x86_64:
sudo-1.7.2p1-13.el5.x86_64.rpm
sudo-debuginfo-1.7.2p1-13.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sudo-1.7.2p1-13.el5.src.rpm

i386:
sudo-1.7.2p1-13.el5.i386.rpm
sudo-debuginfo-1.7.2p1-13.el5.i386.rpm

ia64:
sudo-1.7.2p1-13.el5.ia64.rpm
sudo-debuginfo-1.7.2p1-13.el5.ia64.rpm

ppc:
sudo-1.7.2p1-13.el5.ppc.rpm
sudo-debuginfo-1.7.2p1-13.el5.ppc.rpm

s390x:
sudo-1.7.2p1-13.el5.s390x.rpm
sudo-debuginfo-1.7.2p1-13.el5.s390x.rpm

x86_64:
sudo-1.7.2p1-13.el5.x86_64.rpm
sudo-debuginfo-1.7.2p1-13.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0010.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyMDXlSAg2UNWIIRAn42AKCtVY7KQJSk2HpwSOuZfu9PjSRqvACgt3n2
HmtBMRhdgnVA/HlM2stOxd8=
=AyyQ
-----END PGP SIGNATURE-----

[RHSA-2012:0311-03] Low: ibutils security and bug fix update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: ibutils security and bug fix update
Advisory ID: RHSA-2012:0311-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0311.html
Issue date: 2012-02-21
CVE Names: CVE-2008-3277
=====================================================================

1. Summary:

Updated ibutils packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64

3. Description:

The ibutils packages provide InfiniBand network and path diagnostics.

It was found that the ibmssh executable had an insecure relative RPATH
(runtime library search path) set in the ELF (Executable and Linking
Format) header. A local user able to convince another user to run ibmssh in
an attacker-controlled directory could run arbitrary code with the
privileges of the victim. (CVE-2008-3277)

This update also fixes the following bug:

* Under certain circumstances, the "ibdiagnet -r" command could suffer from
memory corruption and terminate with a "double free or corruption" message
and a backtrace. With this update, the correct memory management function
is used to prevent the corruption. (BZ#711779)

All users of ibutils are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

457935 - CVE-2008-3277 ibutils: insecure relative RPATH

6. Package List:

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ibutils-1.2-11.2.el5.src.rpm

i386:
ibutils-1.2-11.2.el5.i386.rpm
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
ibutils-devel-1.2-11.2.el5.i386.rpm
ibutils-libs-1.2-11.2.el5.i386.rpm

x86_64:
ibutils-1.2-11.2.el5.x86_64.rpm
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
ibutils-debuginfo-1.2-11.2.el5.x86_64.rpm
ibutils-devel-1.2-11.2.el5.i386.rpm
ibutils-devel-1.2-11.2.el5.x86_64.rpm
ibutils-libs-1.2-11.2.el5.i386.rpm
ibutils-libs-1.2-11.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ibutils-1.2-11.2.el5.src.rpm

i386:
ibutils-1.2-11.2.el5.i386.rpm
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
ibutils-devel-1.2-11.2.el5.i386.rpm
ibutils-libs-1.2-11.2.el5.i386.rpm

ia64:
ibutils-1.2-11.2.el5.ia64.rpm
ibutils-debuginfo-1.2-11.2.el5.ia64.rpm
ibutils-devel-1.2-11.2.el5.ia64.rpm
ibutils-libs-1.2-11.2.el5.ia64.rpm

ppc:
ibutils-1.2-11.2.el5.ppc.rpm
ibutils-debuginfo-1.2-11.2.el5.ppc.rpm
ibutils-devel-1.2-11.2.el5.ppc.rpm
ibutils-libs-1.2-11.2.el5.ppc.rpm

x86_64:
ibutils-1.2-11.2.el5.x86_64.rpm
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
ibutils-debuginfo-1.2-11.2.el5.x86_64.rpm
ibutils-devel-1.2-11.2.el5.i386.rpm
ibutils-devel-1.2-11.2.el5.x86_64.rpm
ibutils-libs-1.2-11.2.el5.i386.rpm
ibutils-libs-1.2-11.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-3277.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyGlXlSAg2UNWIIRAowyAJ9fPlk5Zs/eQEXqWMOlN1pZehOQ0gCfbNf3
ssgn2xQoERoEDeJqVx88UBg=
=D34Z
-----END PGP SIGNATURE-----

[RHSA-2012:0310-03] Low: nfs-utils security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: nfs-utils security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0310-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0310.html
Issue date: 2012-02-21
CVE Names: CVE-2011-1749
=====================================================================

1. Summary:

An updated nfs-utils package that fixes one security issue, various bugs,
and adds one enhancement is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The nfs-utils package provides a daemon for the kernel Network File System
(NFS) server, and related tools such as the mount.nfs, umount.nfs, and
showmount programs.

It was found that the mount.nfs tool did not handle certain errors
correctly when updating the mtab (mounted file systems table) file. A
local attacker could use this flaw to corrupt the mtab file.
(CVE-2011-1749)

This update also fixes the following bugs:

* The nfs service failed to start if the NFSv1, NFSv2, and NFSv4 support
was disabled (the MOUNTD_NFS_V1="no", MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no"
lines in /etc/sysconfig/nfs were uncommented) because the mountd daemon
failed to handle the settings correctly. With this update, the underlying
code has been modified and the nfs service starts successfully in the
described scenario. (BZ#529588)

* When a user's Kerberos ticket expired, the "sh rpc.gssd" messages flooded
the /var/log/messages file. With this update, the excessive logging has
been suppressed. (BZ#593097)

* The crash simulation (SM_SIMU_CRASH) of the rpc.statd service had a
vulnerability that could be detected by ISS (Internet Security Scanner). As
a result, the rpc.statd service terminated unexpectedly with the following
error after an ISS scan:

rpc.statd[xxxx]: recv_rply: can't decode RPC message!
rpc.statd[xxxx]: *** SIMULATING CRASH! ***
rpc.statd[xxxx]: unable to register (statd, 1, udp).

However, the rpc.statd service ignored SM_SIMU_CRASH. This update removes
the simulation crash support from the service and the problem no longer
occurs. (BZ#600497)

* The nfs-utils init scripts returned incorrect status codes in the
following cases: if the rpcgssd and rpcsvcgssd daemon were not configured,
were provided an unknown argument, their function call failed, if a program
was no longer running and a /var/lock/subsys/$SERVICE file existed, if
starting a service under an unprivileged user, if a program was no longer
running and its pid file still existed in the /var/run/ directory. With
this update, the correct codes are returned in these scenarios. (BZ#710020)

* The "nfsstat -m" command did not display NFSv4 mounts. With this update,
the underlying code has been modified and the command returns the list of
all mounts, including any NFSv4 mounts, as expected. (BZ#712438)

* Previously, the nfs manual pages described the fsc mount option; however,
this option is not supported. This update removes the option description
from the manual pages. (BZ#715523)

* The nfs-utils preinstall scriptlet failed to change the default group ID
for the nfsnobody user to 65534. This update modifies the preinstall
scriptlet and the default group ID is changed to 65534 after nfs-utils
upgrade as expected. (BZ#729603)

* The mount.nfs command with the "-o retry" option did not try to mount for
the time specified in the "retry=X" configuration option. This occurred due
to incorrect error handling by the command. With this update, the
underlying code has been fixed and the "-o retry" option works as expected.
(BZ#736677)

In addition, this update adds the following enhancement:

* The noresvport option, which allows NFS clients to use insecure ports
(ports above 1023), has been added to the NFS server configuration options.
(BZ#513094)

All nfs-utils users are advised to upgrade to this updated package, which
resolves these issues and adds this enhancement. After installing this
update, the nfs service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

697975 - CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-1.0.9-60.el5.src.rpm

i386:
nfs-utils-1.0.9-60.el5.i386.rpm
nfs-utils-debuginfo-1.0.9-60.el5.i386.rpm

x86_64:
nfs-utils-1.0.9-60.el5.x86_64.rpm
nfs-utils-debuginfo-1.0.9-60.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nfs-utils-1.0.9-60.el5.src.rpm

i386:
nfs-utils-1.0.9-60.el5.i386.rpm
nfs-utils-debuginfo-1.0.9-60.el5.i386.rpm

ia64:
nfs-utils-1.0.9-60.el5.ia64.rpm
nfs-utils-debuginfo-1.0.9-60.el5.ia64.rpm

ppc:
nfs-utils-1.0.9-60.el5.ppc.rpm
nfs-utils-debuginfo-1.0.9-60.el5.ppc.rpm

s390x:
nfs-utils-1.0.9-60.el5.s390x.rpm
nfs-utils-debuginfo-1.0.9-60.el5.s390x.rpm

x86_64:
nfs-utils-1.0.9-60.el5.x86_64.rpm
nfs-utils-debuginfo-1.0.9-60.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1749.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyHPXlSAg2UNWIIRAkHTAJ0TMbKUs7q0R5vktgiWH0ZhQmxQswCffSLG
PuhOJmFB1aWWZWFpYgOApek=
=LR3n
-----END PGP SIGNATURE-----

[RHSA-2012:0313-03] Low: samba security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: samba security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0313-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0313.html
Issue date: 2012-02-21
CVE Names: CVE-2010-0926
=====================================================================

1. Summary:

Updated samba packages that fix one security issue, one bug, and add one
enhancement are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

The default Samba server configuration enabled both the "wide links" and
"unix extensions" options, allowing Samba clients with write access to a
share to create symbolic links that point to any location on the file
system. Clients connecting with CIFS UNIX extensions disabled could have
such links resolved on the server, allowing them to access and possibly
overwrite files outside of the share. With this update, "wide links" is
set to "no" by default. In addition, the update ensures "wide links" is
disabled for shares that have "unix extensions" enabled. (CVE-2010-0926)

Warning: This update may cause files and directories that are only linked
to Samba shares using symbolic links to become inaccessible to Samba
clients. In deployments where support for CIFS UNIX extensions is not
needed (such as when files are exported to Microsoft Windows clients),
administrators may prefer to set the "unix extensions" option to "no" to
allow the use of symbolic links to access files out of the shared
directories. All existing symbolic links in a share should be reviewed
before re-enabling "wide links".

These updated samba packages also fix the following bug:

* The smbclient tool sometimes failed to return the proper exit status
code. Consequently, using smbclient in a script caused some scripts to
fail. With this update, an upstream patch has been applied and smbclient
now returns the correct exit status. (BZ#768908)

In addition, these updated samba packages provide the following
enhancement:

* With this update, support for Windows Server 2008 R2 domains has been
added. (BZ#736124)

Users are advised to upgrade to these updated samba packages, which correct
these issues and add this enhancement. After installing this update, the
smb service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

562568 - CVE-2010-0926 samba: insecure "wide links" default

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.37.el5.src.rpm

i386:
libsmbclient-3.0.33-3.37.el5.i386.rpm
samba-3.0.33-3.37.el5.i386.rpm
samba-client-3.0.33-3.37.el5.i386.rpm
samba-common-3.0.33-3.37.el5.i386.rpm
samba-debuginfo-3.0.33-3.37.el5.i386.rpm
samba-swat-3.0.33-3.37.el5.i386.rpm

x86_64:
libsmbclient-3.0.33-3.37.el5.i386.rpm
libsmbclient-3.0.33-3.37.el5.x86_64.rpm
samba-3.0.33-3.37.el5.x86_64.rpm
samba-client-3.0.33-3.37.el5.x86_64.rpm
samba-common-3.0.33-3.37.el5.i386.rpm
samba-common-3.0.33-3.37.el5.x86_64.rpm
samba-debuginfo-3.0.33-3.37.el5.i386.rpm
samba-debuginfo-3.0.33-3.37.el5.x86_64.rpm
samba-swat-3.0.33-3.37.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.37.el5.src.rpm

i386:
libsmbclient-devel-3.0.33-3.37.el5.i386.rpm
samba-debuginfo-3.0.33-3.37.el5.i386.rpm

x86_64:
libsmbclient-devel-3.0.33-3.37.el5.i386.rpm
libsmbclient-devel-3.0.33-3.37.el5.x86_64.rpm
samba-debuginfo-3.0.33-3.37.el5.i386.rpm
samba-debuginfo-3.0.33-3.37.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.37.el5.src.rpm

i386:
libsmbclient-3.0.33-3.37.el5.i386.rpm
libsmbclient-devel-3.0.33-3.37.el5.i386.rpm
samba-3.0.33-3.37.el5.i386.rpm
samba-client-3.0.33-3.37.el5.i386.rpm
samba-common-3.0.33-3.37.el5.i386.rpm
samba-debuginfo-3.0.33-3.37.el5.i386.rpm
samba-swat-3.0.33-3.37.el5.i386.rpm

ia64:
libsmbclient-3.0.33-3.37.el5.ia64.rpm
libsmbclient-devel-3.0.33-3.37.el5.ia64.rpm
samba-3.0.33-3.37.el5.ia64.rpm
samba-client-3.0.33-3.37.el5.ia64.rpm
samba-common-3.0.33-3.37.el5.ia64.rpm
samba-debuginfo-3.0.33-3.37.el5.ia64.rpm
samba-swat-3.0.33-3.37.el5.ia64.rpm

ppc:
libsmbclient-3.0.33-3.37.el5.ppc.rpm
libsmbclient-3.0.33-3.37.el5.ppc64.rpm
libsmbclient-devel-3.0.33-3.37.el5.ppc.rpm
libsmbclient-devel-3.0.33-3.37.el5.ppc64.rpm
samba-3.0.33-3.37.el5.ppc.rpm
samba-client-3.0.33-3.37.el5.ppc.rpm
samba-common-3.0.33-3.37.el5.ppc.rpm
samba-common-3.0.33-3.37.el5.ppc64.rpm
samba-debuginfo-3.0.33-3.37.el5.ppc.rpm
samba-debuginfo-3.0.33-3.37.el5.ppc64.rpm
samba-swat-3.0.33-3.37.el5.ppc.rpm

s390x:
libsmbclient-3.0.33-3.37.el5.s390.rpm
libsmbclient-3.0.33-3.37.el5.s390x.rpm
libsmbclient-devel-3.0.33-3.37.el5.s390.rpm
libsmbclient-devel-3.0.33-3.37.el5.s390x.rpm
samba-3.0.33-3.37.el5.s390x.rpm
samba-client-3.0.33-3.37.el5.s390x.rpm
samba-common-3.0.33-3.37.el5.s390.rpm
samba-common-3.0.33-3.37.el5.s390x.rpm
samba-debuginfo-3.0.33-3.37.el5.s390.rpm
samba-debuginfo-3.0.33-3.37.el5.s390x.rpm
samba-swat-3.0.33-3.37.el5.s390x.rpm

x86_64:
libsmbclient-3.0.33-3.37.el5.i386.rpm
libsmbclient-3.0.33-3.37.el5.x86_64.rpm
libsmbclient-devel-3.0.33-3.37.el5.i386.rpm
libsmbclient-devel-3.0.33-3.37.el5.x86_64.rpm
samba-3.0.33-3.37.el5.x86_64.rpm
samba-client-3.0.33-3.37.el5.x86_64.rpm
samba-common-3.0.33-3.37.el5.i386.rpm
samba-common-3.0.33-3.37.el5.x86_64.rpm
samba-debuginfo-3.0.33-3.37.el5.i386.rpm
samba-debuginfo-3.0.33-3.37.el5.x86_64.rpm
samba-swat-3.0.33-3.37.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0926.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyCNXlSAg2UNWIIRAlTUAKCk1/N54SxUUnojLGXfDI/tO2LzsQCdGJ/d
NMPYOHz4hMzsKcqrPVWO/xg=
=gznF
-----END PGP SIGNATURE-----

[RHSA-2012:0153-03] Low: sos security, bug fix, and enhancement update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: sos security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0153-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0153.html
Issue date: 2012-02-21
CVE Names: CVE-2011-4083
=====================================================================

1. Summary:

An updated sos package that fixes one security issue, several bugs, and
adds various enhancements is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - noarch
Red Hat Enterprise Linux Desktop (v. 5 client) - noarch

3. Description:

Sos is a set of tools that gather information about system hardware and
configuration.

The sosreport utility incorrectly included Certificate-based Red Hat
Network private entitlement keys in the resulting archive of debugging
information. An attacker able to access the archive could use the keys to
access Red Hat Network content available to the host. This issue did not
affect users of Red Hat Network Classic. (CVE-2011-4083)

This updated sos package also includes numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked
to in the References, for information on the most significant of these
changes.

All sos users are advised to upgrade to this updated package, which
resolves these issues and adds these enhancements.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

627416 - sos rfe - request to update sos plugin cs.py for Red Hat Certificate System
641020 - [RFE] improve sos plugin to capture MRG GRID related information
655046 - sosreport French translation of y/n prompt is wrong and confusing
673246 - [RFE] include output of ibv_devinfo command (libibverbs-utils package) in sosreport
677123 - RFE: iSCSI Target plugin for sosreport.
708346 - sosreport hangs the system when multiple SIGTERMs received
716987 - Relative symlink in created report for truncated log files is wrong
717167 - make non-standard log file collection more robust
717480 - Fix problems hidden by __raisePlugins__ = 0, create logging for plugin errors
717962 - When copying directory into report using addCopySpec, links inside are not handled correctly
726421 - [RFE] sosreport should collect the result of ethtool -g, ethtool -c, and ethtool -a by default
749383 - CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys
750573 - sosreport cluster modules fail with badly formed cluster.conf

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sos-1.7-9.62.el5.src.rpm

noarch:
sos-1.7-9.62.el5.noarch.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sos-1.7-9.62.el5.src.rpm

noarch:
sos-1.7-9.62.el5.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4083.html
https://access.redhat.com/security/updates/classification/#low
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/sos.html#RHSA-2012-0153

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQyGAXlSAg2UNWIIRAta7AJ9Fp/TVH/6HY7XR04kIOngt41XPgACfV03o
5qC17t17OE0zcXs5aoAd2QI=
=dNZq
-----END PGP SIGNATURE-----

[RHSA-2012:0317-01] Important: libpng security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: libpng security update
Advisory ID: RHSA-2012:0317-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0317.html
Issue date: 2012-02-20
CVE Names: CVE-2011-3026
=====================================================================

1. Summary:

Updated libpng and libpng10 packages that fix one security issue are now
available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap-based buffer overflow flaw was found in libpng. An attacker could
create a specially-crafted PNG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-3026)

Users of libpng and libpng10 should upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications using libpng or libpng10 must be restarted for the update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk (MFSA 2012-11)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm

i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm

ia64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.ia64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.ia64.rpm
libpng-devel-1.2.7-9.el4.ia64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.ia64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.ia64.rpm
libpng10-devel-1.0.16-10.el4.ia64.rpm

ppc:
libpng-1.2.7-9.el4.ppc.rpm
libpng-1.2.7-9.el4.ppc64.rpm
libpng-debuginfo-1.2.7-9.el4.ppc.rpm
libpng-debuginfo-1.2.7-9.el4.ppc64.rpm
libpng-devel-1.2.7-9.el4.ppc.rpm
libpng10-1.0.16-10.el4.ppc.rpm
libpng10-1.0.16-10.el4.ppc64.rpm
libpng10-debuginfo-1.0.16-10.el4.ppc.rpm
libpng10-debuginfo-1.0.16-10.el4.ppc64.rpm
libpng10-devel-1.0.16-10.el4.ppc.rpm

s390:
libpng-1.2.7-9.el4.s390.rpm
libpng-debuginfo-1.2.7-9.el4.s390.rpm
libpng-devel-1.2.7-9.el4.s390.rpm
libpng10-1.0.16-10.el4.s390.rpm
libpng10-debuginfo-1.0.16-10.el4.s390.rpm
libpng10-devel-1.0.16-10.el4.s390.rpm

s390x:
libpng-1.2.7-9.el4.s390.rpm
libpng-1.2.7-9.el4.s390x.rpm
libpng-debuginfo-1.2.7-9.el4.s390.rpm
libpng-debuginfo-1.2.7-9.el4.s390x.rpm
libpng-devel-1.2.7-9.el4.s390x.rpm
libpng10-1.0.16-10.el4.s390.rpm
libpng10-1.0.16-10.el4.s390x.rpm
libpng10-debuginfo-1.0.16-10.el4.s390.rpm
libpng10-debuginfo-1.0.16-10.el4.s390x.rpm
libpng10-devel-1.0.16-10.el4.s390x.rpm

x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm

i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm

x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm

i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm

ia64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.ia64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.ia64.rpm
libpng-devel-1.2.7-9.el4.ia64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.ia64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.ia64.rpm
libpng10-devel-1.0.16-10.el4.ia64.rpm

x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm

i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm

ia64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.ia64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.ia64.rpm
libpng-devel-1.2.7-9.el4.ia64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.ia64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.ia64.rpm
libpng10-devel-1.0.16-10.el4.ia64.rpm

x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm

i386:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm

x86_64:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-1.2.10-15.el5_7.x86_64.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm

i386:
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm

x86_64:
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm

i386:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm

ia64:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-1.2.10-15.el5_7.ia64.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.ia64.rpm
libpng-devel-1.2.10-15.el5_7.ia64.rpm

ppc:
libpng-1.2.10-15.el5_7.ppc.rpm
libpng-1.2.10-15.el5_7.ppc64.rpm
libpng-debuginfo-1.2.10-15.el5_7.ppc.rpm
libpng-debuginfo-1.2.10-15.el5_7.ppc64.rpm
libpng-devel-1.2.10-15.el5_7.ppc.rpm
libpng-devel-1.2.10-15.el5_7.ppc64.rpm

s390x:
libpng-1.2.10-15.el5_7.s390.rpm
libpng-1.2.10-15.el5_7.s390x.rpm
libpng-debuginfo-1.2.10-15.el5_7.s390.rpm
libpng-debuginfo-1.2.10-15.el5_7.s390x.rpm
libpng-devel-1.2.10-15.el5_7.s390.rpm
libpng-devel-1.2.10-15.el5_7.s390x.rpm

x86_64:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-1.2.10-15.el5_7.x86_64.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

i386:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm

x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

i386:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-static-1.2.46-2.el6_2.i686.rpm

x86_64:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

x86_64:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

i386:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm

ppc64:
libpng-1.2.46-2.el6_2.ppc.rpm
libpng-1.2.46-2.el6_2.ppc64.rpm
libpng-debuginfo-1.2.46-2.el6_2.ppc.rpm
libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm
libpng-devel-1.2.46-2.el6_2.ppc.rpm
libpng-devel-1.2.46-2.el6_2.ppc64.rpm

s390x:
libpng-1.2.46-2.el6_2.s390.rpm
libpng-1.2.46-2.el6_2.s390x.rpm
libpng-debuginfo-1.2.46-2.el6_2.s390.rpm
libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm
libpng-devel-1.2.46-2.el6_2.s390.rpm
libpng-devel-1.2.46-2.el6_2.s390x.rpm

x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

i386:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-static-1.2.46-2.el6_2.i686.rpm

ppc64:
libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm
libpng-static-1.2.46-2.el6_2.ppc64.rpm

s390x:
libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm
libpng-static-1.2.46-2.el6_2.s390x.rpm

x86_64:
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

i386:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm

x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm

i386:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-static-1.2.46-2.el6_2.i686.rpm

x86_64:
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3026.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPQqGfXlSAg2UNWIIRAvPAAKC5ML8Y7b6VjL034A1Z25dbaHQBeACbByBB
4I5iDRbA+wiPuXoUTrzz8EM=
=Ow8Q
-----END PGP SIGNATURE-----