RHBA-2010:0612-1

20 agosto, 2010 por admin Sin comentarios »

Summary: dhcp bug fix update

An updated dhcp package that fixes one bug is now available for Red Hat Enterprise Linux 5.

Description:
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.
The dhcp package provides a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

These updated packages provide a fix for the following bug:

* previously, moving the server from communication-interrupted into partner-down state didn’t force dhcpd to take over the partner’s leases. With this update, a partner-down failover server no longer sends ‘peer holds all free leases’ if it is able to newly-allocate one of the peer’s leases.

All users of dhcp are advised to upgrade to these updated packages, which resolve this issue.

Sin comentarios »

Publicado enGeneral

Tags:

RHEA-2010:0621-1

20 agosto, 2010 por admin Sin comentarios »

Summary: java-1.6.0-openjdk enhancement update

A new set of OpenJDK packages that update Daylight Saving Time observations for Egypt is now available.

Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.

These updated packages address the following change to Daylight Saving Time
(DST) observations:

* During Ramadan, that is, during the period between 2010-08-11 and 2010-09-08, Egypt will suspend DST. The DST period will be officially restored on 2010-09-09. (BZ#622836)

All users, especially those in the locale affected by this time change and users interacting with people or systems in the affected locale, are advised to upgrade to these packages, which add this enhancement.

Sin comentarios »

Publicado enBugs

Tags:

RHBA-2010:0614-1

20 agosto, 2010 por admin Sin comentarios »

Summary: cups bug fix update

Updated cups packages that fix various bugs are now available.

Description:
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS “texttops” filter converts text files to PostScript.

These updated cups packages fix the following bugs:

* previously, when the printer was removed from the class, the list of class members was not updated properly. As a result, adding the printer of the same name to the class resulted in the following error message:

Printer is already a member of class

With this update, the member list is now updated as expected, and re-adding the previously removed printer no longer results in the above error. (BZ#581902)

* when the class members were changed, /etc/cups/classes.conf was not always updated accordingly. This issue has been resolved, and the configuration file is now always updated as expected. (BZ#594621)

* previously, sending a document to a network printer using the socket URI scheme could cause the actual printing to be delayed. This was due to the fact that the socket back-end used to wait for any pending back-channel data, even though the wait time option was set to zero. With this update, the pertinent “wait_bc” function call has been removed, and printing the document is no longer delayed. (BZ#612964)

Users of CUPS are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the cupsd daemon will be restarted automatically.

Sin comentarios »

Publicado enBugs

Tags:

RHBA-2010:0626-1

20 agosto, 2010 por admin Sin comentarios »

Summary: autofs5 bug fix update

An updated autofs5 package that fixes a bug is now available for Red Hat Enterprise Linux 5.

Description:
The autofs utility controls the operation of the automount daemon, which automatically mounts, and then unmounts file systems after a period of inactivity. File systems can include network file systems, CD-ROMs, diskettes, and other media.

This updated autofs5 package fixes the following bugs:

* previously, when using client certificates with autofs the certificate DN couldn’t be used in LDAP ACLs. With this update, the SASL EXTERNAL authentication mechanism is used for maping the certificate DN to an LDAP DN.
(bz#615258)

* previously, autofs could occasionally get suspended during expire of mounts stage if there were many automount managed mounts. With this update, autofs runs without suspension even with larger amounts of automount managed mounts.
(bz#615259)

All users of autofs5 are advised to upgrade to this updated package, which resolves this issue.

Sin comentarios »

Publicado enBugs

Tags:

RHBA-2010:0617-1

20 agosto, 2010 por admin Sin comentarios »

Summary: openldap bug fix update

Updated OpenLDAP packages that provides a fix for a bug are now available for Red Hat Enterprise Linux 5.

Description:
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

These updated packages provide a fix for the following bug:

* previously, slapd could unexpectedly abort during replication using LDAP protocol replication. This issue is now resolved and no more crashes occur when slapd adds or deletes user data. (BZ#620621)

All users of OpenLDAP are advised to upgrade to these updated packages, which resolve this issue.

Sin comentarios »

Publicado enBugs

Tags:

RHSA-2010:0610-1

20 agosto, 2010 por admin Sin comentarios »

Summary: Important: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten.
A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084,
Important)

* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state.
An unprivileged guest user could trigger this flaw by setting the BE (Big
Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)

* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially-crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)

* buffer overflow flaws were found in the Linux kernel’s implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)

* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure. (CVE-2010-2226, Moderate)

* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user’s choosing. (CVE-2010-2524, Moderate)

* a missing check was found in the mext_check_arguments() function in the
ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file. (CVE-2010-2066,
Low)

Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.

This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Sin comentarios »

Publicado enBugs

Tags:

RHSA-2010:0616-1

19 agosto, 2010 por admin Sin comentarios »

Summary: Moderate: dbus-glib security update

Updated dbus-glib packages that fix one security issue are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Description:
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.

It was discovered that dbus-glib did not enforce the “access” flag on exported GObject properties. If such a property were read/write internally but specified as read-only externally, a malicious, local user could use this flaw to modify that property of an application. Such a change could impact the application’s behavior (for example, if an IP address were changed the network may not come up properly after reboot) and possibly lead to a denial of service. (CVE-2010-1172)

Due to the way dbus-glib translates an application’s XML definitions of service interfaces and properties into C code at application build time, applications built against dbus-glib that use read-only properties needed to be rebuilt to fully fix the flaw. As such, this update provides NetworkManager packages that have been rebuilt against the updated dbus-glib packages. No other applications shipped with Red Hat Enterprise Linux 5 were affected.

All dbus-glib and NetworkManager users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Running instances of NetworkManager must be restarted (service NetworkManager restart) for this update to take effect.

Sin comentarios »

Publicado enBugs

Tags:

RHSA-2010:0625-1

19 agosto, 2010 por admin Sin comentarios »

Summary: Moderate: wireshark security update

Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Description:
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal.

Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2010-2287, CVE-2010-2995)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284,
CVE-2010-2286)

Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.

Sin comentarios »

Publicado enBugs

Tags:

RHEA-2010:0609-1

16 agosto, 2010 por admin Sin comentarios »

Summary: tzdata enhancement update

A new tzdata package that updates Daylight Saving Time observations for Egypt is now available.

Description:
The tzdata package contains data files with rules for various time zones around the world.

This updated package addresses the following change to Daylight Saving Time
(DST) observations:

* during Ramadan, that is, during the period between 2010-08-11 and 2010-09-08, Egypt will suspend DST. The DST period will be officially restored on 2010-09-09. (BZ#618593, BZ#618597, BZ#618599)

All users, especially those in the locale affected by this time change and users interacting with people or systems in the affected locale, are advised to upgrade to this updated package, which adds this enhancement.

Sin comentarios »

Publicado enBugs

Tags:

RHBA-2010:0608-1

10 agosto, 2010 por admin Sin comentarios »

Summary: systemtap bug fix update

Updated systemtap packages that resolve two bugs are now available for Red Hat Enterprise Linux 5.

Description:
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system.

This update resolves the following bugs:

* due to a string copy being used instead of a formatted string copy, the argstring of the socketpair system call had a wrong “UNKNOWN VALUE”. This issue is now resolved. (BZ#617099)

* previously, a change in register contents (such as $return) on Itanium caused a crash due to a flaw in the way the values in the memory were set. Now, no crash happens when register contents change. (BZ#617100)

All SystemTap users are advised to upgrade to these updated packages, which fix these bugs.

Sin comentarios »

Publicado enBugs

Tags: