【CESA-2016:2872】An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7

CESA-2016:2872

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 

Security Fix(es)

* It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076)

These issues were discovered by Florian Weimer (Red Hat).


Bug Fixed

Bug 1372830 – (CVE-2016-7032) CVE-2016-7032
https://bugzilla.redhat.com/show_bug.cgi?id=1372830
Bug 1384982 – (CVE-2016-7076) CVE-2016-7076
https://bugzilla.redhat.com/show_bug.cgi?id=1384982               

 

【CESA-2016:2850】An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7

CESA-2016:2850

 

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 45.5.1.

 

Security Fix(es)

 

* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079)
Red Hat would like to thank the Mozilla project for reporting this issue.

Bug Fixed

Bug 1400376 – (CVE-2016-9079) CVE-2016-9079
https://bugzilla.redhat.com/show_bug.cgi?id=1400376

 

 

 

【CESA-2016:2843】An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7

CESA-2016:2843

An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 45.5.1 ESR.

 

Security Fix(es)

* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079)
Red Hat would like to thank the Mozilla project for reporting this issue.

 

Bug Fixed

Bug 1400376 – (CVE-2016-9079) CVE-2016-9079
https://bugzilla.redhat.com/show_bug.cgi?id=1400376

 

 

 

【CESA-2016:2825】An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7

CESA-2016:2825

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 45.5.0

 

Security Fix(es)

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.

Bug Fixed

CESA-2016:2825
https://rhn.redhat.com/errata/RHSA-2016-2825.html      

 

 

【CESA-2016:2825】An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7

CESA-2016:2825

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 45.5.0

Security Fix(es)

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.

Bug Fixed

CESA-2016:2825
https://rhn.redhat.com/errata/RHSA-2016-2825.html

 

 

【CESA-2016:2820】An update for memcached is now available for Red Hat Enterprise Linux 6

CESA-2016:2820

An update for memcached is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

 

Security Fix(es)

* Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8704, CVE-2016-8705)

Bug Fixed

 

Bug 1390510 – (CVE-2016-8704) CVE-2016-8704
https://bugzilla.redhat.com/show_bug.cgi?id=1390510
Bug 1390511 – (CVE-2016-8705) CVE-2016-8705
https://bugzilla.redhat.com/show_bug.cgi?id=1390511 

 

 

 

【 CESA-2016:2780】An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7

CESA-2016:2780

An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.5.0 ESR.

 

Security Fix(es)

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)

* A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, André Bargull, Samuel Groß, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.

Bug fixed

 

Bug 1395055 – (CVE-2016-5296) CVE-2016-5296
https://bugzilla.redhat.com/show_bug.cgi?id=1395055
Bug 1395058 – (CVE-2016-5297) CVE-2016-5297
https://bugzilla.redhat.com/show_bug.cgi?id=1395058
Bug 1395060 – (CVE-2016-9064) CVE-2016-9064
https://bugzilla.redhat.com/show_bug.cgi?id=1395060
Bug 1395061 – (CVE-2016-9066) CVE-2016-9066
https://bugzilla.redhat.com/show_bug.cgi?id=1395061
Bug 1395065 – (CVE-2016-5291) CVE-2016-5291
https://bugzilla.redhat.com/show_bug.cgi?id=1395065
Bug 1395066 – (CVE-2016-5290) CVE-2016-5290
https://bugzilla.redhat.com/show_bug.cgi?id=1395066

 

 

 

 

【CESA-2016:2779】An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7

CESA-2016:2779

An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.
The following packages have been upgraded to a newer upstream version: nss (3.12.3), nss-util (3.12.3).

 

Security Fix(es)

 

* Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834)
* A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285)
* It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)

Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.

Bug fixed

 

Bug 1347908 – (CVE-2016-2834) CVE-2016-2834
https://bugzilla.redhat.com/show_bug.cgi?id=1347908
Bug 1383883 – (CVE-2016-5285) CVE-2016-5285
https://bugzilla.redhat.com/show_bug.cgi?id=1383883
Bug 1391818 – (CVE-2016-8635) CVE-2016-8635
https://bugzilla.redhat.com/show_bug.cgi?id=1391818

 

 

 

 

 

【CESA-2016:2766】An update for kernel is now available for Red Hat Enterprise Linux 6

CESA-2016:2766

An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es)

 * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ.
An 
unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important)

* It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process. (CVE-2016-2143, Moderate)

Bug fixed

Bug 1308908 – (CVE-2016-2143) CVE-2016-2143
https://bugzilla.redhat.com/show_bug.cgi?id=1308908
Bug 1344721 – (CVE-2016-1583) CVE-2016-1583
https://bugzilla.redhat.com/show_bug.cgi?id=1344721    

 

 

 

【CESA-2016:2765】An update for 389-ds-base is now available for Red Hat Enterprise Linux 6

CESA-2016:2765

An update for 389-ds-base is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es)

* It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information. (CVE-2016-5416)

* An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. (CVE-2016-4992)

* It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries. (CVE-2016-5405)
The CVE-2016-5416 issue was discovered by Viktor Ashirov (Red Hat); the CVE-2016-4992 issue was discovered by Petr Spacek (Red Hat) and Martin Basti (Red Hat); and the CVE-2016-5405 issue was discovered by William Brown (Red Hat).

Bug fixed

* Previously, a bug in the changelog iterator buffer caused it to point to an incorrect position when reloading the buffer. This caused replication to skip parts of the changelog, and consequently some changes were not replicated. This bug has been fixed, and replication data loss due to an incorrectly reloaded changelog buffer no longer occurs. (BZ#1354331)

* Previously, if internal modifications were generated on a consumer (for example by the Account Policy plug-in) and additional changes to the same attributes were received from replication, a bug caused Directory Server to accumulate state information on the consumer. The bug has been fixed by making sure that replace operations are only applied if they are newer than existing attribute deletion change sequence numbers (CSNs), and state information no longer accumulates in this situation. (BZ#1379599)

Bug 1347760 – (CVE-2016-4992) CVE-2016-4992
https://bugzilla.redhat.com/show_bug.cgi?id=1347760

Bug 1349540 – (CVE-2016-5416) CVE-2016-5416
https://bugzilla.redhat.com/show_bug.cgi?id=1349540

Bug 1354331 – Replication changelog can incorrectly skip over updates
https://bugzilla.redhat.com/show_bug.cgi?id=1354331

Bug 1358865 – (CVE-2016-5405) CVE-2016-5405
https://bugzilla.redhat.com/show_bug.cgi?id=1358865

Bug 1376676 – Backport AES storage scheme plugin
https://bugzilla.redhat.com/show_bug.cgi?id=1376676

Bug 1381153 – Crash in import_wait_for_space_in_fifo()
https://bugzilla.redhat.com/show_bug.cgi?id=1381153