CESA-2017:0190

最新バージョンのfirefoxが、Red Hat Enterprise Linux 5/6/7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

 

[Updated 21 February 2017]

This advisory has been updated to include Firefox packages for the PPC and S390

architectures that were previously omitted. For this revised update, packages

for all architectures were rebuilt. The rebuilt packages do not contain any new

code changes.

Mozilla Firefox is an open source web browser.

 

This update upgrades Firefox to version 45.7.0 ESR.

 

Security Fix(es):

 

* Multiple flaws were found in the processing of malformed web content. A web

page containing malicious content could cause Firefox to crash or, potentially,

execute arbitrary code with the privileges of the user running Firefox.

(CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,

CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)

 

Red Hat would like to thank the Mozilla project for reporting these issues.

Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin

Razmjou, Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom

Schuster, Oriol, Rh0, Nicolas Grégoire, and Jerri Rice as the original

reporters.

 Bugs Fixed

1415924 – CVE-2017-5373 Mozilla: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (MFSA 2017-01)
1416271 – CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02)
1416272 – CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02)
1416273 – CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
1416274 – CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
1416279 – CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
1416280 – CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02)
1416281 – CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
1416282 – CVE-2017-5386 Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)

CESA-2017:0184

最新バージョンのmysqlが、Red Hat Enterprise Linux 6 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

MySQL is a multi-user, multi-threaded SQL database server. It consists of the
MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database user
with FILE privileges, could possibly use this flaw to run arbitrary commands
with root privileges on the system running the database server. (CVE-2016-6662)

* A race condition was found in the way MySQL performed MyISAM engine table
repair. A database user with shell access to the server running mysqld could use
this flaw to change permissions of arbitrary files writable by the mysql system
user. (CVE-2016-6663, CVE-2016-5616)

Bugs Fixed

CESA-2017:0183

最新バージョンの squid34 が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The squid34 packages provide version 3.4 of Squid, a high-performance proxy
caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* It was found that squid did not properly remove connection specific headers
when answering conditional requests using a cached request. A remote attacker
could send a specially crafted request to an HTTP server via the squid proxy and
steal private data from other connections. (CVE-2016-10002)

Bugs Fixed

1405941 – CVE-2016-10002 squid: Information disclosure in HTTP request processing

CESA-2017:0086

最新バージョンのkernelが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The kernel packages contain the Linux kernel, the core of any Linux operating

system.

 

These updated kernel packages include several security issues and numerous bug

fixes, some of which you can see below. Space precludes documenting all of these

bug fixes in this advisory. To see the complete list of bug fixes, users are

directed to the related Knowledge Article:

https://access.redhat.com/articles/2857831.

 

Security Fix(es):

 

* A use-after-free vulnerability was found in the kernel’s socket recvmmsg

subsystem. This may allow remote attackers to corrupt memory and may allow

execution of arbitrary code. This corruption takes place during the error

handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)

 

* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and

other tcp_* functions. This condition could allow an attacker to send an

incorrect selective acknowledgment to existing connections, possibly resetting a

connection. (CVE-2016-6828, Moderate)

 

* A flaw was found in the Linux kernel’s implementation of the SCTP protocol. A

remote attacker could trigger an out-of-bounds read with an offset of up to 64kB

potentially causing the system to crash. (CVE-2016-9555, Moderate)

 

Bug Fix(es):

 

* Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was

suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO)

infrastructure. With this update, the data cached by the IPoIB driver has been

moved from a control block into the IPoIB hard header, thus avoiding the GRO

problem and the corruption of IPoIB address information. As a result, the

performance of IPoIB has been improved. (BZ#1390668)

 

* Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was

recreated, a race condition between the eventfd daemon and the virqfd daemon

occurred. Consequently, the operating system rebooted. This update fixes the

race condition. As a result, the operating system no longer reboots in the

described situation. (BZ#1391611)

 

* Previously, a packet loss occurred when the team driver in round-robin mode

was sending a large number of packets. This update fixes counting of the packets

in the round-robin runner of the team driver, and the packet loss no longer

occurs in the described situation. (BZ#1392023)

 

* Previously, the virtual network devices contained in the deleted namespace

could be deleted in any order. If the loopback device was not deleted as the

last item, other netns devices, such as vxlan devices, could end up with

dangling references to the loopback device. Consequently, deleting a network

namespace (netns) occasionally ended by a kernel oops. With this update, the

underlying source code has been fixed to ensure the correct order when deleting

the virtual network devices on netns deletion. As a result, the kernel oops no

longer occurs under the described circumstances. (BZ#1392024)

 

* Previously, a Kabylake system with a Sunrise Point Platform Controller Hub

(PCH) with a PCI device ID of 0xA149 showed the following warning messages

during the boot:

 

“Unknown Intel PCH (0xa149) detected.”

“Warning: Intel Kabylake processor with unknown PCH – this hardware has not

undergone testing by Red Hat and might not be certified. Please consult

https://hardware.redhat.com for certified hardware.”

 

The messages were shown because this PCH was not properly recognized. With this

update, the problem has been fixed, and the operating system now boots without

displaying the warning messages. (BZ#1392033)

 

* Previously, the operating system occasionally became unresponsive after a long

run. This was caused by a race condition between the try_to_wake_up() function

and a woken up task in the core scheduler. With this update, the race condition

has been fixed, and the operating system no longer locks up in the described

scenario. (BZ#1393719)

Bugs Fixed

1367091 – CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue
1382268 – CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path
1397930 – CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb()

CESA-2017:0062

最新バージョンのbindが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols. BIND includes a DNS server (named); a resolver library
(routines for applications to use when interfacing with DNS); and tools for
verifying that the DNS server is operating correctly.

Security Fix(es):

* A denial of service flaw was found in the way BIND processed a response to an
ANY query. A remote attacker could use this flaw to make named exit unexpectedly
with an assertion failure via a specially crafted DNS response. (CVE-2016-9131)

* A denial of service flaw was found in the way BIND handled a query response
containing inconsistent DNSSEC information. A remote attacker could use this
flaw to make named exit unexpectedly with an assertion failure via a specially
crafted DNS response. (CVE-2016-9147)

* A denial of service flaw was found in the way BIND handled an unusually-formed
DS record response. A remote attacker could use this flaw to make named exit
unexpectedly with an assertion failure via a specially crafted DNS response.
(CVE-2016-9444)

Red Hat would like to thank ISC for reporting these issues.

Bugs Fixed