Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1873 Important: libtiff security update 3 August 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libtiff Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-5320 CVE-2016-3991 CVE-2016-3990 CVE-2016-3945 CVE-2016-3632 CVE-2015-8784 CVE-2015-8783 CVE-2015-8782 CVE-2015-8781 CVE-2015-8683 CVE-2015-8668 CVE-2015-8665 CVE-2015-7554 CVE-2015-1547 CVE-2014-9655 CVE-2014-9330 CVE-2014-8130 CVE-2014-8129 CVE-2014-8127 Reference: ESB-2016.0309 ESB-2015.1383 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2016-1546.html https://rhn.redhat.com/errata/RHSA-2016-1547.html Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1547-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1547.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm ppc64: libtiff-3.9.4-18.el6_8.ppc.rpm libtiff-3.9.4-18.el6_8.ppc64.rpm libtiff-debuginfo-3.9.4-18.el6_8.ppc.rpm libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm libtiff-devel-3.9.4-18.el6_8.ppc.rpm libtiff-devel-3.9.4-18.el6_8.ppc64.rpm s390x: libtiff-3.9.4-18.el6_8.s390.rpm libtiff-3.9.4-18.el6_8.s390x.rpm libtiff-debuginfo-3.9.4-18.el6_8.s390.rpm libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm libtiff-devel-3.9.4-18.el6_8.s390.rpm libtiff-devel-3.9.4-18.el6_8.s390x.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm ppc64: libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm libtiff-static-3.9.4-18.el6_8.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm libtiff-static-3.9.4-18.el6_8.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoNKeXlSAg2UNWIIRAsVZAJ940rmw6jTuzv+WQ7T1G+tfn9S1GQCgnVTY Fsfa3CmoWEoMPE+ZNQBpeTQ= =vyQ/ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV6E/i4x+lLeg9Ub1AQgZtw/+KZ+lgA0M1w9s4X95g4wE4y/SqjhLBObu VzOdcaeynTdZg/DSL3AtmNMd4yTY7DQuDzcffY0/wANXxiMU2ACEA6ofieZy9k7t /Mcdem8g+EpSTtHWEw7+OwdCb/COJi903NjGOI81St27z8dlLT5Cwl7RK87anxIq yJsUGzEpFXTyNt6yras8pLw8jTCs//C0QLiWZZLrHiMxh++MCV1C2QshEycGO2QR C+QfwBOHvDvNfv0LAn5NgifZfq3L18MkQoltuMr9ecYE6+XJvI7eerHQLyXKrL9Y neQa8j2FPaCFEPp6ITfnXlQB5XdUB8l2wEIBCQwnh9sJbO+duMqcx6lKxnkEvEwh zZNsGJjf4BY1cQX0Jn89CkZvMuneIuqcgA+2bsL7IphjifgE9e8QGrJmfh9bQG2y pXEChzdFRSLvlE5Gi2yi4dbDiMdFQ4X6uA+zXExuYCZL926kyw86sQ9XrBKFEL+b Iu0OJIgOu5XLKOxNj+pJdIgC30ql4/wrGV4sbgRUaAqq3YTwJkl/ZcWfY7jVt9wi ihkylO4Zvbok6B5pl/XEvlFdqAsPuNDQalt/nwMHcS0hrSBUFjckkNaU0IROY55d 8VSWyq9Mg+tQz4TtgOhSnpZjmoonjevhfuv7MFTvjQIC21bG5LfCEmqO7rcr/1nu cy8sdjXI/d4= =UrNP -----END PGP SIGNATURE-----