copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0587 - [RedHat] Red Hat Atomic Host: Multiple vulnerabilities

Date: 04 March 2016
References: ESB-2016.0601  ESB-2016.0634  ESB-2016.0636  ESB-2016.0661  ESB-2016.0690  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0587
                   Low: RHEL Atomic OSTree Update 7.2.2
                               4 March 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat Atomic Host
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 5
                   Red Hat Enterprise Linux Server 7
Impact/Access:     Access Privileged Data         -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-3197 CVE-2016-0800 

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2016:0332

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: RHEL Atomic OSTree Update 7.2.2
Advisory ID:       RHSA-2016:0332-01
Product:           Red Hat Atomic Host
Advisory URL:      https://access.redhat.com/errata/RHSA-2016:0332
Issue date:        2016-03-01
=====================================================================

1. Summary:

RHEL Atomic OSTree Update 7.2.2

2. Description:

An updated version of Red Hat Enterprise Linux Atomic Host is available as
an OSTree. The following changes are included in this version. Each change
is represented by an RPM name and an Errata number. You can find the
details of each change by searching for the errata number at
http://access.redhat.com/ .

New Tree Version: 7.2.2-2 (hash:
8b2cf24b420d659179dc866eab1bb341748839204ba56ed46a86218010789e91)
Changes since Tree Version 7.2.2-1 (hash:
04019d7e50b22c19b717e657b58c0e33333eb92448fb99fe478c922d6e8bbe95)

Upgraded:

 RHBA-2016:0313 ceph-common-1:0.94.5-9.el7cp.x86_64
 RHBA-2016:0313 librados2-1:0.94.5-9.el7cp.x86_64
 RHBA-2016:0313 librbd1-1:0.94.5-9.el7cp.x86_64
 RHBA-2016:0313 python-rados-1:0.94.5-9.el7cp.x86_64
 RHBA-2016:0313 python-rbd-1:0.94.5-9.el7cp.x86_64
 RHSA-2016:0305 openssl-1:1.0.1e-51.el7_2.4.x86_64
 RHSA-2016:0305 openssl-libs-1:1.0.1e-51.el7_2.4.x86_64

3. Solution:

This is a cumulative update for the Atomic host. To upgrade your Atomic
Host use the "atomic host upgrade" command on your system.

4. Bugs fixed (https://bugzilla.redhat.com/):

1313287 - RHEL Atomic OSTree Release Tracker

5. References:

https://access.redhat.com/security/updates/classification/#low

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFW1cMwXlSAg2UNWIIRAt0pAJ4z8TIJlnsLZoonlHpSMrDCIqXOYgCgjcyk
UmlhZ0Ns8B6tc5IX/N4Y7uY=
=MsEA
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVtkve36ZAP0PgtI9AQIw2hAAptuSMzPG4ntA9CknaQ9FehQm9jqQx87c
Q92dw1zqWGhdgrjT6qydt3IdolHt4+9cZr/ifa+XFYVWy0aVCGMY4dKGdLDTj5d6
M8vo4Zw6szDQZtNArZFTOL25rv4EJi9+YB5/VZ2nTZI6C9wzfYVk9YZD1k1IZkuM
UxydiFiiIFlrYUV8V4BQswezXJCmfo+jvgioHUEfkod4w+rOa7/Y11X0vPFPujXH
54YnFcQdqdKU8zEm+6JosOH6MDfcG7DKXSTUc/b/YWYmLeLsm47e7XrwneJrcp7Z
ZjaepaNg56kCatnu0cn33v3mHUyTVddmU0PYq0JIqSfeMkCmifAiFdbLzYT5D4ZU
WA0kFtuZvu6swGtGyD9il71Ip1ekMSswr7BLjBIAd0G2mpPt2TwWqPMYYvXw148O
2M0YvbJ0LhE3CkkpGRFPpHXdG71Yvp48qzTyj55mqAneMjRwuvWFoyym1Le9xlyO
sesTMyIRl8Vvlu74KOK3ZxTbcJ7FZKoo/tq02fZxTQoMASMb/QBCkZzyvCMDNLUh
CIaS7e7dSeutERI6xUE1wniNwoD+bEc0xl9rtZjMvzc5LXWl+jy+m+uAAeP78McE
AlM+lsh+HlMvB/H2KTbw1IVC2xVdpzXriWCjNFK9ZXci90TLVphxvSOwHuNgxuC5
rkI1DxDfyaA=
=6n4h
-----END PGP SIGNATURE-----