RHBA-2014:0909-1: JON Agent RPM update for JON 3.2 (3.2.0.GA Update 02)

package updates: JBoss Operations Network 3.2 (3.2.0.GA Update 02)jboss-on-agent A new jboss-on-agent package is available for JBoss Operations Network3.2.0 on Red Hat Enterprise Linux 6 with JBoss Enterprise ApplicationPlatform 6.JBoss Operations Network provides detailed monitoring, alerting, configuration management, and application and content deployment for a variety of different resource types, including JBoss products and platformssuch as Red Hat Enterprise Linux and Windows. JBoss Operations Networkincludes both a server and an agent which installed on each managed system.This new version of jboss-on-agent package updates the JON 3.2 agent tocommunicate with JON 3.2 Update 02 servers.Users who are managing Red Hat Enterprise Linux 6 resources with JBossOperations Network 3.2 Update 02 should install these new packages. Before applying this update, make sure all previously-released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258JBoss Enterprise Application Platform 5 EL6 IA-32: jboss-on-agent-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: 211f9428abe884e1fe1726f3cd1bb5e6SHA-256: fcd418a6b19108add61ce9cd6c566a1b0c6d83a9decaee1be7f22083f71aa196 jboss-on-agent-init-ec2-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: b0642ac3688ea4cb1f39bf4e1b212bfeSHA-256: 0b8ad9049f858b2368560f6bf5e1001cd7a4858693b196be796fec9ec3645733   x86_64: jboss-on-agent-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: 211f9428abe884e1fe1726f3cd1bb5e6SHA-256: fcd418a6b19108add61ce9cd6c566a1b0c6d83a9decaee1be7f22083f71aa196 jboss-on-agent-init-ec2-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: b0642ac3688ea4cb1f39bf4e1b212bfeSHA-256: 0b8ad9049f858b2368560f6bf5e1001cd7a4858693b196be796fec9ec3645733   JBoss Enterprise Application Platform 6 EL6 IA-32: jboss-on-agent-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: 211f9428abe884e1fe1726f3cd1bb5e6SHA-256: fcd418a6b19108add61ce9cd6c566a1b0c6d83a9decaee1be7f22083f71aa196 jboss-on-agent-init-ec2-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: b0642ac3688ea4cb1f39bf4e1b212bfeSHA-256: 0b8ad9049f858b2368560f6bf5e1001cd7a4858693b196be796fec9ec3645733   x86_64: jboss-on-agent-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: 211f9428abe884e1fe1726f3cd1bb5e6SHA-256: fcd418a6b19108add61ce9cd6c566a1b0c6d83a9decaee1be7f22083f71aa196 jboss-on-agent-init-ec2-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: b0642ac3688ea4cb1f39bf4e1b212bfeSHA-256: 0b8ad9049f858b2368560f6bf5e1001cd7a4858693b196be796fec9ec3645733   JBoss Enterprise Application Platform 6.2 EL6 IA-32: jboss-on-agent-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: 211f9428abe884e1fe1726f3cd1bb5e6SHA-256: fcd418a6b19108add61ce9cd6c566a1b0c6d83a9decaee1be7f22083f71aa196 jboss-on-agent-init-ec2-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: b0642ac3688ea4cb1f39bf4e1b212bfeSHA-256: 0b8ad9049f858b2368560f6bf5e1001cd7a4858693b196be796fec9ec3645733   x86_64: jboss-on-agent-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: 211f9428abe884e1fe1726f3cd1bb5e6SHA-256: fcd418a6b19108add61ce9cd6c566a1b0c6d83a9decaee1be7f22083f71aa196 jboss-on-agent-init-ec2-3.2-3.2.0.GA-38.el6_5.noarch.rpm     MD5: b0642ac3688ea4cb1f39bf4e1b212bfeSHA-256: 0b8ad9049f858b2368560f6bf5e1001cd7a4858693b196be796fec9ec3645733   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

MS16-080 – Important: Security Update for Microsoft Windows PDF (3164302) –...

Security Update for Microsoft Windows PDF (3164302)Published: June 14, 2016Version: 1.0This security update resolves vulnerabilities in Microsoft Windows.

The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file.

An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows 10.

For more information, see the Affected Software and Vulnerability Severity Ratings section.The update addresses the vulnerabilities by modifying how Windows parses .pdf files.

For more information about the vulnerabilities, see the Vulnerability Information section.For more information about this update, see Microsoft Knowledge Base Article 3164302.The following software versions or editions are affected.
Versions or editions that are not listed are either past their support life cycle or are not affected.

To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.The following severity ratings assume the potential maximum impact of the vulnerability.

For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary.[1]Windows 10 updates are cumulative.

The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates.

The updates are available via the Microsoft Update Catalog.Note Windows Server 2016 Technical Preview 5 is affected.

Customers running these operating systems are encouraged to apply the update, which is available via Windows Update.*The Updates Replaced column shows only the latest update in any chain of superseded updates.

For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the Package Details tab).For my particular system and Microsoft Edge configuration, which update addresses the vulnerabilities discussed in CVE-2016-3201, CVE-2016-3203, and CVE-2016-3215? The vulnerabilities addressed by the updates for CVE-2016-3201, CVE-2016-3203, and CVE-2016-3215 released in MS16-068 are for systems running Microsoft Edge.

These CVEs are also addressed for operating system components in MS16-080. MS16-068 and MS16-080 is addressed by this month’s cumulative Windows 10 update.Multiple Windows PDF Information Disclosure VulnerabilitiesInformation disclosure vulnerabilities exist in Microsoft Windows when a user opens a specially crafted .pdf file.

An attacker who successfully exploited the vulnerabilities could read information in the context of the current user.To exploit the vulnerabilities, an attacker would have to trick the user into opening the .pdf file.

The update addresses the vulnerabilities by modifying how Windows parses .pdf files.The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Windows PDF Information Disclosure Vulnerability CVE-2016-3201 No No Windows PDF Information Disclosure Vulnerability CVE-2016-3215 No No Mitigating FactorsMicrosoft has not identified any mitigating factors for these vulnerabilities.WorkaroundsMicrosoft has not identified any workarounds for these vulnerabilities.Windows PDF Remote Code Execution Vulnerability - CVE-2016-3203A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file.

An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.To exploit the vulnerability, an attacker must entice the user to open a specially crafted .pdf file.

The update addresses the vulnerability by modifying how Windows parses .pdf files.The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Windows PDF Remote Code Execution Vulnerability CVE-2016-3203 No No Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability.WorkaroundsMicrosoft has not identified any workarounds for these vulnerabilities.For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.
See Acknowledgments for more information.The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.
In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages.
Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.V1.0 (June 14, 2016): Bulletin published. Page generated 2016-06-08 11:50-07:00.

VU#866432: Commvault Edge Server deserializes cookie data insecurely

Commvault Edge Server,version 10 R2,deserializes untrusted,user-provided cookie data,resulting in arbitrary OS command execution with the web server's privileges.

RHBA-2014:1729-1: setup bug fix update

An updated setup package that fixes two bugs is now available for Red HatEnterprise Linux 7. The setup package contains a set of important system configuration and setupfiles, such as passwd, group, and profile.This update fixes the following bugs:* OpenShift uses the ActiveMQ service for communication between the OpenShiftbroker and OpenShift nodes. ActiveMQ can be scaled by using shared storage forthe data directory between ActiveMQ brokers, which requires a static ID.Previously, no static ID was reserved in the uidgid file in Red Hat EnterpriseLinux 7. This update adds a 142:142 UID and GID pair to uidgid in Red HatEnterprise Linux 7, and the IDs are now explicitly reserved for ActiveMQ.(BZ#1086923)* Prior to this update, the XFS file system, the default file system in Red HatEnterprise Linux 7, was not listed in the /etc/filesystems file, which overridesthe /proc/filesystems file. As a consequence, the XFS file system could not bemounted correctly when no type (the "-t" option) was used, or when the auto typewas used in the /etc/fstab file, or with the mount command. With this update,the XFS file system has been added to /etc/filesystems, and /proc/filesystems isused as a fallback if the file system cannot be found in /etc/filesystems. As aresult, the XFS file system as well as other modern file systems can now alwaysbe mounted as expected. (BZ#1123832)Users of setup are advised to upgrade to this updated package, which fixes thesebugs. Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop FasTrack (v. 7) SRPMS: setup-2.8.71-5.el7.src.rpm     MD5: 64fd6c9853c6c6fe37bcde2a8a58fbdeSHA-256: e06d9493190c5589d8ccdcc06acd321ad773e8eb49bc321d8670191ceef2dd89   x86_64: setup-2.8.71-5.el7.noarch.rpm     MD5: 81b94a5f51b1f36647a3e29c66773d9bSHA-256: 43c4946f12053677a957073e3525e3671d3b45bc6d030ce6901f595ecb25ed0e   Red Hat Enterprise Linux HPC Node FasTrack (v. 7) SRPMS: setup-2.8.71-5.el7.src.rpm     MD5: 64fd6c9853c6c6fe37bcde2a8a58fbdeSHA-256: e06d9493190c5589d8ccdcc06acd321ad773e8eb49bc321d8670191ceef2dd89   x86_64: setup-2.8.71-5.el7.noarch.rpm     MD5: 81b94a5f51b1f36647a3e29c66773d9bSHA-256: 43c4946f12053677a957073e3525e3671d3b45bc6d030ce6901f595ecb25ed0e   Red Hat Enterprise Linux Server FasTrack (v. 7) SRPMS: setup-2.8.71-5.el7.src.rpm     MD5: 64fd6c9853c6c6fe37bcde2a8a58fbdeSHA-256: e06d9493190c5589d8ccdcc06acd321ad773e8eb49bc321d8670191ceef2dd89   PPC: setup-2.8.71-5.el7.noarch.rpm     MD5: 81b94a5f51b1f36647a3e29c66773d9bSHA-256: 43c4946f12053677a957073e3525e3671d3b45bc6d030ce6901f595ecb25ed0e   s390x: setup-2.8.71-5.el7.noarch.rpm     MD5: 81b94a5f51b1f36647a3e29c66773d9bSHA-256: 43c4946f12053677a957073e3525e3671d3b45bc6d030ce6901f595ecb25ed0e   x86_64: setup-2.8.71-5.el7.noarch.rpm     MD5: 81b94a5f51b1f36647a3e29c66773d9bSHA-256: 43c4946f12053677a957073e3525e3671d3b45bc6d030ce6901f595ecb25ed0e   Red Hat Enterprise Linux Workstation FasTrack (v. 7) SRPMS: setup-2.8.71-5.el7.src.rpm     MD5: 64fd6c9853c6c6fe37bcde2a8a58fbdeSHA-256: e06d9493190c5589d8ccdcc06acd321ad773e8eb49bc321d8670191ceef2dd89   x86_64: setup-2.8.71-5.el7.noarch.rpm     MD5: 81b94a5f51b1f36647a3e29c66773d9bSHA-256: 43c4946f12053677a957073e3525e3671d3b45bc6d030ce6901f595ecb25ed0e   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

JSA10771 – 2017-01 Security Bulletin: Junos: Denial of Service vulnerability in...

2017-01 Security Bulletin: Junos: Denial of Service vulnerability in RPD (CVE-2017-2302)Product Affected:This issue can affect any product or platform running Junos OS. Problem: On Junos OS devices where the BGP add-path feature is enabled with 'send' ...

Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager...

A vulnerability in the web interface of Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user...

Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command.

An attacker could...

3057154 – Update to Harden Use of DES Encryption – Version:...

Revision Note: V1.0 (July 14, 2015): Summary: Microsoft is announcing the availability of an update to harden scenarios in which Data Encryption Standard (DES) encryption keys are used with accounts. Microsoft disabled DES by default starting in Window...

RHEA-2014:1858-1: jboss-ec2-eap enhancement update for EAP 6.3.2

Details Updated jboss-ec2-eap packages that add an enhancement are now available for RedHat JBoss Enterprise Application Platform 6.3.2 on Red Hat Enterprise Linux 6. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EEapplications. It is based on JBoss Application Server 7 and incorporatesmultiple open-source projects to provide a complete Java EE platform solution.The jboss-ec2-eap packages provide scripts for Red Hat JBoss EnterpriseApplication Platform running on the Amazon Web Services (AWS) Elastic ComputeCloud (EC2).The jboss-ec2-eap packages have been upgraded to upstream version 7.4.2, whichprovides a number of enhancements over the previous version and ensurescompatibility with Red Hat JBoss Enterprise Application Platform 6.3.2.(BZ#1140700)Users of jboss-ec2-eap are advised to upgrade to these updated packages, whichadd these enhancements. Solution Before applying this update, make sure all previously released errata relevantto your system have been applied. Also, make sure to back up any modifiedconfiguration files, deployments, and all user data. After applying the update,restart the instance of Red Hat JBoss Enterprise Application Platform for thechanges to take effect.This update is available via the Red Hat Network. Details on how to use the RedHat Network to apply this update are available athttps://access.redhat.com/articles/11258 Updated packages JBoss Enterprise Application Platform 6 EL6 SRPMS: jboss-ec2-eap-7.4.2-2.Final_redhat_2.ep6.el6.src.rpm     MD5: 529549aea7babbca6c3951f54dea737eSHA-256: 15d5470feb7c58fe628e01ea42ff56749cb1e06d50f0dc4d9ae4b75c31fe8e2d   IA-32: jboss-ec2-eap-7.4.2-2.Final_redhat_2.ep6.el6.noarch.rpm     MD5: 7588ffc2ee98cd0bceb266b7dcf1fef5SHA-256: 8d3cc4bb3fdcfe8be544ed4c0717009c4c238c252d59d5f13c200de7603e9463 jboss-ec2-eap-samples-7.4.2-2.Final_redhat_2.ep6.el6.noarch.rpm     MD5: 3220bd2e613c8ab36d6dc32ba48e8160SHA-256: 7afaec04df652c7e7f40d95492d9f8b38174a89dd8bebf7550f9b7f641c9911a   x86_64: jboss-ec2-eap-7.4.2-2.Final_redhat_2.ep6.el6.noarch.rpm     MD5: 7588ffc2ee98cd0bceb266b7dcf1fef5SHA-256: 8d3cc4bb3fdcfe8be544ed4c0717009c4c238c252d59d5f13c200de7603e9463 jboss-ec2-eap-samples-7.4.2-2.Final_redhat_2.ep6.el6.noarch.rpm     MD5: 3220bd2e613c8ab36d6dc32ba48e8160SHA-256: 7afaec04df652c7e7f40d95492d9f8b38174a89dd8bebf7550f9b7f641c9911a   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/