Skip to navigation

Security Advisory Moderate: Red Hat Enterprise MRG Grid 2.2 security update

Advisory: RHSA-2012:1281-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-09-19
Last updated on: 2012-09-19
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2012-2680
CVE-2012-2681
CVE-2012-2683
CVE-2012-2684
CVE-2012-2685
CVE-2012-2734
CVE-2012-2735
CVE-2012-3459
CVE-2012-3491
CVE-2012-3492
CVE-2012-3493

Details

Updated Grid component packages that fix several security issues, add
various enhancements and fix multiple bugs are now available for Red Hat
Enterprise MRG 2 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

A number of unprotected resources (web pages, export functionality, image
viewing) were found in Cumin. An unauthenticated user could bypass intended
access restrictions, resulting in information disclosure. (CVE-2012-2680)

Cumin could generate weak session keys, potentially allowing remote
attackers to predict session keys and obtain unauthorized access to Cumin.
(CVE-2012-2681)

Multiple cross-site scripting flaws in Cumin could allow remote attackers
to inject arbitrary web script on a web page displayed by Cumin.
(CVE-2012-2683)

An SQL injection flaw in Cumin could allow remote attackers to manipulate
the contents of the back-end database via a specially-crafted URL.
(CVE-2012-2684)

When Cumin handled image requests, clients could request images of
arbitrary sizes. This could result in large memory allocations on the Cumin
server, leading to an out-of-memory condition. (CVE-2012-2685)

Cumin did not protect against Cross-Site Request Forgery attacks. If an
attacker could trick a user, who was logged into the Cumin web interface,
into visiting a specially-crafted web page, it could lead to unauthorized
command execution in the Cumin web interface with the privileges of the
logged-in user. (CVE-2012-2734)

A session fixation flaw was found in Cumin. An authenticated user able to
pre-set the Cumin session cookie in a victim's browser could possibly use
this flaw to steal the victim's session after they log into Cumin.
(CVE-2012-2735)

It was found that authenticated users could send a specially-crafted HTTP
POST request to Cumin that would cause it to submit a job attribute change
to Condor. This could be used to change internal Condor attributes,
including the Owner attribute, which could allow Cumin users to elevate
their privileges. (CVE-2012-3459)

It was discovered that Condor's file system authentication challenge
accepted directories with weak permissions (for example, world readable,
writable and executable permissions). If a user created a directory with
such permissions, a local attacker could rename it, allowing them to
execute jobs with the privileges of the victim user. (CVE-2012-3492)

It was discovered that Condor exposed private information in the data in
the ClassAds format served by condor_startd. An unauthenticated user able
to connect to condor_startd's port could request a ClassAd for a running
job, provided they could guess or brute-force the PID of the job. This
could expose the ClaimId which, if obtained, could be used to control the
job as well as start new jobs on the system. (CVE-2012-3493)

It was discovered that the ability to abort a job in Condor only required
WRITE authorization, instead of a combination of WRITE authorization and
job ownership. This could allow an authenticated attacker to bypass
intended restrictions and abort any idle job on the system. (CVE-2012-3491)

The above issues were discovered by Florian Weimer of the Red Hat Product
Security Team.

This update also provides defense in depth patches for Condor. (BZ#848212,
BZ#835592, BZ#841173, BZ#843476)

These updated packages for Red Hat Enterprise Linux 6 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some highlights
include:

* Integration with Red Hat Enterprise Virtualization Manager via Deltacloud
* Role enforcement in Cumin
* Cumin authentication integration with LDAP
* Enhanced Red Hat HA integration managing multiple-schedulers nodes
* Generic local resource limits for partitionable slots
* Concurrency limit groups

Space precludes documenting all of these changes in this advisory. Refer to
the Red Hat Enterprise MRG 2 Technical Notes document, linked to in the
References section, for information on these changes.


Solution

All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised
to upgrade to these updated packages, which resolve the issues and add the
enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor
and Cumin must be restarted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
condor-7.6.5-0.22.el6.src.rpm
File outdated by:  RHSA-2013:1294
    MD5: 544a33a1d7f08fc09971f4d8f1a6810f
SHA-256: 1b452e67fb184db5c50c3aede2d973461791272b429f1700c8a776c24bbba07c
condor-wallaby-4.1.3-1.el6.src.rpm
File outdated by:  RHSA-2013:0565
    MD5: 126ae8d95fb17ea9e491d32ffe9ce826
SHA-256: c933730e8faac2cc1b76b2543a9c152046a51ab0f1473c2963ae9992acbe5da6
condor-wallaby-base-db-1.23-1.el6.src.rpm
File outdated by:  RHSA-2013:0565
    MD5: e4c90059173934e71851331bc05d22d9
SHA-256: ec64eafe4cebff0983383bd9072566ffd99c88bfbd185bc2d56628aa8c707f44
cumin-0.1.5444-3.el6.src.rpm
File outdated by:  RHSA-2013:1852
    MD5: fafdb1ae0498f69747552f79108b3ad4
SHA-256: 41cc2206b945b0ff1e8cf2590e0f78b0395c38d77ca07d6bb36a0e018c3839aa
deltacloud-core-0.5.0-10.el6_2.src.rpm
File outdated by:  RHSA-2013:0565
    MD5: f5148d840d112c44d821feb2d3f95caa
SHA-256: 9f4169a9b7023bd03f8500e8f257e1ccee427f5b3029b4686c0094f1e6cb8d94
libdeltacloud-0.9-1.el6.src.rpm     MD5: ae03ef1222d71e78b01c0d1254966308
SHA-256: 4e9ce61ac8202a7949ef2cdf93b32511bf00d785b6bafb82f022448c424dc15b
rubygem-daemons-1.1.4-2.el6.src.rpm     MD5: 96f913f5d04d6c249f7624df03ab935e
SHA-256: afa2f5f2d02ed843931e6fe65eeb5b1329f320250458dc776afeba9c38f8d909
rubygem-eventmachine-0.12.10-7.el6.src.rpm     MD5: 14179c8f03df6090a071bea731722d09
SHA-256: bca27bcf6dae3a74cacf608062c4814125531b6e681f08b42d5bae648dcfa97c
rubygem-fssm-0.2.7-1.el6.src.rpm     MD5: f8390f4d5b14c27679c3c3670b1c8ed6
SHA-256: d39f672214800ab23b6e78d40035a401f034f37574e1f473cb78c2c8034858f2
rubygem-haml-3.1.2-2.el6.src.rpm     MD5: 034be21f47f76fafc34e6943fe05f8f7
SHA-256: 71918d1b3ce50568663529ce12e223e990a33cc7e5f711aa2e32b7ec7098007c
rubygem-hpricot-0.8.4-2.el6.src.rpm     MD5: 52b8aacaee036ccf18fc202e62a73b0f
SHA-256: 5010a98729ddc71aacecab534c8543778e22273f721288516ea1f61ac4f6808e
rubygem-json-1.4.6-10.el6.src.rpm     MD5: a42782ba60b3b150e42a3e7003a86346
SHA-256: 2f384ce36bdf73ade7b879425fe7189b2d792643cceb97a8649f1bc87ab50131
rubygem-maruku-0.6.0-4.el6.src.rpm     MD5: 9039f02fdbfef277c3f7778337a54d14
SHA-256: 5024b7e2a1e3c8b087042f5f06412bdd51d7129724cec4df67bd12d44ab9f14b
rubygem-mime-types-1.16-4.el6_0.src.rpm     MD5: 58377c84042390e4a8265803d81779b1
SHA-256: 04abcaf05162e237c7aeb4f711ec01c836a08d7e76e81a34f4acdeb32e1da49e
rubygem-mocha-0.9.7-4.el6.src.rpm     MD5: b2fd66dbd081bba7e3f36b4bf40e0e9c
SHA-256: 9ba1b0fa654cdbe294c6363ce7a39de17a220bfa0032fdf15175ebe745dfe408
rubygem-net-ssh-2.0.23-6.el6_0.src.rpm     MD5: 844a9a65614de762179f2a4f62ca4a37
SHA-256: f8e1a6e2dbcdd35ed90d5500d9b29550305e96cca89dd85d4bbc5030e7af07f4
rubygem-nokogiri-1.5.0-0.8.beta4.el6.src.rpm
File outdated by:  RHSA-2013:0565
    MD5: 081c725cf42fcfc33e7d39696b6dc7dd
SHA-256: 9b02fe986c35fe40ce87ad80c6b410d228c1e4225405db96a9f536ce1d27deac
rubygem-rack-1.3.0-2.el6.src.rpm
File outdated by:  RHSA-2013:0565
    MD5: 0ae22cdd01adc5677658d6adce3395d7
SHA-256: aaf361bfaae6913263adb989c7507b8d14a074ff4783eea663b9b60dc8c52ab2
rubygem-rack-accept-0.4.3-6.el6_0.src.rpm     MD5: a91b4ac44a792d9ad2e945bde49f5bb7
SHA-256: 21e8f367a7cc2493871dc8d3d6812fbeccf44a6749c701424480358a33f60a60
rubygem-rack-test-0.6.1-1.el6.src.rpm     MD5: eab07dcbe712817c0b4718499e49621d
SHA-256: 0c110b088fcec2d06e0007c6ed282cb3e5c5f4c39bc4d49d24c60ac0f5d406e5
rubygem-rake-0.8.7-2.1.el6.src.rpm     MD5: 48eca4b896bda099eff9f3f966f20877
SHA-256: 898cba34ee705b6719c94e8f83b4a8e7d6a5bde943166df37f7b327963433af7
rubygem-rest-client-1.6.1-2.el6_0.src.rpm     MD5: b1118895f65e91427449a1a81f856a0e
SHA-256: 3618604d618e5bcc80febb01433360f6fc0596a0320fefa200233fafb16912a4
rubygem-sass-3.1.4-4.el6.src.rpm     MD5: ef955a1504bdcf3918bb796338cecbeb
SHA-256: c277022b06eab16590b774e461aa1ba1f47d1d24da64f242f042d3f573d7b015
rubygem-sinatra-1.2.6-2.el6.src.rpm     MD5: d116a96d1a63810f8be2b7d2f658ccbd
SHA-256: f089cbd6b2528936fbc57a9684def8963dcb98528cf7fb16c6dcfb59147afb91
rubygem-syntax-1.0.0-4.el6.src.rpm     MD5: d4b724a73cae6fa2426b25eba7607b3d
SHA-256: 169f1c785fc68baabb9f76e7388018287bb80080eca45faf86a17b103116fb0f
rubygem-thin-1.2.11-3.el6.src.rpm     MD5: 29bde9a00855081629b282d02812047a
SHA-256: 20305eb72044d8e9f265a362d3eb8c26bd09f98e47463fdca17a1beac537d845
rubygem-tilt-1.3.2-3.el6.src.rpm     MD5: ebc36dc1584762bb3f1cf9353f13cb7d
SHA-256: 3cd9ce061852b38f3d63e2058e11a5698a2c67b768f220cb6c0f39908c77da11
rubygem-yard-0.7.2-1.el6.src.rpm     MD5: 89df78ca850d771dc7eaf3b792386f81
SHA-256: 7c037cb10cd777ffff6eb81b6ee0d1cfdd5e5cf3fafddc30e6d722c91e616b93
rubygems-1.8.16-1.el6.src.rpm
File outdated by:  RHSA-2013:1852
    MD5: 027d96c581d073676016a76a51602346
SHA-256: bec2927259d3fe32a24c43a888451582dccd58b22ff497c658e2037b49ad2dc9
sesame-1.0-6.el6.src.rpm
File outdated by:  RHSA-2013:0565
    MD5: 233bc5dd7420cdd9cdd6caa4d082b0b5
SHA-256: 56cb49d0f48805ac2161998a2c333a42d04f04fc08253eb0c56a80b96b822114
wallaby-0.12.5-10.el6.src.rpm
File outdated by:  RHSA-2013:0565
    MD5: 0e36102bedcd6392204d7a691e9d28fd
SHA-256: ec68a98b63e88e3b21aa04a35bf4d4244b863b9dd0392c8b52244273fb0f4320
 
IA-32:
condor-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: caa9a3eb20e0d951b47d1bbd8f7ef067
SHA-256: 45ba52c39d5ae0fa2452b3a7dfe7100b15076224d8947c36ff3432db06d8018b
condor-aviary-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 459d49c4d5a056d9462bd522214293a9
SHA-256: 428ea5aeb1bb837e170dbd3274a52f4bf77fec856ffc2027cdd47053625d830e
condor-classads-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: a6011dd98e37661d5d4a28f2d8defe5e
SHA-256: a731817655f6fd559000eaafb26d58524d905eb8aa163cc4452fbd1986208203
condor-cluster-resource-agent-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: c42f7c0c87b236630508a55a4b99e359
SHA-256: 9f3895b3ac804844d8e40ad61b37cf30e4197597b8f6b8a871636e0fdbac28eb
condor-debuginfo-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 05d7f762a4096f1138d326cb397bfe15
SHA-256: 3515cd1e4c5a75cf7ed25c2bf217a2d68234cc541adc49a5ad481c063c97dbb5
condor-kbdd-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: d781bcf28784b393d5a5b2c57eb7f18b
SHA-256: 5d276bb7fa0485f5126dec8de153da81e12ac8d63413f90ee955ce91140ef395
condor-plumage-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: d0f9cf8d36ea13b82002a14dd4f24a9f
SHA-256: ebac29910b128e9c9c6cce9c33c186ae6353dd4d0eea4be840a881e1e5131520
condor-qmf-7.6.5-0.22.el6.i686.rpm
File outdated by:  RHSA-2013:1294
    MD5: 4ef7a2ebc62eb3b8282903b22ec0bbff
SHA-256: 27a8bd1bd4ea3d2ba69f8a98111520b7743ffc3a429fba1656033137045402c7
condor-wallaby-base-db-1.23-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 42eaa85c7d225d783db110f5a4e8b514
SHA-256: 5ce7b412792ce8da8ff03acdda210b34d3d96f00a0bb21494648b2d99d592622
condor-wallaby-client-4.1.3-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 25771e6fe26ad148c2f57ca49b883237
SHA-256: eb1f87e2f6fcc6a320852c676ebd18dc4f8658dc0c820590c292b28b6eb62d28
condor-wallaby-tools-4.1.3-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: b36e0ed02cd1237a0e40066b251fe8fd
SHA-256: 32a59a1986fc5a464a0fea371ecbe1c8a0ffda46bbb9c75b063dad44b9ba1ad0
cumin-0.1.5444-3.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: ee7081ef939c9c97eacc166b675c7419
SHA-256: f8c7e8df7ef8120d3ca7c3dbde5319dca45e76db54cb6816bb03da85afe089c7
python-wallaby-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 71bb25f1dd2d637a70c9a4a95528ec02
SHA-256: 19c914ce5f0180a8a35855a878e08e2f96dbd45894adae4af810ac170611da35
python-wallabyclient-4.1.3-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: bd08879bf5d786a5066da344af14e36f
SHA-256: 5d061efccc9ad757a01d0812839af0537bb68c87c9f061ea4056096a8e98a4c3
ruby-wallaby-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 50bab3bf376511e6720e9dafd165adf7
SHA-256: 6e4eaa8a4b7ab3288c9e0abc761e2a281f034af55ecae1696dc2e2a3691fb37d
rubygem-rake-0.8.7-2.1.el6.noarch.rpm     MD5: b0c3b2eb06683b76c555515267caeffa
SHA-256: c7f892e6b9f77e75375c7513170b215c78109dea37b494dc85036b9cbf7fb5cc
rubygems-1.8.16-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: a08d1276a506339b511c44b050da0e78
SHA-256: 611fcf51d6a05adcd0a569f36cd6c217f30729f897b92e2ba442b0f6be26bbcc
sesame-1.0-6.el6.i686.rpm
File outdated by:  RHSA-2013:0565
    MD5: a3d0985dd44179173f0680125e044880
SHA-256: c5d126a60e7ff133e025c0dc47fba0a80fb578bcc9c0db547bf6563fbc50195f
sesame-debuginfo-1.0-6.el6.i686.rpm
File outdated by:  RHSA-2013:0565
    MD5: eb58c7417ed8730167475e9dc6ec6a7c
SHA-256: 059bc3418bfa87a19899ce740ca65e654719800c56e795702d422dd27c5303f5
wallaby-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 9dbc831a89259c7868ff77f9243d99a8
SHA-256: 2a6cc57ae4297c6c1ca502caaf326cdc48d54ded1393c5bd675059e11bf61b34
wallaby-utils-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: b3899d919e5984662536363b683f56ff
SHA-256: 2daebfaddb4042448be774645fcb004ed752f36bdde7c7c13e180668f4d3ebb2
 
x86_64:
condor-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 7e40ecdeb735685ac9ade5990162486b
SHA-256: c832c095628c5c9edf1d49c6069f42eb70983492e9bbecbf4889c6ef2e04e367
condor-aviary-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: f2f7820732e3c80e4d497deee8929253
SHA-256: abd05ef8797591c5485db6c926c7feaa6d79543385e2ae4405d88a7ec60498a9
condor-classads-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: c06ae08b41f4b6771ee01a6018f1c93a
SHA-256: a9ccc7f57b713df52ed990a9293c6e0917f28d82efa113c3444303ae09e0bf54
condor-cluster-resource-agent-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: e1318d795ebfeef77b516ee4173117ee
SHA-256: cb0e914523742988e40862a565d74eee0d310e288358bfc965b52a68f7803d37
condor-debuginfo-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: c0efd77fa8924a70d23ebc02a75e6ea0
SHA-256: ce48beccc2bf2c1c9ea4499d65cd2d84ddbc6a405a92251a5a8f3a65e06c0493
condor-deltacloud-gahp-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 6170655bd6fc53245936af6a5655fc59
SHA-256: a0565048e717d5ed0e171ac00ed1fd1504aca8b4cd369791c7081af35786ccfa
condor-kbdd-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 3a318e406ab27e90c4210206a441581b
SHA-256: 0774cc39ff194a5fb444c26a93c265c2953e2e050a3ab4a3a8d49afdde6867b9
condor-plumage-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: a2f3008e29a869312f2e102f3f92f464
SHA-256: e7bd69d289fdd23e5a6539d4bc8894a94be28f75b108dee8ee1d2d03e06f1d24
condor-qmf-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: c76bf6e3947bee40ddfb388faa7d64d3
SHA-256: 98fdc24009a5f77e27406fb91cabaeb662f43d96e5f836765a59f824399f975c
condor-vm-gahp-7.6.5-0.22.el6.x86_64.rpm
File outdated by:  RHSA-2013:1294
    MD5: 823e25de547bc558b2887f98f08009c2
SHA-256: e4e23e651f82fc6e48ad340af6e39081ecd008289b18b7606d181726c6a5f552
condor-wallaby-base-db-1.23-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 42eaa85c7d225d783db110f5a4e8b514
SHA-256: 5ce7b412792ce8da8ff03acdda210b34d3d96f00a0bb21494648b2d99d592622
condor-wallaby-client-4.1.3-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 25771e6fe26ad148c2f57ca49b883237
SHA-256: eb1f87e2f6fcc6a320852c676ebd18dc4f8658dc0c820590c292b28b6eb62d28
condor-wallaby-tools-4.1.3-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: b36e0ed02cd1237a0e40066b251fe8fd
SHA-256: 32a59a1986fc5a464a0fea371ecbe1c8a0ffda46bbb9c75b063dad44b9ba1ad0
cumin-0.1.5444-3.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: ee7081ef939c9c97eacc166b675c7419
SHA-256: f8c7e8df7ef8120d3ca7c3dbde5319dca45e76db54cb6816bb03da85afe089c7
deltacloud-core-0.5.0-10.el6_2.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 7903b20b28327636c46bb4c80818d056
SHA-256: a5661bd859e6b594911b9282cd66bd71e04ed9f8401b6f72d61fa12a735eebf4
deltacloud-core-doc-0.5.0-10.el6_2.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: ad53d642f3dd12bf897002aa4a77b69e
SHA-256: 2c24c4870ddb919d0ca51ddd17d54b28871ca16415db1c60d9bf1bdf059448ee
deltacloud-core-rhevm-0.5.0-10.el6_2.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 17266fd6c73057510ea01d10181495f4
SHA-256: de0839d8840c787034697d8b16fc15f4cd5eb49ba685ffbccff5b232785821b6
libdeltacloud-0.9-1.el6.x86_64.rpm     MD5: f9af34d21d1e40f492074184cfb5a126
SHA-256: fb16ec8daea78dbd90832be8b21af373606ff1930cfd56216085f50cb3572109
libdeltacloud-debuginfo-0.9-1.el6.x86_64.rpm     MD5: 8edf0c70b5565ef1507afb7ab56811f5
SHA-256: e50d7fa79c7a3e8710958ba368c4b0402813e1730fba2dce6a4d87fc8cb87703
libdeltacloud-devel-0.9-1.el6.x86_64.rpm     MD5: df0bc84e9d8e573613ac57a0fd3e9bd3
SHA-256: 274a4d2da367f17a7132e867b10be8f21c2b485c6e8367b4d2bd804cf4b9a91e
python-wallaby-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 71bb25f1dd2d637a70c9a4a95528ec02
SHA-256: 19c914ce5f0180a8a35855a878e08e2f96dbd45894adae4af810ac170611da35
python-wallabyclient-4.1.3-1.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: bd08879bf5d786a5066da344af14e36f
SHA-256: 5d061efccc9ad757a01d0812839af0537bb68c87c9f061ea4056096a8e98a4c3
ruby-hpricot-0.8.4-2.el6.x86_64.rpm     MD5: 1ae84aa5847d5c4df6bffd862fc36934
SHA-256: ebcc892d5c3d74378ae0ef5325c80d83c2f6046542f1f8793e35c45bd99ccb12
ruby-json-1.4.6-10.el6.x86_64.rpm     MD5: 5ef6f4bed03abd0ffcc20040924eb00c
SHA-256: 98fb3a03280d98675c4052cdaa326950b0584a7f96e57fc9fbb3d88bfcca26fb
ruby-nokogiri-1.5.0-0.8.beta4.el6.x86_64.rpm
File outdated by:  RHSA-2013:0565
    MD5: d66bfbc50013605efdeef123283b37db
SHA-256: bf7774b81431113a7303bf4f2d6c6d029a30b0950493613ea2d08a9e716f0888
ruby-wallaby-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 50bab3bf376511e6720e9dafd165adf7
SHA-256: 6e4eaa8a4b7ab3288c9e0abc761e2a281f034af55ecae1696dc2e2a3691fb37d
rubygem-daemons-1.1.4-2.el6.noarch.rpm     MD5: cd59106c6e57b8d1dc23ab7757180d0b
SHA-256: 388a94f44efaeb9d3106a87ffac372474b523c23d60c6b181416cbf7aff1489e
rubygem-eventmachine-0.12.10-7.el6.x86_64.rpm     MD5: 51bb91e3f60a8a2037830d37eb02485b
SHA-256: 32cfa7da0a12a4bfbe29cdaefd853a69cefcc03a5eb546d4d53104f2477c855f
rubygem-eventmachine-debuginfo-0.12.10-7.el6.x86_64.rpm     MD5: dbbe63260bd45b89ab8108540ebf0064
SHA-256: a2fee81987cf1c3fed3e4aa7d6f87366a43f184bf8b9fc30ac910e3825ad751c
rubygem-fssm-0.2.7-1.el6.noarch.rpm     MD5: 65a359c6d0e25df77bb0b5da64786be2
SHA-256: 726a7024dfd1204d63cf2340866894e04bacbc42e0aedeebf26af08b5e378ea1
rubygem-haml-3.1.2-2.el6.noarch.rpm     MD5: d9082d4b91a12db31bcd32d77d4db7be
SHA-256: 0922b4e76aacab8e1e464a64fe003fea4dce77af5e29b793a20093b6e4904d90
rubygem-hpricot-0.8.4-2.el6.x86_64.rpm     MD5: 27d36a7bfe49c7dcaff6590834a74d4a
SHA-256: 97317df0b9a17b690df7ba84e0cc40e2a22b7d60be6e8a48aea3792eeb1a0b20
rubygem-hpricot-debuginfo-0.8.4-2.el6.x86_64.rpm     MD5: fcbf7e6dfd34ba0f9a42ccb422a71e78
SHA-256: 05068cd5374c5856d4677cde678304549a60f82874a51a100e76dbd6dc79f16e
rubygem-hpricot-doc-0.8.4-2.el6.noarch.rpm     MD5: 9bb3bb342dcf8f67cb3d3c2747b6e3db
SHA-256: 3da66ec76825a32b065204a95231bfb0ba4ddcd425c8ad840c1be3dfb836400e
rubygem-json-1.4.6-10.el6.x86_64.rpm     MD5: 0cf8f1679756832df4c2fa431055e62a
SHA-256: 8f8a7164f554267fed79494a9b492cc3258bd3eb2de6556388780b43a8a40cf4
rubygem-json-debuginfo-1.4.6-10.el6.x86_64.rpm     MD5: 7ec4e76a650b16117ba4c962c28bebb3
SHA-256: a666385e22e673033f18cb511ff0dd5c56038552dd1f672f7db87ff65dac2b17
rubygem-maruku-0.6.0-4.el6.noarch.rpm     MD5: f882931e9e633d61c092c862e399e4ef
SHA-256: bde33170525ccd06a8cb36186866eb687e76e4c154b7f25e3ccc936ee1e9e9e2
rubygem-mime-types-1.16-4.el6_0.noarch.rpm     MD5: 679de30f1ea595bffc6eaf935bc7a801
SHA-256: da90d601898789d806f90ffa9964381d034eb439a5a61257f9fecf41b5cce215
rubygem-mime-types-doc-1.16-4.el6_0.noarch.rpm     MD5: 82de2532e0b5110d90dddfb5fe0e5758
SHA-256: d74478759c3394599f252021bc66b8adf60ae8105c3504f636810772962d8d8f
rubygem-mocha-0.9.7-4.el6.noarch.rpm     MD5: 81b59ad7662a90bb9a2dd3eb0f7045ff
SHA-256: fb0fdf7d6fed39b193377e407dd598a881f44321ab3166689324556b438bfb56
rubygem-net-ssh-2.0.23-6.el6_0.noarch.rpm     MD5: dcca3f0f9d45e766a3f98804ddc0cf91
SHA-256: f8c683b216fad7c29c56ef00d7321e3731f02aca74fc4766f69e1c0990955218
rubygem-net-ssh-doc-2.0.23-6.el6_0.noarch.rpm     MD5: ca8222ae0225ef1e5aaa65edd2fe324f
SHA-256: 75dad815f65151b6eb47472009624c792d3ee2827373cc4db24df5d9dc4aea05
rubygem-nokogiri-1.5.0-0.8.beta4.el6.x86_64.rpm
File outdated by:  RHSA-2013:0565
    MD5: fa6ee6fa6776464a6c0e423ef29770b9
SHA-256: 7dd2f995cd391ec42b2bb00d297d52d8b32fa1c847e17dc9bd20d8cae74bddd0
rubygem-nokogiri-debuginfo-1.5.0-0.8.beta4.el6.x86_64.rpm
File outdated by:  RHSA-2013:0565
    MD5: f323c30b8b57f84464b84847b17e5261
SHA-256: b419c68bacd19002daa76b4bb44c1730c5c78e6d3d54a0bf54ccd117aefe8097
rubygem-nokogiri-doc-1.5.0-0.8.beta4.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: a15ea0a45a2249dc0290db07826dae7f
SHA-256: 4cf8c41d7b0353926b89b72eafaf3bd2c0d80ea4a69a53d8eced0a09fbc12a92
rubygem-rack-1.3.0-2.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: f1373337f073422ed638f15a3b8a7e36
SHA-256: 83359edbcd151f97d2164c92a5495dc5611bfa6d435e9c3a788a328c7eaf0aae
rubygem-rack-accept-0.4.3-6.el6_0.noarch.rpm     MD5: ba6c00442b467a4d67fff24650037b73
SHA-256: bce54f5084436322a76b7615929b264bc9739dafef928f77158e7d22ce1773dd
rubygem-rack-accept-doc-0.4.3-6.el6_0.noarch.rpm     MD5: 3e7a800d8c8c2dc72a1a8b6079200da0
SHA-256: 16fca6d36d18b381cd00709acda182d6eac824534833dc88c0f5af9b50597c73
rubygem-rack-test-0.6.1-1.el6.noarch.rpm     MD5: 8ec85f19f0e8d68a919bf41d34190e0a
SHA-256: 759950d2eaa9a3587649ab18ecd40e17986728bde1751d37416ab1dee285118b
rubygem-rake-0.8.7-2.1.el6.noarch.rpm     MD5: b0c3b2eb06683b76c555515267caeffa
SHA-256: c7f892e6b9f77e75375c7513170b215c78109dea37b494dc85036b9cbf7fb5cc
rubygem-rest-client-1.6.1-2.el6_0.noarch.rpm     MD5: 0790cd9c12a317eea9e0c2b170400a31
SHA-256: 362def04dbb84a1435c3fd1e95920ee61333f9030912fbe2dd326a7ef138924f
rubygem-sass-3.1.4-4.el6.noarch.rpm     MD5: 7d5888d674732d282210a0b4afd1b529
SHA-256: 2018b7f064b5b8a84787ba63f2d905ac680d991391ad20da301ef79b69e648c2
rubygem-sass-doc-3.1.4-4.el6.noarch.rpm     MD5: 89236bd4da06eaeb8585f68e24e3aba7
SHA-256: 529c2d1ad7363423b04642376ce748971bf6bf1269aec208524904a99338c5dc
rubygem-sinatra-1.2.6-2.el6.noarch.rpm     MD5: b110b9df8748c8f8c0898ef08a162126
SHA-256: bde8bafa9828b9b6f598032df044b25cd1d17188e56f6d326ef90ce27a68e855
rubygem-syntax-1.0.0-4.el6.noarch.rpm     MD5: b48ee9cb27610856fb8aaa8acdba0188
SHA-256: a0d6825d4a25ffbb5de165bbacf4f4d15b0ad7d5d7dbc5aff826e2ed67ec2180
rubygem-thin-1.2.11-3.el6.x86_64.rpm     MD5: 3d3f28628d1698ac0e43eaa09cc0bcdf
SHA-256: 60004afdd2e13fb670bc5dd1f5d48b360c2ea53a39fb7d08494b7c0e1898f426
rubygem-thin-debuginfo-1.2.11-3.el6.x86_64.rpm     MD5: 9f8e789d30aea59754d1c21f1f7f9d1c
SHA-256: a40e44ef59061d599e9b979df024b07d469d65faae75f146ba4a75cc571be3cf
rubygem-thin-doc-1.2.11-3.el6.x86_64.rpm     MD5: 75ab4b5df71d68319a9a6d3651663270
SHA-256: ad7a97f6fa6cc3c9b3d9c2a6622e71278c4c34a4b99fb2be64e74825ba66981a
rubygem-tilt-1.3.2-3.el6.noarch.rpm     MD5: 4066b85cbcbacadd21eaeb81812cc27a
SHA-256: 33dc4bd1ce82c9f7fed94309fb700fc1a30f68c5fca1389624fb4925eab7d076
rubygem-tilt-doc-1.3.2-3.el6.noarch.rpm     MD5: 8127fe25b5af494537159c08bb257aa9
SHA-256: 9aa600657266d66b7a00860ef8de2cb616a98453e118804be6ef3b965a68d0f4
rubygem-yard-0.7.2-1.el6.noarch.rpm     MD5: 32a49d4453479bb39079566a2cd98ff8
SHA-256: 4f195660ba6c7adf4a4afc53d563983f83a9d0fcb0bda5fcd929687a12301509
rubygems-1.8.16-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: a08d1276a506339b511c44b050da0e78
SHA-256: 611fcf51d6a05adcd0a569f36cd6c217f30729f897b92e2ba442b0f6be26bbcc
sesame-1.0-6.el6.x86_64.rpm
File outdated by:  RHSA-2013:0565
    MD5: d202391bd01319a8de2d608c736ca4c5
SHA-256: 7fe51e1ca91ddd1f7aa78b78a21b8a8d94063b14574b63e17528beb16a4fb533
sesame-debuginfo-1.0-6.el6.x86_64.rpm
File outdated by:  RHSA-2013:0565
    MD5: 65fde042c6494cbe5c7e77c2cdbf72cd
SHA-256: 33cfa05045a95ad464d58512df2b9473369da1def842faee02112a81f1a82c89
wallaby-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: 9dbc831a89259c7868ff77f9243d99a8
SHA-256: 2a6cc57ae4297c6c1ca502caaf326cdc48d54ded1393c5bd675059e11bf61b34
wallaby-utils-0.12.5-10.el6.noarch.rpm
File outdated by:  RHSA-2013:0565
    MD5: b3899d919e5984662536363b683f56ff
SHA-256: 2daebfaddb4042448be774645fcb004ed752f36bdde7c7c13e180668f4d3ebb2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

827558 - CVE-2012-2681 cumin: weak session keys
829421 - CVE-2012-2680 cumin: authentication bypass flaws
830243 - CVE-2012-2683 cumin: multiple XSS flaws
830245 - CVE-2012-2684 cumin: SQL injection flaw
830248 - CVE-2012-2685 cumin: DoS via large image requests
832124 - CVE-2012-2734 cumin: CSRF flaw
832151 - CVE-2012-2735 cumin: session fixation flaw
846501 - CVE-2012-3459 cumin: allows for editing internal Condor job attributes
848212 - CVE-2012-3490 condor: does not check return value of setuid and similar calls, exploitable via VMware support
848214 - CVE-2012-3491 condor: local users can abort any idle jobs
848218 - CVE-2012-3492 condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass
848222 - CVE-2012-3493 condor: GIVE_REQUEST_AD leaks privileged ClaimId information


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/