Skip to navigation

Security Advisory httpd security update

Advisory: RHSA-2005:582-04
Type: Security Advisory
Severity: Moderate
Issued on: 2005-07-25
Last updated on: 2005-07-25
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-1268
CVE-2005-2088

Details

Updated Apache httpd packages to correct two security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server.

Watchfire reported a flaw that occured when using the Apache server as an
HTTP proxy. A remote attacker could send an HTTP request with both a
"Transfer-Encoding: chunked" header and a "Content-Length" header. This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks. The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the name CAN-2005-2088 to this
issue.

Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback. In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL). The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the
name CAN-2005-1268 to this issue.

Users of Apache httpd should update to these errata packages that contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
httpd-2.0.46-46.2.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2485d59f9189bb5a5e9463867cb00937
 
IA-32:
httpd-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 5915db1d48c7e002164887a49156f038
httpd-devel-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: dcd3540ca04584c48b126d19b4d02f00
mod_ssl-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 16497b8e37ecefc801109a3aafe9e2cd
 
x86_64:
httpd-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: ceff2faef7e7761e0c3af1afddd90089
httpd-devel-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 36d38f054073c6ba6fe191661e5a3262
mod_ssl-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 3364d1be17046cf4b34e2d07eb480c0c
 
Red Hat Desktop (v. 4)

SRPMS:
httpd-2.0.52-12.1.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: 4bf86a415d443e3f9e82a8655f70491d
 
IA-32:
httpd-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: f0ff91d7729f04fcb6b772f87b01c179
httpd-devel-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5bfd6d2f6c3b1da7dd0e49ff845ec22c
httpd-manual-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5cd0e2f836bca3d18cd85d580b1df21d
httpd-suexec-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5eeef4820af8a522e0cd8c38dd50705c
mod_ssl-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8c88eec014875998f0d61ed71005d764
 
x86_64:
httpd-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8a92e250417a3dee66927f566c04becd
httpd-devel-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 84ad072a58b1410ece325c35b3b4b07f
httpd-manual-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: d3ca7c4932a1004b5f009b4ddc9d8895
httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: bd5ac6d9149784138adbaf6172602998
mod_ssl-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 7912fac9169ce5071198c3503566cbaf
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
httpd-2.0.46-46.2.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2485d59f9189bb5a5e9463867cb00937
 
IA-32:
httpd-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 5915db1d48c7e002164887a49156f038
httpd-devel-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: dcd3540ca04584c48b126d19b4d02f00
mod_ssl-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 16497b8e37ecefc801109a3aafe9e2cd
 
IA-64:
httpd-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: fe914bbf691939bfb2f87a002ec2e7a8
httpd-devel-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: e3f48f063d1eec644797347299ebd317
mod_ssl-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: b8fc362a02f2d1a74ebd1e8573288831
 
PPC:
httpd-2.0.46-46.2.ent.ppc.rpm
File outdated by:  RHSA-2009:1579
    MD5: d74b60a2081276c375074735c200bf71
httpd-devel-2.0.46-46.2.ent.ppc.rpm
File outdated by:  RHSA-2009:1579
    MD5: debba18353c314f1156b379fff3e0ba3
mod_ssl-2.0.46-46.2.ent.ppc.rpm
File outdated by:  RHSA-2009:1579
    MD5: d4055c6b92c696c90259753c195dd2f5
 
s390:
httpd-2.0.46-46.2.ent.s390.rpm
File outdated by:  RHSA-2009:1579
    MD5: 9c0c7fd62f33cb30e479d920b296ae52
httpd-devel-2.0.46-46.2.ent.s390.rpm
File outdated by:  RHSA-2009:1579
    MD5: 772353077869e3daa4cd9a223626b87e
mod_ssl-2.0.46-46.2.ent.s390.rpm
File outdated by:  RHSA-2009:1579
    MD5: 4ad4d92181a4d3dec2a7a7f2a6c802fd
 
s390x:
httpd-2.0.46-46.2.ent.s390x.rpm
File outdated by:  RHSA-2009:1579
    MD5: 7acb2591480191fc2388050a1fcbbd6f
httpd-devel-2.0.46-46.2.ent.s390x.rpm
File outdated by:  RHSA-2009:1579
    MD5: 759af088061f6de619f45d2a4186f391
mod_ssl-2.0.46-46.2.ent.s390x.rpm
File outdated by:  RHSA-2009:1579
    MD5: 0df3c03a9ddec5969f5e44a344f25797
 
x86_64:
httpd-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: ceff2faef7e7761e0c3af1afddd90089
httpd-devel-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 36d38f054073c6ba6fe191661e5a3262
mod_ssl-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 3364d1be17046cf4b34e2d07eb480c0c
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
httpd-2.0.52-12.1.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: 4bf86a415d443e3f9e82a8655f70491d
 
IA-32:
httpd-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: f0ff91d7729f04fcb6b772f87b01c179
httpd-devel-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5bfd6d2f6c3b1da7dd0e49ff845ec22c
httpd-manual-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5cd0e2f836bca3d18cd85d580b1df21d
httpd-suexec-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5eeef4820af8a522e0cd8c38dd50705c
mod_ssl-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8c88eec014875998f0d61ed71005d764
 
IA-64:
httpd-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: d461e0a6b0b00511f55f2407e466ce46
httpd-devel-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 97d80a559ec7287d2d5f5f2d2c6ad358
httpd-manual-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 718fd0a64412ade9e587ecb2efec2f8d
httpd-suexec-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: ca9b95e1307733fb7405ee2637d258b3
mod_ssl-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 10d218820e3916ea405c487f00b2adef
 
PPC:
httpd-2.0.52-12.1.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: 1a5a5c16643d4dde9cbb7b91da6ee148
httpd-devel-2.0.52-12.1.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: d7394c176ccf80e7e5b5349d7ea56849
httpd-manual-2.0.52-12.1.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: 021f850d3602a95333c4bd09a5157f3a
httpd-suexec-2.0.52-12.1.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: 86bc7a492b98346c43e9896c2ba69e42
mod_ssl-2.0.52-12.1.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: 9d8b653242aa26be29c935821d69a3d7
 
s390:
httpd-2.0.52-12.1.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 49b18d9f25642358fc51b9ee899ce821
httpd-devel-2.0.52-12.1.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 134b801a276e12c3c18cf8c3224de76b
httpd-manual-2.0.52-12.1.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: b83871e54a55b528bfd721d09a3750c7
httpd-suexec-2.0.52-12.1.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 787d97aa79b2e56baa3f0e32a4381ede
mod_ssl-2.0.52-12.1.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 387c3be4fbe49a71c1b25692d195bb25
 
s390x:
httpd-2.0.52-12.1.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: b332322b6ab797bba039212403240cb9
httpd-devel-2.0.52-12.1.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: 67b79e022ea14b19e5c6a50862db2b36
httpd-manual-2.0.52-12.1.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: b09d1feaa0370a17d629ab0e2499ff33
httpd-suexec-2.0.52-12.1.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: dad3f84731db6346251bcae31528b8fa
mod_ssl-2.0.52-12.1.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: a0c61974562e85e3b89957d478be6c42
 
x86_64:
httpd-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8a92e250417a3dee66927f566c04becd
httpd-devel-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 84ad072a58b1410ece325c35b3b4b07f
httpd-manual-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: d3ca7c4932a1004b5f009b4ddc9d8895
httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: bd5ac6d9149784138adbaf6172602998
mod_ssl-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 7912fac9169ce5071198c3503566cbaf
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
httpd-2.0.46-46.2.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2485d59f9189bb5a5e9463867cb00937
 
IA-32:
httpd-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 5915db1d48c7e002164887a49156f038
httpd-devel-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: dcd3540ca04584c48b126d19b4d02f00
mod_ssl-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 16497b8e37ecefc801109a3aafe9e2cd
 
IA-64:
httpd-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: fe914bbf691939bfb2f87a002ec2e7a8
httpd-devel-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: e3f48f063d1eec644797347299ebd317
mod_ssl-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: b8fc362a02f2d1a74ebd1e8573288831
 
x86_64:
httpd-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: ceff2faef7e7761e0c3af1afddd90089
httpd-devel-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 36d38f054073c6ba6fe191661e5a3262
mod_ssl-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 3364d1be17046cf4b34e2d07eb480c0c
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
httpd-2.0.52-12.1.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: 4bf86a415d443e3f9e82a8655f70491d
 
IA-32:
httpd-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: f0ff91d7729f04fcb6b772f87b01c179
httpd-devel-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5bfd6d2f6c3b1da7dd0e49ff845ec22c
httpd-manual-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5cd0e2f836bca3d18cd85d580b1df21d
httpd-suexec-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5eeef4820af8a522e0cd8c38dd50705c
mod_ssl-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8c88eec014875998f0d61ed71005d764
 
IA-64:
httpd-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: d461e0a6b0b00511f55f2407e466ce46
httpd-devel-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 97d80a559ec7287d2d5f5f2d2c6ad358
httpd-manual-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 718fd0a64412ade9e587ecb2efec2f8d
httpd-suexec-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: ca9b95e1307733fb7405ee2637d258b3
mod_ssl-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 10d218820e3916ea405c487f00b2adef
 
x86_64:
httpd-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8a92e250417a3dee66927f566c04becd
httpd-devel-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 84ad072a58b1410ece325c35b3b4b07f
httpd-manual-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: d3ca7c4932a1004b5f009b4ddc9d8895
httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: bd5ac6d9149784138adbaf6172602998
mod_ssl-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 7912fac9169ce5071198c3503566cbaf
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
httpd-2.0.46-46.2.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2485d59f9189bb5a5e9463867cb00937
 
IA-32:
httpd-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 5915db1d48c7e002164887a49156f038
httpd-devel-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: dcd3540ca04584c48b126d19b4d02f00
mod_ssl-2.0.46-46.2.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 16497b8e37ecefc801109a3aafe9e2cd
 
IA-64:
httpd-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: fe914bbf691939bfb2f87a002ec2e7a8
httpd-devel-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: e3f48f063d1eec644797347299ebd317
mod_ssl-2.0.46-46.2.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: b8fc362a02f2d1a74ebd1e8573288831
 
x86_64:
httpd-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: ceff2faef7e7761e0c3af1afddd90089
httpd-devel-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 36d38f054073c6ba6fe191661e5a3262
mod_ssl-2.0.46-46.2.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 3364d1be17046cf4b34e2d07eb480c0c
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
httpd-2.0.52-12.1.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: 4bf86a415d443e3f9e82a8655f70491d
 
IA-32:
httpd-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: f0ff91d7729f04fcb6b772f87b01c179
httpd-devel-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5bfd6d2f6c3b1da7dd0e49ff845ec22c
httpd-manual-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5cd0e2f836bca3d18cd85d580b1df21d
httpd-suexec-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 5eeef4820af8a522e0cd8c38dd50705c
mod_ssl-2.0.52-12.1.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8c88eec014875998f0d61ed71005d764
 
IA-64:
httpd-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: d461e0a6b0b00511f55f2407e466ce46
httpd-devel-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 97d80a559ec7287d2d5f5f2d2c6ad358
httpd-manual-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 718fd0a64412ade9e587ecb2efec2f8d
httpd-suexec-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: ca9b95e1307733fb7405ee2637d258b3
mod_ssl-2.0.52-12.1.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 10d218820e3916ea405c487f00b2adef
 
x86_64:
httpd-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 8a92e250417a3dee66927f566c04becd
httpd-devel-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 84ad072a58b1410ece325c35b3b4b07f
httpd-manual-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: d3ca7c4932a1004b5f009b4ddc9d8895
httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: bd5ac6d9149784138adbaf6172602998
mod_ssl-2.0.52-12.1.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 7912fac9169ce5071198c3503566cbaf
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

161893 - Bug 145666 is missing a ',' after REDIRECT_REMOTE_USER
162244 - CAN-2005-2088 httpd proxy request smuggling
163013 - CAN-2005-1268 mod_ssl off-by-one


References


Keywords

watchfire


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/