Skip to navigation

Security Advisory Moderate: samba3x security update

Advisory: RHSA-2011:1220-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-08-29
Last updated on: 2011-08-29
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2011-1678
CVE-2011-2522
CVE-2011-2694
CVE-2011-2724

Details

Updated samba3x packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Samba is a suite of programs used by machines to share files, printers, and
other information.

A cross-site scripting (XSS) flaw was found in the password change page of
the Samba Web Administration Tool (SWAT). If a remote attacker could trick
a user, who was logged into the SWAT interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's SWAT session. (CVE-2011-2694)

It was found that SWAT web pages did not protect against Cross-Site
Request Forgery (CSRF) attacks. If a remote attacker could trick a user,
who was logged into the SWAT interface, into visiting a specially-crafted
URL, the attacker could perform Samba configuration changes with the
privileges of the logged in user. (CVE-2011-2522)

It was found that the fix for CVE-2010-0547, provided by the Samba rebase
in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly
handle share or directory names containing a newline character, allowing a
local attacker to corrupt the mtab (mounted file systems table) file via a
specially-crafted CIFS (Common Internet File System) share mount request,
if mount.cifs had the setuid bit set. (CVE-2011-2724)

It was found that the mount.cifs tool did not handle certain errors
correctly when updating the mtab file. If mount.cifs had the setuid bit
set, a local attacker could corrupt the mtab file by setting a small file
size limit before running mount.cifs. (CVE-2011-1678)

Note: mount.cifs from the samba3x packages distributed by Red Hat does not
have the setuid bit set. We recommend that administrators do not manually
set the setuid bit for mount.cifs.

Red Hat would like to thank the Samba project for reporting CVE-2011-2694
and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream
acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the
original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.
as the original reporter of CVE-2011-2522.

Users of Samba are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the smb service will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
samba3x-3.5.4-0.83.el5_7.2.src.rpm
File outdated by:  RHSA-2014:0330
    MD5: 8fd1ce082f111bc32bd52ea4a2e6a9d3
SHA-256: 323aad83928d507df7ace27cdad6f77dceeb5a6b51d65b296d9eb5372018e16b
 
IA-32:
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 85626de5a767824bda113e0b2950e118
SHA-256: 5d8a21cda09bb81e09baba2c616083c0347cfbf0b14ec408bbe48fd19e580933
 
x86_64:
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 85626de5a767824bda113e0b2950e118
SHA-256: 5d8a21cda09bb81e09baba2c616083c0347cfbf0b14ec408bbe48fd19e580933
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: a96c57fd502736988920932df00bfcda
SHA-256: c0c6c9f4bb069a260040a5dc38bfd90f0dddf270e35b9a192cabff1d4e97a41b
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
samba3x-3.5.4-0.83.el5_7.2.src.rpm
File outdated by:  RHSA-2014:0330
    MD5: 8fd1ce082f111bc32bd52ea4a2e6a9d3
SHA-256: 323aad83928d507df7ace27cdad6f77dceeb5a6b51d65b296d9eb5372018e16b
 
IA-32:
samba3x-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 117a06edc4b5fbeac6c2edd5b0e1c120
SHA-256: 39333fb8f7604bd6c98accad053818ed6322447510a76f52ed6b4fc25927ec0f
samba3x-client-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 924f98c2e4034cb34f099501d20a03e6
SHA-256: 1a598e051d529240b071df324927fd58d13d667803b209d9f0afb60132ad406c
samba3x-common-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 8e7778d25f0add0c6d23d840952bab47
SHA-256: eca644b03b1fc306b071514fd4c730cd99eef12afbca79a61333fa12181302d3
samba3x-doc-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: f1c4e381ba5817f0c3ff8a4c4866a410
SHA-256: 9ec442bb1a1b9eee23cf7cdd759ed0ac52fc5b2132419cda35502d32ca8c7d97
samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: be5fe2c6b70c546e632f25dd40f84ebd
SHA-256: 0e750e413c5d11ce4caa9e0705385793b4052617767a566d3200c188fe74b016
samba3x-swat-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 94476a353d23876b53c61a36f1ea594e
SHA-256: 2fb3620ba8eea994909048e4faaeb98649fea9af74fd62704695f3c93d0bb74f
samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 804d0335b24c934cd98fbc09c795b47b
SHA-256: 02cd3aaf450b31b654c3be89241f2dacc2b85e5896ce1d78eab8613c404f217c
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 85626de5a767824bda113e0b2950e118
SHA-256: 5d8a21cda09bb81e09baba2c616083c0347cfbf0b14ec408bbe48fd19e580933
 
IA-64:
samba3x-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 0f9d168e192526bd77b926ce3c163904
SHA-256: 957f5d934d7887980e60d15b5f0850a7df06cdb3985adede6087867b986f822c
samba3x-client-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 3e083d3fb2991d1843b83e2fddcc779a
SHA-256: 13663716487a1ec87639cd107efe9b99118802e17d173c84901878883f66aaff
samba3x-common-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 8354fcc8db47ac0fe67139bf7864a798
SHA-256: 0739042ffb0e53544dd8514ecababc021e6ffaae3f72809bedc62d763e349324
samba3x-doc-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 23c3f8a398f15c5ef95e2b9d58005555
SHA-256: 64432c5dbc21b15201fa90524ff0050079a3b28f20a7c2a1d6a246be0f7b425f
samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 2b84dcb2db1d1ef05fbb259a80e35884
SHA-256: bf0cc6be570e4d6b39b828a2d39b6d6e632629ea4f4c7e01e1dc95131efd6116
samba3x-swat-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: adeeb4e8111e82aa66c6eb675e00aea0
SHA-256: 54399cdd63c391304b2f74048f982eba15187b5f3572438393381c2181cd3bb8
samba3x-winbind-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 9b84478129a71f8a47efe21064ab4295
SHA-256: a78b69e3f46e2bbf393b35fea4bbdf0a2abbd1d7709bcd8e6a5eb91ab393a9be
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.ia64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 8a8abebb0d4ed4069695fabb8201cdf8
SHA-256: eb9f729d467dde1b3eff201a8af54d34ddac5c50703d1d0103a7f3e59311a474
 
PPC:
samba3x-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: 039e9ea16aa1ac61c12d11ef551c725a
SHA-256: 52b20967710e0ae4cd345e041df0ac44adebe2f4615585bfae37f663b76baa0b
samba3x-client-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: fd44f79e3741722b17bc0f7010c8ce8b
SHA-256: 863b1a3a4c70b9d2a0b241220690b55b3aea4919e0604ffed19f458f0ba0f3db
samba3x-common-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: c7b57e392695314f0c5b5c8ca43f0398
SHA-256: 963a6d196b3e64c0b304a0acc384b762475b284ddb949764f50631832cb9ea5e
samba3x-doc-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: 82871dc86c89388a1b9a345fe0999b01
SHA-256: 2bc0af7457f6ff0ad1ac0bbfbf2a1d46d6d956ee26d8df6a04685f15be4f0a11
samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: d019e0b353034a5d29d9de48415a7ea1
SHA-256: 091088fc9a28b91826c55393917743a7d55598f5e620818fafe0d43927d59d30
samba3x-swat-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: 2a6cf4995fd4c2e66144a75e37b8e5b1
SHA-256: 387a3fdd156088ea8339c8b49cd9328a376156dda75921be9955f3ad4eb41a48
samba3x-winbind-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: d351e7a0c8e40c3c6afab0226cbde24d
SHA-256: e5f626216d43270aef6a3eeb9520c03d4bf128ed8fb1365d0da6f2cd72b01aed
samba3x-winbind-3.5.4-0.83.el5_7.2.ppc64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 42687a9ef41d393ae9a24d8b75242119
SHA-256: 7841e6f69b386c66b9e938231ba98db59701ea6c9e0144d6be3fc058abce0f91
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.ppc.rpm
File outdated by:  RHSA-2014:0330
    MD5: cb223362ce1236e09d4d211e52383781
SHA-256: b1c2fcbff48ac1548a13b79fbacded4a30d075ec13fc74ec5f60f99ce1d4b75e
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.ppc64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 79012abd1301a50b4340f606325fb246
SHA-256: 770b5a0cac54202e863ca9a8761e0a5ee0e639f70010627cdea57a207965c4f0
 
s390x:
samba3x-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: 19ed5fa48506fbf4755a72b18e37a940
SHA-256: 14537d044a405b869337fd633dbdc3d1964b19f69f7a0ad94ef900e5dcb83ade
samba3x-client-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: 55621fcf7026a51490d8fd9b40c42ea9
SHA-256: 24baff36b2948369aba956976bb35caf468ffddd3840fcc24b6fef759b06aeef
samba3x-common-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: 7b34cf4989a8a3018e742e2215593921
SHA-256: a8e7cd6c2ebff6ebd0a53675871ae05d102fc037e14a861f2e1482fee39c04fa
samba3x-doc-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: 964359e457c261bf5c0e1e2881ec9985
SHA-256: b9994d8f87598e2a5b507bf4c600a61cff784ad5a265d615f562b74946cde271
samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: 18bbd42e65e13877938708e3ea5fedf1
SHA-256: cf704d408bf73ee634e70fec3bc60374a8ee524096f64b69c973bde50eac9d69
samba3x-swat-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: 46a1f6eef8bd809e9499f533e5d29654
SHA-256: 476497ce28e4ff604af588840110237ee954d2ff425cf59a59bcefc2c2792f40
samba3x-winbind-3.5.4-0.83.el5_7.2.s390.rpm
File outdated by:  RHSA-2014:0330
    MD5: 03b36c692e45525b332d3452054aac1e
SHA-256: 72cce26d95323fdc0718d3f18237e85d921a2e04442bb98c387675c8ff7d8a1f
samba3x-winbind-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: eebab7805b45f86ce2114a1ead424f58
SHA-256: 12860e990182fcc5b64d6110ee4a1b2d1387eba707d984afdcf4425c3d04a0b7
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.s390.rpm
File outdated by:  RHSA-2014:0330
    MD5: 416d3c28d84205fda95263815b733b91
SHA-256: c39c3667b7b319a2a83f6e134754e92fe4f5e46083f68ad2e52e833b3fc5801b
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.s390x.rpm
File outdated by:  RHSA-2014:0330
    MD5: 754164b03b42483cc6b198ba1d41811f
SHA-256: 28add9b623c11334cf0153405306eaf4dcb7563e0f5166b667d28e592ba1b27b
 
x86_64:
samba3x-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: feb7124f56dae29094c71fd630e47489
SHA-256: 6abc81a573aef9008d0e49b7533b6b27e1cd9c8101570f848f7d5915c91fc312
samba3x-client-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 20b03bb6361b6d86c571a2feec6b2f82
SHA-256: 72aeecf20ea2f331acc011cf56a4233813a2d0af5c143b6345fe1a401bcbfd39
samba3x-common-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 20f81804318a76cb3d136f715209a8c9
SHA-256: 744433e49cdc85d754ec308669627e363c32d5e7caf19417bb7145980ffae014
samba3x-doc-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 36c8e6c64c69c5fb48c426ba47e0f51f
SHA-256: 37efe0adb687203bc77910a31b42f3b1589e296a45f192e715936fee48f146d9
samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 2e0d0775370dffaa413ea3837f939731
SHA-256: a87569cb8bcc2e92697af74b24f8666e7a917296b2ff0799438a1112bd348197
samba3x-swat-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: b873a8456f7428551005af822904fc6a
SHA-256: 21788f43fcf18abc75215725110b5a72cfb1ff8497021750512fb0c07fb6b6c1
samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 804d0335b24c934cd98fbc09c795b47b
SHA-256: 02cd3aaf450b31b654c3be89241f2dacc2b85e5896ce1d78eab8613c404f217c
samba3x-winbind-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 4bba3777a34ff5777fd786960ad4c1b9
SHA-256: 9a2da14fce9387006b3ce8e513a5734ad998a1021631b34321c633253d15f3e5
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 85626de5a767824bda113e0b2950e118
SHA-256: 5d8a21cda09bb81e09baba2c616083c0347cfbf0b14ec408bbe48fd19e580933
samba3x-winbind-devel-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: a96c57fd502736988920932df00bfcda
SHA-256: c0c6c9f4bb069a260040a5dc38bfd90f0dddf270e35b9a192cabff1d4e97a41b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
samba3x-3.5.4-0.83.el5_7.2.src.rpm
File outdated by:  RHSA-2014:0330
    MD5: 8fd1ce082f111bc32bd52ea4a2e6a9d3
SHA-256: 323aad83928d507df7ace27cdad6f77dceeb5a6b51d65b296d9eb5372018e16b
 
IA-32:
samba3x-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 117a06edc4b5fbeac6c2edd5b0e1c120
SHA-256: 39333fb8f7604bd6c98accad053818ed6322447510a76f52ed6b4fc25927ec0f
samba3x-client-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 924f98c2e4034cb34f099501d20a03e6
SHA-256: 1a598e051d529240b071df324927fd58d13d667803b209d9f0afb60132ad406c
samba3x-common-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 8e7778d25f0add0c6d23d840952bab47
SHA-256: eca644b03b1fc306b071514fd4c730cd99eef12afbca79a61333fa12181302d3
samba3x-doc-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: f1c4e381ba5817f0c3ff8a4c4866a410
SHA-256: 9ec442bb1a1b9eee23cf7cdd759ed0ac52fc5b2132419cda35502d32ca8c7d97
samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: be5fe2c6b70c546e632f25dd40f84ebd
SHA-256: 0e750e413c5d11ce4caa9e0705385793b4052617767a566d3200c188fe74b016
samba3x-swat-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 94476a353d23876b53c61a36f1ea594e
SHA-256: 2fb3620ba8eea994909048e4faaeb98649fea9af74fd62704695f3c93d0bb74f
samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 804d0335b24c934cd98fbc09c795b47b
SHA-256: 02cd3aaf450b31b654c3be89241f2dacc2b85e5896ce1d78eab8613c404f217c
 
x86_64:
samba3x-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: feb7124f56dae29094c71fd630e47489
SHA-256: 6abc81a573aef9008d0e49b7533b6b27e1cd9c8101570f848f7d5915c91fc312
samba3x-client-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 20b03bb6361b6d86c571a2feec6b2f82
SHA-256: 72aeecf20ea2f331acc011cf56a4233813a2d0af5c143b6345fe1a401bcbfd39
samba3x-common-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 20f81804318a76cb3d136f715209a8c9
SHA-256: 744433e49cdc85d754ec308669627e363c32d5e7caf19417bb7145980ffae014
samba3x-doc-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 36c8e6c64c69c5fb48c426ba47e0f51f
SHA-256: 37efe0adb687203bc77910a31b42f3b1589e296a45f192e715936fee48f146d9
samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 2e0d0775370dffaa413ea3837f939731
SHA-256: a87569cb8bcc2e92697af74b24f8666e7a917296b2ff0799438a1112bd348197
samba3x-swat-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: b873a8456f7428551005af822904fc6a
SHA-256: 21788f43fcf18abc75215725110b5a72cfb1ff8497021750512fb0c07fb6b6c1
samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm
File outdated by:  RHSA-2014:0330
    MD5: 804d0335b24c934cd98fbc09c795b47b
SHA-256: 02cd3aaf450b31b654c3be89241f2dacc2b85e5896ce1d78eab8613c404f217c
samba3x-winbind-3.5.4-0.83.el5_7.2.x86_64.rpm
File outdated by:  RHSA-2014:0330
    MD5: 4bba3777a34ff5777fd786960ad4c1b9
SHA-256: 9a2da14fce9387006b3ce8e513a5734ad998a1021631b34321c633253d15f3e5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

695925 - CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
721348 - CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars
722537 - CVE-2011-2694 samba (SWAT): XSS flaw in Change Password page
726691 - CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-0547


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/