Tuesday, November 23, 2010

Various vulnerability notices and updates

There is a vulnerability in the libsdp package which is used to enablean
application to communicate over the Infiniband SDP protocol instead of
ordinary TCP:

https://bugzilla.redhat.com/show_bug.cgi?id=647941

Sites that use infiniband will want to look at the measures in the
notification above.




Updated openssl packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

https://www.redhat.com/security/data/cve/CVE-2010-3864.html
https://rhn.redhat.com/errata/RHSA-2010-0888.html




Updated systemtap packages that fix two security issues are now available
for Red Hat Enterprise Linux 5 and 6.

https://rhn.redhat.com/errata/RHSA-2010-0894.html




There is a security vulnerability in PGP Desktop versions 10.0.3 and
earlier, as well as the upcoming 10.1 release. This vulnerability
may allow someone to spoof emails signed by the OSG security team.
For OSG users who use this version there is a knowledge base page,
as well as remediation steps at:

https://pgp.custhelp.com/app/answers/detail/a_id/2290