SL6.1:yum-conf-sl6xUpdated the GPG key list to reflect current keysScientific LinuxScientific Linux 6yum-conf-sl6x-1-2.noarch.rpm7c2c27ddddf5b29fa15cd2f3bec5f2f2455cdc7655cc36207470e3a31b743e38SLBA-2011:1395-1* Previously, extended records for Memory Device (DMI type 17) and Memory Array Mapped Address (DMI type 19) DMI types were missing from the dmidecode utility output. With this update, dmidecode has been upgraded to upstream version 2.11, which updates support for the SMBIOS specification to version 2.7.1, thus fixing this bug.Scientific LinuxScientific Linux 6dmidecode-2.11-2.el6_1.i686.rpma96e3b8976d3f3a09542790efd2437bf7dc0caedc7a930b8fa57767a37583c66SLBA-2011:1778-1This update fixes the following bug: * Previously, nwfilter support was dependent on the ability to execute scripts in the /tmp directory, which is considered unsafe. With this ability blocked, guests relying on the nwfilter component were not allowed to start. The underlying code has been modified so that nwfilter no longer requires to execute scripts in the /tmp directory. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.Scientific LinuxtrueScientific Linux 6libvirt-0.9.4-23.el6_2.1.i686.rpmc1736b48898ddfefd9941cdf96d3eacb99e037f255adfd25275643903efcb129libvirt-client-0.9.4-23.el6_2.1.i686.rpm2fa1e9d1cc353b008c817b99842c13e5987c551054ff6275be1a9055c5ef4567libvirt-devel-0.9.4-23.el6_2.1.i686.rpm45e3f2a3b9308f0f2695ee90286427ba098480a8b54ac104b28d0a2c571274balibvirt-lock-sanlock-0.9.4-23.el6_2.1.i686.rpmd23ff31a6bd3e735bd370d2a8ee1c3b00532e6a79fc3700b29fdc747309a1f64libvirt-python-0.9.4-23.el6_2.1.i686.rpmb5381a963e4f7d78f91969615e23b98255806243fadfe71a46b2e4ce29b9325eSLBA-2011:1816-1This update fixes the following bugs: * Previously, a bug in Xephyr's input handling code disabled screens on a screen crossing event. When the Xephyr nested X server was configured in a multi-screen setup, the focus was only on the screen where the mouse was located, and only this screen was updated. The aforementioned code has been removed and the Xephyr server now correctly updates screens in multi-screen setups.Scientific LinuxScientific Linux 6xorg-x11-server-Xdmx-1.10.4-6.el6_2.1.i686.rpm5c006c684fb079838265d57847c91a9bb999dcbddcce8dc7b64874b41917999dxorg-x11-server-Xephyr-1.10.4-6.el6_2.1.i686.rpm69696f80e035764df21ee141ddc06ef0d80f1b12be2d0f49dde3f228b8b104bexorg-x11-server-Xnest-1.10.4-6.el6_2.1.i686.rpm4e7c7f5909b5ac46ecf79e9f43a33b601b34f9bda3893311b6f2ef2763965c79xorg-x11-server-Xorg-1.10.4-6.el6_2.1.i686.rpmfc951dcf9f5d822d29aa7ae4e33b6bc7f81c4cb6fb019b36dc38a0330e2e24b1xorg-x11-server-Xvfb-1.10.4-6.el6_2.1.i686.rpma7c2ffa22909571100c22faf4dfc5642dd6a3dd61f7a3c6a5ae5bdd7ac56a6b7xorg-x11-server-common-1.10.4-6.el6_2.1.i686.rpm9aba4141b9e4a9c96f337828121c7a3a7488accd2ed3a890d717b6eea7273b48xorg-x11-server-devel-1.10.4-6.el6_2.1.i686.rpmecd4d089232125ceecc3245321aea4877161315650ad922c39858c9a897a0450xorg-x11-server-source-1.10.4-6.el6_2.1.noarch.rpm90e8d28635f02dff421406e99430791a2bf423eff2bef7f6ff4b7f10e53160bbSLBA-2011:1836-1This update fixes the following bugs: * Prior to this update, errors arising on automatic updates of DNSSEC trust anchors were handled incorrectly. Consequently, the named daemon could become unresponsive on shutdown. With this update, the error handling has been improved and named exits on shutdown gracefully. * Prior to this update, a race condition could occur on validation of DNSSEC- signed NXDOMAIN responses and the named daemon could terminate unexpectedly. With this update, the underlying code has been fixed and the race condition no longer occurs.Scientific LinuxScientific Linux 6bind-9.7.3-8.P3.el6_2.1.i686.rpm4f315f281568f7307b192fcf5d5feb05cca834aef5b4529e44183501e2875d2fbind-chroot-9.7.3-8.P3.el6_2.1.i686.rpm3f15f9923cc5cb982a00f2e802426585f2fe4ca2df6df3cbfb58272f79d38743bind-devel-9.7.3-8.P3.el6_2.1.i686.rpm8c63728978224fad677494973e7b57fb5d9ea8bc6a05b5bdd535ce7590395b6cbind-libs-9.7.3-8.P3.el6_2.1.i686.rpm599cfe1fa45743441d452d7df4bdad08f6768e684696f6fe42770e478015242ebind-sdb-9.7.3-8.P3.el6_2.1.i686.rpma723e30aec694a59c1533022525a1d03624af0cb49403a65c044bcef7b33e5d9bind-utils-9.7.3-8.P3.el6_2.1.i686.rpma3d337a103ec7e11af3cc5920b3b987c9ce1f0ec62d9a9857bd73c724030c50aSLBA-2011:1838-1This update fixes the following bug: * Recent changes to NSS re-introduced a problem where applications could not use multiple SSL client certificates in the same process. Therefore, any attempt to run commands that worked with multiple SSL client certificates, such as the "yum repolist" command, resulted in a re-negotiation handshake failure. With this update, a revised patch correcting this problem has been applied to NSS, and using multiple SSL client certificates in the same process is now possible again.Scientific LinuxScientific Linux 6nss-3.12.10-17.el6_2.i686.rpm6dba31f2f1eeb0faa6ceac1c09f07c7c9957b180a69f50bf14977b761d0fd3fdnss-devel-3.12.10-17.el6_2.i686.rpm0bbf3c598f80334b434f12b65a04169c3a25787686596759ad22f3d37c4bcf72nss-pkcs11-devel-3.12.10-17.el6_2.i686.rpm05dc294c7d328dcb8ea22a56c30ed02ed9edfeb859f9790f59e9d708cd04e516nss-sysinit-3.12.10-17.el6_2.i686.rpm069a4156e77048dffad5c1a74f0d9983be3fce9f183f7b6668ec4f67c92b1b9enss-tools-3.12.10-17.el6_2.i686.rpmeaf271873c41feb7ab0f802ab5c8f15f9cf235c04786d37348e789c3bae18c73SLBA-2011:1839-1This update fixes the following bug: * The SNMP daemon (snmpd) did not properly fill a set of watched socket file descriptors. Therefore, the daemon sometimes terminated unexpectedly with the "select: bad file descriptor" error message when more than 32 AgentX subagents connected to snmpd on 32-bit platforms or more than 64 subagents on 64-bit platforms. With this update, snmpd properly clears sets of watched file descriptors and thus it no longer crashes when handling a large number of subagents.Scientific LinuxScientific Linux 6net-snmp-5.5-37.el6_2.1.i686.rpmda334da85cc25fedd546fd2d0adb3eb1d7fdc3a1157a02051ea6139f2823090cnet-snmp-devel-5.5-37.el6_2.1.i686.rpmfe67f0139f00b2d9acd323c5f1a23d6723ef59a6fa605af51cacbbf7adc05198net-snmp-libs-5.5-37.el6_2.1.i686.rpm96f7ccd724705d004b7ffc56afad786d2471fd8b4e122e007ca96ece4b5ffc6cnet-snmp-perl-5.5-37.el6_2.1.i686.rpm7316d0abcd6a48d0adf4967084c71dbb6f014961372d8b135589f1d4599d2ac0net-snmp-python-5.5-37.el6_2.1.i686.rpm9a3f23635202a7dedca2a5de86f6ab8973b6e120a9b7f9370647601f4d335ea7net-snmp-utils-5.5-37.el6_2.1.i686.rpm1e7dd69e8191da2e9f21d03604dbc69370ea05a24b68f340ea99862f13bae518SLBA-2011:1847-1This update fixes the following bug: * Previously, a remote RMI client could execute code on the RMI server with unrestricted privileges. This security issue in the Java Remote Method Invocation (RMI) registry implementation was fixed by the SLSA-2011-1380 security advisory. However, the security restrictions applied by the advisory were too strict and caused the RMI registry to stop working correctly. This update adjusts the RMI registry so it now works as expected.Scientific LinuxScientific Linux 6java-1.6.0-openjdk-1.6.0.0-1.42.1.10.4.el6_2.i686.rpm1f92f3fb030a47435e4666c6dd4dd967078e0988988d41bdc2902813a94a9e87java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.10.4.el6_2.i686.rpm837c42bf44d444badfd28c1924500473999021db720c1fde756248bccaabbadcjava-1.6.0-openjdk-devel-1.6.0.0-1.42.1.10.4.el6_2.i686.rpm7ed4343eed1c9145c553e4aec9ca961495b854e93c794eafc8c3f550f5ac4e7cjava-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.10.4.el6_2.i686.rpm41bd022ed94ea66e2d12011af85a31c5e811ba02b5f253598f6d84d2948dee2ejava-1.6.0-openjdk-src-1.6.0.0-1.42.1.10.4.el6_2.i686.rpma40173e5a1eaa34fdc14059e8c918004cd52f52707e2ed1bfbf18b1c4a53b460SLBA-2012:0001-1This update fixes the following bug: * The vsftpd daemon sets a value of the RLIMIT_AS variable during its initialization phase. With Scientific Linux 6.1, the RLIMIT_AS value (100 MB) became insufficient which restricted LDAP users from authentication to the system using vsftpd. With this update, the initial RLIMIT_AS value has been increased to 200 MB, and vsftpd now can be used for LDAP authentication as expected.Scientific LinuxScientific Linux 6vsftpd-2.2.2-6.el6_2.1.i686.rpm1ae2dc7675610e1ae6046e0421058e59ee2d2724a475b8378e28314e641f116dSLBA-2012:0004-1This update fixes the following bug: * When exiting a subshell after a command substitution, ksh could prematurely exit without any error. With this update, ksh no longer terminates under these circumstances and all subsequent commands are processed correctly.Scientific LinuxScientific Linux 6ksh-20100621-12.el6_2.1.i686.rpm90da9ec38788a1531237fbae5e0a8c7bb471a670e8cfa732aeeba13697b67ac9SLBA-2012:0005-1* Due to the way how the NoMachine NX Free Edition server implements XInput support, an attempt to log into the server using an NX or VNC client triggered an XInput error that was handled incorrectly by the libxklavier library. Consequently, the GNOME Settings Daemon (gnome-settings-daemon) was terminated with signal 6 (SIGABRT). To resolve this problem, the XInput error handling routine in the libxklavier library has been modified. The library now ignores this error and gnome-settings-daemon runs correctly under these conditions.Scientific LinuxScientific Linux 6libxklavier-4.0-7.el6_2.1.i686.rpmdc48d008e5d965e1dc6b027abf735b352ec373031d9115b3cf6285ad9b488b3flibxklavier-devel-4.0-7.el6_2.1.i686.rpm6fcdf3d09f77056438b1fc450ed0b5869115502d4f2e7082af6935fc448e17b1SLBA-2012:0009-1This update fixes the following bug: * The multi-threaded named daemon uses the atomic operations feature to speed- up an access to shared data. This feature did not work correctly on the 32-bit and 64-bit PowerPC architectures. Therefore, the named daemon sometimes became unresponsive on these architectures. This update disables the atomic operations feature on the 32-bit and 64-bit PowerPC architectures, which ensures that the named daemon is now more stable, reliable and no longer hangs.Scientific LinuxScientific Linux 6bind-9.7.3-8.P3.el6_2.2.i686.rpm3b4be758c408eaaf792e067c998e21a829ef54ad655ce0aa2b7d08cd7282e7e8bind-chroot-9.7.3-8.P3.el6_2.2.i686.rpmac18e6868c219fec70f4d7b4d363bd75e169263145295d3d8de369990645c3f8bind-devel-9.7.3-8.P3.el6_2.2.i686.rpma3242b9dcfc499cdce7014ad36e71a69bca3b4211fcab1b313b71af39bf33ea7bind-libs-9.7.3-8.P3.el6_2.2.i686.rpm3751949cf1145d0270433426081c4e46dccb9cca45e6184c449d69ced954fa0ebind-sdb-9.7.3-8.P3.el6_2.2.i686.rpm98524b2f50db7a855c98f6878ff893bb08510f147b8fb2736dd6b68505bd9bedbind-utils-9.7.3-8.P3.el6_2.2.i686.rpma651b152f3a1711d66df0220e6537356e99b09f26a44781996163aca05863a8cSLBA-2012:0013-1These updated libvirt packages include multiple bug fixes and enhancements. The most significant changes are as follow: * This update forces all libvirt managed KVM guests with virtio drives to run with the "scsi=off" option. This will prevent SCSI requests in guests being passed to underlying block devices on the host; however, a separate bug is preventing "scsi=off" from working correctly. A malicious, privileged guest user could issue a crafted request that would still be passed to the underlying block device. A future qemu-kvm update will correct the "scsi=off" functionality, blocking such crafted requests, and allowing CVE-2011-4127 to be mitigated before the kernel update is applied. As "scsi=off" may break legitimate pass through of SCSI requests, this update also adds a new value for the device attribute in the disk XML element, "lun". This type is like the default "disk" device, but will allow SCSI requests from guests to be passed to the underlying block device on the host. (Using the "lun" device attribute causes the guest to run with "scsi=on".) Note: After installing the SLSA-2011:1849 kernel update, it will not be possible for guests to issue SCSI requests on virtio drives backed by partitions or LVM volumes, even if "device='lun'" is used. It will only be possible to issue SCSI requests on virtio drives backed by whole disks. * This update adds support for VMware vSphere Hypervisor (ESXi) 5 installations. * The libvirt package was missing a dependency on the avahi package. The dependency is required due to mDNS support which is turned on by default. As a consequence, the libvirtd daemon failed to start if the libvirt package was installed on the system without Avahi. With this update, the dependency on avahi is now defined in the libvirt.spec file, and Avahi is installed along with libvirt.Scientific LinuxScientific Linux 6libvirt-0.9.4-23.el6_2.4.i686.rpm5ed007f73c757c30acc4ebe336cf41ade4ecf0e989a9bbb4e9d6540a6f9c95eflibvirt-client-0.9.4-23.el6_2.4.i686.rpm35b1269a855497273c18cdc706d47b6011175da436c81de2b3db5b5118d56619libvirt-devel-0.9.4-23.el6_2.4.i686.rpmbd94ec8b7026c97dc2f0d8755d59215ff546a93d22c9d808f03ca2c89b739ff4libvirt-lock-sanlock-0.9.4-23.el6_2.4.i686.rpm9823e2dd80cfe12317991a0113aa432e11cfce77fadb34628a457017924c4c3blibvirt-python-0.9.4-23.el6_2.4.i686.rpmfcdaa167b8ac2c65b59e331e9672a6f26cd2d2e412e65d66177a51ae7413893bSLBA-2012:0028-1This update fixes the following bug: * The strace utility did not properly track switches between 32-bit and 64-bit process execution domains (so called "personalities") when tracing multiple processes with multiple "personalities". This caused strace to output the wrong system call names and arguments for the traced processes. This update corrects personality tracking in strace so that it now prints system call names and arguments as expected.Scientific LinuxScientific Linux 6strace-4.5.19-1.11.el6_2.1.i686.rpma5fc79488588643c91a476a6d29f7ca4d83fc713c6cc268d41e8e0a8740c440dSLBA-2012:0042-1This update fixes the following bug: * Emacs did not properly terminate if it was started remotely and the remote client session was closed while Emacs was suspended. Under these conditions, Emacs entered an infinite loop in the code and gradually consumed all available computer resources, which caused the system to become unstable. With this update, Emacs has been modified, and it now terminates correctly when the remote session is closed.Scientific LinuxScientific Linux 6emacs-23.1-21.el6_2.1.i686.rpmc28d4eace07b9f3a8824f8b0e627a2689dbf345b7758ff916ab6b3c5897320a0emacs-common-23.1-21.el6_2.1.i686.rpm9ca561d257981ae08f4f61db07977dd804f5644565fc6421320b7bec9be619b9emacs-el-23.1-21.el6_2.1.i686.rpmccf4c76ea8d17b58adf9797f73ac744bc2a70c2ed4f52ccd49139b816566708demacs-nox-23.1-21.el6_2.1.i686.rpm3dfe7c7257474c1e32b7a039d3e27781fd2806f1ce510e396df415dd33997516SLBA-2012:0043-1This update fixes the following bug: * The ncompress utility previously relied on the glibc implementation of the memcpy() function. A recent glibc update optimized memcpy(), which resulted in data corruption in ncompress file compression and decompression. This update replaces memcpy() with the memmove() function and ncompress now works as expected.Scientific LinuxScientific Linux 6ncompress-4.2.4-54.el6_2.1.i686.rpmfa12e8237d6cbdfb099e2b2a4bd00986e06a15d9ea9518f71c14a33da587cc15SLBA-2012:0049-1This update fixes the following bugs: * When the LDAP server was under a heavy load, and the network was congested, client connections could experience problems. If there was a connection problem while the server was sending Simple Paged Result (SPR) search results to the client, the LDAP server called a cleanup routine incorrectly. This led to a memory leak and the server terminated unexpectedly. With this update, the underlying code has been modified to ensure that cleanup tasks are run correctly and memory leaks no longer occur. The LDAP server no longer crashes in this scenario. * Previously, certain operations with the Change Sequence Number (CSN) were not very effective in 389 Directory Server. Therefore, performing a large number of the modrdn operations during Directory Server content replications led to poor performance, and the ns-slapd daemon consumed up to 100% CPU under these circumstances. With this update, the underlying code has been modified to use these CSN operations efficiently so that replications in Directory Server now work as expected in this scenario. * Previously, allocated memory was not correctly released in the underlying code for the SASL GSSAPI authentication method, when checking the Simple Authentication and Security Layer (SASL) identity mappings. This problem could cause memory leaks when processing SASL bind requests, which eventually caused the LDAP server to terminate unexpectedly with a segmentation fault. This update adds function calls that are needed to free allocated memory correctly. Memory leaks no longer occur and the LDAP server no longer crashes in this scenario. * Previously, 389 Directory Server used the Netscape Portable Runtime (NSPR) implementation of the read/write locking mechanism. This implementation allowed deadlocks to occur if 389 Directory Server was under a heavy load, which caused the server to become unresponsive. With this update, 389 Directory Server now uses the POSIX implementation of the locking mechanism, and deadlocks no longer occur under a heavy load. * Under a heavy load in replicated environments, 389 Directory Server did not handle the Entry USN index correctly. Consequently, the index could become out of sync with the main database and search operations on USN entries returned incorrect results. This update modifies the Entry USN plug-in and 389 Directory Server now handles the Entry USN index as expected.Scientific LinuxScientific Linux 6389-ds-base-1.2.9.14-1.el6_2.2.i686.rpmbedf3a7e1c4f4fddf27f1c55a1460a040337535c23bbfc833344032ce7fffc2c389-ds-base-devel-1.2.9.14-1.el6_2.2.i686.rpmd59e559cf7d07332adf1b2c3a9e029c16685c38714ab745a65f872d77b34d37b389-ds-base-libs-1.2.9.14-1.el6_2.2.i686.rpm7ca4a8f0f73bc35d5779511fa4d065624737fcb428d2db079970c5612d45ddd7SLBA-2012:0054-1This update fixes the following bug: * Previously, SSSD did not correctly handle LDAP authentication requests failover under a heavy load and the request could fail with a system error. This occurred due to an invalid LDAP URI value if the second authentication request was sent before the first request could be processed by the failover service. With this update, the underlying code has been modified to ensure that the LDAP URI string remains valid until the LDAP authentication request is processed.Scientific LinuxScientific Linux 6libipa_hbac-1.5.1-66.el6_2.3.i686.rpm4702c822bef606875d5a68a143dbcf55e7fd6c5caa4c16b714df3cf3b90f8530libipa_hbac-devel-1.5.1-66.el6_2.3.i686.rpmcaec26fcd15d9d68becd3648533bfb8033d624a63923476e2817ea5d00d1e479libipa_hbac-python-1.5.1-66.el6_2.3.i686.rpm157a0b8a92a576073e6465d58d42640e836f12c26d46bfa9802d1bb8f1b71b43sssd-1.5.1-66.el6_2.3.i686.rpm60b9ccb6956f2eaf8c6c516aef91e17098643eeee8ef25f079ed3c228f947896sssd-client-1.5.1-66.el6_2.3.i686.rpma5ef8d04e4377c67fa8d7b1f37ae39623e42f344dd0339491c2b0ad8a492f907sssd-tools-1.5.1-66.el6_2.3.i686.rpm9d36bf2571331e73ed4c33e4fb56ce4c341402d56ee1514a91eba5c1c74ec3d0SLBA-2012:0055-1This update fixes the following bug: * Previously, the nslcd daemon performed the idle time expiration check for the LDAP connection before starting an LDAP search operation. On a lossy network or if the LDAP server was under a heavy load, a connection could time out after a successful check and the search operation then failed. With this update, the idle time expiration test is now performed during the LDAP search operation so that the connection now no longer expires under these circumstances.Scientific LinuxScientific Linux 6nss-pam-ldapd-0.7.5-14.el6_2.1.i686.rpma3921c60de4e74071603439d9431f73f3b1747d0ca9f2bd7d6ae165696834217SLBA-2012:0068-1This update fixes the following bug: * Due to an error in the time-parsing routine, the "at" command incorrectly calculated the year when a job was scheduled by using days on input. For example: "at now + 10 days". This update fixes erroneous grammar so that "at" now schedules jobs correctly.Scientific LinuxScientific Linux 6at-3.1.10-43.el6_2.1.i686.rpm00e9e4ad6d0949773e800722389ee8c98bcb77bfe454a174fcb8730b0c5d9426SLBA-2012:0122-1This update fixes the following bug: * Squid did not properly release allocated memory when generating error page contents, which caused memory leaks. Consequently, the Squid proxy server consumed a huge amount of memory within a short time period. This update fixes this memory leak and Squid no longer consumes more memory than expected. After installing this update, the squid service will be restarted automatically.Scientific LinuxScientific Linux 6squid-3.1.10-1.el6_2.2.i686.rpmbe9f620affd8e7863c7393d671c0fe4a89fcbe47bf34c6d73e0be4c28a58f7cfSLBA-2012:0124-1This update fixes the following bug: * An insufficiently designed calculation in the CPU accelerator in the previous kernel caused an arithmetic overflow in the sched_clock() function when system uptime exceeded 208.5 days. This overflow led to a kernel panic on the systems using the Time Stamp Counter (TSC) or Virtual Machine Interface (VMI) clock source. This update corrects the aforementioned calculation so that this arithmetic overflow and kernel panic can no longer occur under these circumstances. The system must be rebooted for this update to take effect.Scientific LinuxtrueScientific Linux 6kernel-2.6.32-220.4.2.el6.i686.rpm9feaa1a7f712db43fe24a19f11aa69bd26849304cedfbe91203359333a2e77f0kernel-debug-2.6.32-220.4.2.el6.i686.rpmbc048c3d67a0ef08495f231fa58227f2019545763c027e047ee1ca59dd53a09ckernel-debug-devel-2.6.32-220.4.2.el6.i686.rpmf54485594ea7fb28b5883022b9a74c9f26b8265206a9415827479756007fa8b9kernel-devel-2.6.32-220.4.2.el6.i686.rpm95d1c61f8278fe54e41bcd78f17dbd7f8f00d5694d59b5e17ac90f8ee846f859kernel-doc-2.6.32-220.4.2.el6.noarch.rpm52b7611fc9e3fab2e4e134c6cfe9a4aeaec43e9515e5a3efef195368f3e65de8kernel-firmware-2.6.32-220.4.2.el6.noarch.rpme3371caa8ff27e3a810f17d261b8d188bd10d608d1061bfad7736836d84a4d30kernel-headers-2.6.32-220.4.2.el6.i686.rpmb5606e1ed94544d2d5d02d5a473b9db0097e595d8bc0db79c42f43657d5a77f9perf-2.6.32-220.4.2.el6.i686.rpmcf67d1b9b596b7a8c1f4851f6b176673636304b8195f7d36b79cc7e68f11be9cpython-perf-2.6.32-220.4.2.el6.i686.rpm5759de096d319ef2efb264066f786de3c3f994abed57fd85652c04f4ba45d54eSLBA-2012:0134-1This update fixes the following bugs: * The semanage utility did not produce correct audit messages in the Common Criteria certified environment. This update modifies semanage so that it now sends correct audit events when the user is assigned to or removed from a new role. This update also modifies behavior of semanage concerning the user's SELinux Multi-Level Security (MLS) and Multi-Category Security (MCS) range. The utility now works with the user's default range of the MLS/MCS security level instead of the lowest. In addition, the semange(8) manual page has been corrected to reflect the current semanage functionality. * The missing exit(1) function call in the underlying code of the sepolgen- ifgen utility could cause the restorecond daemon to access already freed memory when retrieving user's information. This would cause restorecond to terminate unexpectedly with a segmentation fault. With this update, restorecond has been modified to check the return value of the getpwuid() function to avoid this situation. * When installing packages on the system in Federal Information Processing Standard (FIPS) mode, parsing errors could occur and installation failed. This was caused by the "/usr/lib64/python2.7/site-packages/sepolgen/yacc.py" parser, which used MD5 checksums that are not supported in FIPS mode. This update modifies the parser to use SHA-256 checksums and installation process is now successful.Scientific LinuxScientific Linux 6policycoreutils-2.0.83-19.21.el6_2.i686.rpmdd1056fc63de1624367c1ba3b06d912dbf8eedf3df87d07230177dfb636242e1policycoreutils-gui-2.0.83-19.21.el6_2.i686.rpm8aba170216ee7cdecc8985ac471bc3f1cbacd41958e8e9c9507ecc05f75aa851policycoreutils-newrole-2.0.83-19.21.el6_2.i686.rpm20a64a7361317a0d9d8db918007ccac12a8231420bc7a74a891b0ff28c69312epolicycoreutils-python-2.0.83-19.21.el6_2.i686.rpm4aea5bdf6f3fe6468825a9de1640a3979c16eb4b199e4641463f5fe6898f4a90policycoreutils-sandbox-2.0.83-19.21.el6_2.i686.rpmde991f52bb99db13fb186fa7ce592c2ef575b02163fd6e38ad6c384cc4f3d090SLBA-2012:0145-1The python-psycopg2 package has been upgraded to upstream version 2.0.14, which provides a number of bug fixes and enhancements over the previous version, including the fix for a memory leak in cursor handling. This update also ensures better compatibility with the PostgreSQL object-relational database management system version 8.4.Scientific LinuxScientific Linux 6python-psycopg2-2.0.14-1.el6_2.1.i686.rpm49b049a64d789e8670a89148b4118b65ff665a6737169adcc4ed6f9b716673cepython-psycopg2-doc-2.0.14-1.el6_2.1.i686.rpm43073211ce6d1ed06fefe0044004edf1709e11949f2db57d21b0c30e66d028b8SLBA-2012:0320-1This update fixes the following bug: * A function to check validity of a mount location was meant to check only for a small subset of map location errors. A recent improvement modification in error reporting inverted a logic test in this validating function. Consequently, the scope of the test was widened, which caused automount to report false positive failures. With this update, the faulty logic test has been corrected and false positive failures no longer occur.Scientific LinuxScientific Linux 6autofs-5.0.5-39.el6_2.1.i686.rpmecf46a5aae8e945880c5bedcbb09f2443dd2501bfce2ba21538fd5e22c11bb1cSLBA-2012:0331-1This update fixes the following bug: * When sourcing dracut modules, dracut did not check whether the "install" script for the module exists and is executable. Therefore, if the script was missing, an attempt to execute the script failed. As a consequence, dracut did not execute the "installkernel" script, and the module was not included in the initramfs image. This problem has been fixed, dracut now performs the check and only executes the "install" script when it exists. Then, the "installkernel" script is correctly executed and the module is installed in the initramfs image. * Previously, dracut did not correctly handle a situation when booting a system with a degraded RAID array. In such a case, the initial RAM disk image (initramfs) was not able to start the array and the system did not boot. With this update, the initramfs forces the array to start and the system now boots as expected.Scientific LinuxScientific Linux 6dracut-004-256.el6_2.1.noarch.rpm635305080dc755c1ffeef80625b707f93be9d90b3dacffa5fef4a06835a1ec3cdracut-caps-004-256.el6_2.1.noarch.rpmf8945c8b52658690debf3b909fa91dfda73f5e1d48c82601396b9ad7ecc9ea70dracut-fips-004-256.el6_2.1.noarch.rpma9c4c1c053a7e718af5c4f47d92dce06dd938f844ee5066079e584e72f90131cdracut-fips-aesni-004-256.el6_2.1.noarch.rpm3dc1ac154c699764e7d969314fba9cc97ccc3f4dab107833ffc993b87060d556dracut-generic-004-256.el6_2.1.noarch.rpm3a63e55c66bd513237c8c14105e967e465560e107ed91e23ad99f7768f991adfdracut-kernel-004-256.el6_2.1.noarch.rpm407f0885c0cc208a49bd1d54c01162abb51ed9a85f7688ac1e80715f5fdee2f7dracut-network-004-256.el6_2.1.noarch.rpmaeeac028dbfb34be672a5d48a95980bb0e247b0a47775a99dfc7860005376cdbdracut-tools-004-256.el6_2.1.noarch.rpmb3b56b9f969969f7a098857f86a781d9ef645cb35fbda1566fc1593899074708SLBA-2012:0335-1This update fixes the following bug: * The option parser of the iptables utility did not correctly handle the "-m mark" and "-m conmark" options in the same rule. Therefore, the iptables command failed when issued with both options. This update modifies behavior of the option parser so that iptables now works as expected with the "-m mark" and "-m conmark" options specified.Scientific LinuxScientific Linux 6iptables-1.4.7-5.1.el6_2.i686.rpma4f43d034489abb503bee83707892fae9067fcb4792c2dca96a2d2977b18a737iptables-devel-1.4.7-5.1.el6_2.i686.rpmcd5a3ee4575c563336e0656b7b1a04b37f87150c17620adfb427bdbe8e3bfbc6iptables-ipv6-1.4.7-5.1.el6_2.i686.rpm5ed6a8e6c94227d59b8f4c250d25877afa37050c25ec1b6cbee411b247a70403SLBA-2012:0337-1Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss-util package has been upgraded to upstream version 3.13, which provides a number of enhancements over the previous version. The nss packages have been upgraded to upstream version 3.13, which provides a number of bug fixes and enhancements over the previous version. The nspr package has been upgraded to upstream version 4.8.9, which provides a number of enhancements over the previous version. This update also fixes the following bugs: * A lack of robustness flaw caused crashes in the administration server for RH Directory Server because the mod_nss module made nss calls before initializing nss per documented API. With this update, nss protects itself against being called before it as been properly initialized by the caller. * Previously, due to a bug in the FreeBL library, Openswan could generate a Key Exchange payload that was one byte shorter than what was required by the Diffie Hellman (DH) protocol. As a consequence, Openswan dropped connections during such payloads. With this update, the size of the payload is set to zero by default, and the Softoken module is queried for the size. Connections are no longer dropped by Openswan in the described scenario.Scientific LinuxScientific Linux 6nspr-4.8.9-3.el6_2.i686.rpm1c6b4aa09d961871bf714fea5ad8767a30728c5d2585c5150e23807fb2d60735nspr-devel-4.8.9-3.el6_2.i686.rpm48770866e22600e2ca71ff72b57aed354c1a833ffbf3053a85511b1c8896ea2cnss-3.13.1-6.el6_2.i686.rpm3f36d5f1de52994d8bb84bb8ef334c72f6076babf8f9428f32c90ca5e65c645anss-devel-3.13.1-6.el6_2.i686.rpm9b826cf4ecc07473c11b6c8ffaf68364e287493cec7410b69313b81e6afe9b07nss-pkcs11-devel-3.13.1-6.el6_2.i686.rpmb3ab6c10c511cce1d196a59f14c4a79935369e0f9c4ea049329c6aadc4e78dd7nss-sysinit-3.13.1-6.el6_2.i686.rpm1bac57a857b21eb9fbaaac77124231e9692d29a5f37f85691f60e444a0f0382bnss-tools-3.13.1-6.el6_2.i686.rpm931a0cc1f4325313567eefc5df6c57bd45027b7c2aa45d3382f74a682f9f4f47nss-util-3.13.1-3.el6_2.i686.rpm047c84c41a999197fcc1e7ff13129a93084da7f57d77d55335bd4742c4918f85nss-util-devel-3.13.1-3.el6_2.i686.rpm8fe1cd0606a0f2cc79be33ed3f4bd50b522636dfa546fb00421eec7bc9373a8fSLBA-2012:0339-1This updated openswan package includes fixes for the following bugs: * The Openswan IKEv2 implementation did not correctly process an IKE_SA_INIT message containing an INVALID_KE_PAYLOAD Notify Payload. With this fix, Openswan now sends the INVALID_KE_PAYLOAD notify message back to the peer so that IKE_SA_INIT can restart with the correct KE payload. * Previously, Openswan sometimes generated a KE payload that was 1 byte shorter than specified by the Diffie-Hellman algorithm. Consequently, IKE renegotiation failed at random intervals. An error message in the following format was logged: next payload type of ISAKMP Identification Payload has an unknown value: This update checks the length of the generated key and if it is shorter than required, leading zero bytes are added. Note that the NSS library package needs to be version 3.13 or later for the KE payload and IKE renegotiation issues to be fully resolved.Scientific LinuxScientific Linux 6openswan-2.6.32-10.el6_2.i686.rpmc0f3323cef6de5a31cb22307e9cd8f7e6faebbdf0a26ad0f516221328eaf5df5openswan-doc-2.6.32-10.el6_2.i686.rpm3c0df5a21ef5c93fc614089fdbba3e432f8623fee84c11dd6b5f9484c037dc11SLBA-2012:0342-1This update fixes the following bugs: * Under certain circumstances, a rare race condition between the poll() event handler and the dmidecode utility could occur. This race could result in dmidecode waiting indefinitely to perform a read operation on the already closed file descriptor. As a consequence, it was impossible to perform any tasks for virtualized guests using the libvirtd management daemon, or perform certain tasks using the virt-manager utility, such as creating a new virtual machine. This update modifies the underlying code so that the race condition no longer occurs and libvirtd and virt-manager work as expected. * Previously, when libvirt tried to attach certain SR-IOV (Single Root I/O Virtualization) devices to virtual guests, this attempts failed with the "Unable to reset PCI device" error messages. This patch modifies the underlying code so that these PCI devices can now be successfully attached to guests. * When migrating a QEMU domain and using SPICE for a remote display, the migration was failing and the display was erratic under certain circumstances. This was happening because with the incoming migration connection open, QEMU was unable to accept any other connections on the target host. With this update, the underlying code has been modified to delay the migration connection until the SPICE client is connected to the target destination. The guest domains can now be successfully migrated without disrupting the display during the migration. * Previously, if the libvirt package was built with avahi support, libvirt required the avahi package to be installed on the system as a prerequisite for its own installation. If the avahi package could not be installed on the system due to security concerns, installation of libvirt failed. This update modifies the libvirt.spec file to require only the avahi-libs package. The libvirt package is now successfully installed and libvirtd starts as expected. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.Scientific LinuxtrueScientific Linux 6libvirt-0.9.4-23.el6_2.6.i686.rpmdbad5467bc6bbbd09cb186f2e4cdf7c438fd511b7fae49bbbc526305b39e145blibvirt-client-0.9.4-23.el6_2.6.i686.rpmef06cb8b03cea7f9d83495d6615bffa2f63880fe19a3e68c74fb09aa9be120f3libvirt-devel-0.9.4-23.el6_2.6.i686.rpmd4f25a400063141c8139a73201b2da233cb278f551763ad368dd36bbe2571017libvirt-lock-sanlock-0.9.4-23.el6_2.6.i686.rpm50687b40206bccae3b0667b06eab8bc3a46b8fd2b332e335711d974e0100e97dlibvirt-python-0.9.4-23.el6_2.6.i686.rpmaa503779d18a13bb18f57a379e0ec5c93d5f950e02e63cd4be62fada017d40f9SLBA-2012:0344-1This update fixes the following bugs: * Crashes were reported in the messaging daemon (qpidd) included in MRG after a recent update to nss. This occurred as qpidd made nss calls before initializing nss. These updated packages prevent qpidd, and other affected processes that call nss without initializing as mandated by the API, from crashing.Scientific LinuxScientific Linux 6nss-3.13.1-7.el6_2.i686.rpmbcbc964dd90dcc078168c0d7316f1f94d49b5af0a9e910131814a2fd92d8f342nss-devel-3.13.1-7.el6_2.i686.rpmda9df452cc8d45670aeb09910340c65b8253a090dc055869366c6adf03e40b78nss-pkcs11-devel-3.13.1-7.el6_2.i686.rpm51c31340be00d0124dc468f5e5fe554d569158c506fb1ec2bce21523ecacec50nss-sysinit-3.13.1-7.el6_2.i686.rpmb3be32138678b02f5f597c90c3a679e58abed5027e249377cdb180d46bb71049nss-tools-3.13.1-7.el6_2.i686.rpmb289d4c9208685dcb8ed7318eef6f07455c6bfce65595ebf1c7dae03575db6d9SLBA-2012:0346-1This update fixes the following bug: * The previous update of nss_db attempted to fix a bug, which under certain circumstances prevented multi-threaded applications from obtaining complete lists of user's supplemental group memberships. This problem was not completely fixed due to an internal error that occurred when using an insufficiently large temporary buffer to parse a group entry with a large list of users. This update resolves the issue by resetting the buffer's contents after the buffer has been resized. Large group lists are thus correctly parsed and the entire list of user's supplemental groups is now correctly listed in this scenario.Scientific LinuxScientific Linux 6nss_db-2.2.3-0.4.pre1.el6_2.1.i686.rpm6fc0911246d3872f3719e2189738291194f18e0ac517f8d212b82fff0b02c6cdSLBA-2012:0348-1This update fixes the following bug: * In ispell mode, Emacs used the spell checkers in the following order: Ispell, Aspell, and Hunspell. However, Ispell is no longer available and Aspell does not have any dictionaries installed by default. Consequently, because Emacs found Aspell before the default Hunspell, the spell check failed and Emacs reported the following error message: ispell-init-process: Error: No word lists can be found for the language "en_US". With this update, Emacs has been modified to look for the spell checkers in the following order: Hunspell, Aspell, and Ispell. This ensures that Hunspell is used by default when it is available.Scientific LinuxScientific Linux 6emacs-23.1-21.el6_2.3.i686.rpmd4b7b0b2786fa76cfe6338bb0ce016411ed29a6a7f0721a98d630022e88ebf9demacs-common-23.1-21.el6_2.3.i686.rpma7fac50d7b9b833528db34f2d17544f5dbd9edfc49f116c16b5fec1f472e14b3emacs-el-23.1-21.el6_2.3.i686.rpm4023a76d110171edbcd56486e66e06710b6898e8a05f74ed736967c2340f968cemacs-nox-23.1-21.el6_2.3.i686.rpmb02c14c4430a65877f42d0a83316431c89ad3b93f619a1aad1c268cb65e38997SLBA-2012:0351-1This update fixes the following bug: * Previously, the "configure.in" file did not include information on how to handle 64-bit PowerPC architectures. Attempting to install the fontforge-devel multilib PowerPC and 64-PowerPC RPM packages on the same 64-bit PowerPC machine led to conflicts between those packages. This update modifies the "configure.in" file, so that fontforge-devel multilib RPM packages are allowed to be installed on the same machine. The conflicts no longer occur in the described scenario.Scientific LinuxScientific Linux 6fontforge-20090622-3.1.el6.i686.rpmf1bf21db80f7488f42b42f305595aa9b84bd7b6f87a3405c482088e2a4cd9870fontforge-devel-20090622-3.1.el6.i686.rpm0bef7dcfaf76809e0018c00d815e12bde0b3867accaeb100b6f2f4049164299eSLBA-2012:0352-1This update fixes the following bug: * Previously, the grep utility was not able to handle the EPIPE error. If a SIGPIPE signal was blocked by the shell, grep kept continuously printing error messages. An upstream patch has been applied to address this problem, so that grep exits on the first EPIPE error and prints only one error message.Scientific LinuxScientific Linux 6grep-2.6.3-3.el6.i686.rpmb123ae126af8d2886d854d8619da67a9d799b3023c0406f5fb7526b83287395eSLBA-2012:0353-1This update fixes the following bug: * The fence_rhevm fencing agent uses the RHEV API to check the power status ("on" or "off") of a virtual machine. In addition to the states of "up" and "down", the API includes other states like "unassigned", "powering_up", "paused", "migrating", "unknown", "not_responding", "wait_for_launch", "reboot_in_progress", "saving_state", "restoring_state", "suspended", "image_illegal", "image_locked" or "powering_down". Previously, only if the machine was in the "up" state, the "on" power status was returned. The "off" status was returned for all other states although the machine was actually running. This allowed for successful fencing even before the machine was really powered off. With this update, the fence_rhevm agent detects power status of a cluster node more conservatively, and the "off" status is returned only if the machine is really powered off, it means in the "off" state.Scientific LinuxScientific Linux 6fence-agents-3.1.5-10.el6_2.1.i686.rpm5606d00b4ab4725c8d3584369267700e164cdf5147f3de90ac3624eb756e791cSLBA-2012:0354-1This update fixes the following bug: * Prior to this update, the shebang line of the modifyrepo.py script contained "#!/usr/bin/env python", so the system path was used to locate the Python executable. When another version of Python was installed on the system, and "/usr/local/python" was specified in the PATH environment variable, scripts did not work due to Python compatibility problems. With this update, the shebang line is modified to "#!/usr/bin/python", so that the system version of Python is always used.Scientific LinuxScientific Linux 6createrepo-0.9.8-5.el6.noarch.rpm01dba5a59ea174eba675b0701521a73b4b240a5da565c2b9e6c2f713e306b752SLBA-2012:0355-1This update fixes the following bug: * The previous version of initscripts did not support IPv6 routing in the same way as IPv4 routing. IPv6 addressing and routing could be achieved only by specifying the "ip" commands explicitly with the "-6" flag in the "/etc/sysconfig/network-scripts/rule-DEVICE_NAME" configuration file (where "DEVICE_NAME" is a name of the respective network interface). With this update, related network scripts have been modified to provide support for IPv6-based policy routing. IPv6 routing is now configured separately in the the "/etc/sysconfig/network-scripts/rule6-DEVICE_NAME" configuration file.Scientific LinuxScientific Linux 6debugmode-9.03.27-1.el6_2.1.i686.rpm7466d5fd3fcdeb79195af8a81bcad32ea03d6da850c6f9e2e50ad03735cec68cinitscripts-9.03.27-1.el6_2.1.i686.rpmd09eeddaaf9e6b6255cc0a48867934b7bf3465abfa70f96a78e733ced67c894fSLBA-2012:0357-1Note: The Certificate Authority component provided by this update is not intended to be used as a standalone server. It is installed and operates as a part of Identity Management (IPA) in Scientific Linux. Bug fixes: When installing IPA, the installer uses 'sslget' to communicate with the CA. The server sends out a full response to the sslget client, but the client receives only 5 bytes of the encrypted stream. pki-core packages, which fix the listed bug.Scientific LinuxScientific Linux 6pki-ca-9.0.3-21.el6_2.noarch.rpm1de4a125ec5b14f9185509941ac6f24f2ace612119c40a3535ac507ce516573bpki-common-9.0.3-21.el6_2.noarch.rpm6a97fabbc8f43958b080f58c781ad56c7a7004740dd22b8b666b3e3b2a0d2adepki-common-javadoc-9.0.3-21.el6_2.noarch.rpm9ca7312929eb772eac62e65bc26f0679aafe3faabb304513d7b7d185c2f3ea7apki-java-tools-9.0.3-21.el6_2.noarch.rpmccb4b72b84f63ac7001ac476ccaf6af17ed9521517edd467a0f5c637bb132160pki-java-tools-javadoc-9.0.3-21.el6_2.noarch.rpm2653fd7bb22b7281127bf6f5fccea9ab45aed310abce84506fe62256ecb09798pki-native-tools-9.0.3-21.el6_2.i686.rpm33d202af17cc2fb9b9d643d5ce30c9b83db6a55e4bda655a34957aada8065c39pki-selinux-9.0.3-21.el6_2.noarch.rpm686e07e564f9286d10f907af1ddb8e9c03274c6c8ed7000673415bd563d7027fpki-setup-9.0.3-21.el6_2.noarch.rpmb6920e5b8a116288a858b583671cdc6f842d3f28effd4ad1e664362eb2006485pki-silent-9.0.3-21.el6_2.noarch.rpm1025a26fd17ee52752bbaab27bca7f586cce543d8ee1617fd966a77755d11bbapki-symkey-9.0.3-21.el6_2.i686.rpm294648249cf23188964dbde8cbe34b6b9a8d4f63c6bf3ef2940d0541fe95a216pki-util-9.0.3-21.el6_2.noarch.rpmec812f3d205d929cf32030f36ebf7539ff5daef8d906c61c44a6a40648c9f5fbpki-util-javadoc-9.0.3-21.el6_2.noarch.rpm9bc616f3eaf4526ae176e3d886aacc5911fda665c20d061ab1de71f81d80c0c0SLBA-2012:0360-1This update fixes the following bug: * The functions that implement Counter (CTR), Output Feedback (OFB), and Cipher Feedback (CFB) block cipher modes previously incorrectly reset the counter of the remaining bytes of a block that had not been used in the previous encryption or decryption operation. Consequently, calling the encryption function on a small amount of data, that was not aligned to the size of the block, led to incorrect data encryption or decryption in the aforementioned modes. An upstream patch has been applied to correct the underlying functions, and both encryption and decryption now work as expected in CTR, OFB, and CFB modes.Scientific LinuxScientific Linux 6openssl-1.0.0-20.el6_2.2.i686.rpmf98a5fff54b67d9535ae12afaa5c5852258fb02e1ed3243807b6c5a5bfc518a1openssl-devel-1.0.0-20.el6_2.2.i686.rpmf1005b898dbd761b41c5345400f0a4adc11db08e84b260d571e8c80eaf98dfaaopenssl-perl-1.0.0-20.el6_2.2.i686.rpm62c3bc75ba8246998615fa4d39458f20b1722738d7fd3d250cd4a127e1f31630openssl-static-1.0.0-20.el6_2.2.i686.rpm54da6944e432dac369c556fea7d2da07fa3b3b82db1ab0b3b98082f3729187b1SLBA-2012:0365-1This update fixes the following bug: * Previously, the interface provided by the gmp library was changed. This resulted in one exported symbol being absent in Scientific Linux 6 (when compared to the Scientific Linux 5 system). In addition, the symbol could have been reported as missing under certain circumstances. To fix this problem, this update adds the missing symbol back to the library.Scientific LinuxScientific Linux 6gmp-4.3.1-7.el6_2.2.i686.rpm6e238f5356828797e67ce79d397c883dea5ce16bb6af2f5e97a242f6169a4077gmp-devel-4.3.1-7.el6_2.2.i686.rpmdec5c7b1e03e2be75313246a87b60f894252f42fe06da5a67f44a54c3d61e75cgmp-static-4.3.1-7.el6_2.2.i686.rpmc8f7bb5f957cfd535253485c904568084549cc3def1a6f17003f0705b84d20a8SLBA-2012:0366-1This update fixes the following bugs: * Previously, if the "override" keyword was present in the depmod.conf file without any parameters specified, the depmod utility terminated unexpectedly with a segmentation fault. A patch has been applied to ensure that the depmod utility no longer crashes and a syntax warning is displayed instead. * Previously, on low-memory systems (such as low-memory high-performance infrastructure, or HPC, nodes or virtual machines), depmod could use excessive amount of memory. As a consequence, the depmod process was killed by the OOM (out of memory) mechanism, and the system was unable to boot. With this update, the free() function is correctly used on several places in the code so that so that depmod's memory consumption is reduced. This update also adds the following enhancement: * This update adds the "backports" directory to the search path in the depmod.conf file, which is necessary to support integration of the compat- wireless package into kernel packages.Scientific LinuxScientific Linux 6module-init-tools-3.9-19.el6_2.i686.rpma370a2cd774aeee3f6d30c0191fdce1b3b0b1d5ae497abdbe9a8bca6975258bfSLBA-2012:0368-1This update fixes the following bug: * Previously, if the X server was configured as a multi-screen setup through multiple "Device" sections in the xorg.conf file, an absolute input device (for example a graphic tablet's stylus) got stuck in the right-most or bottom-most screen. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens.Scientific LinuxScientific Linux 6xorg-x11-server-Xdmx-1.10.4-6.sl6.3.i686.rpmf02e26508ad091b6a742d334395b07486d2988a12439be9cff4c50696ce0bfb3xorg-x11-server-Xephyr-1.10.4-6.sl6.3.i686.rpm2e4b5b1ab5ac636eeabcb21cf4e5d133d4842e15eb80282a0a2fc896e86c6c83xorg-x11-server-Xnest-1.10.4-6.sl6.3.i686.rpm1417869d1d68253516ed0447c4017a27a386cb13c72099e9cd3f817aafb762d7xorg-x11-server-Xorg-1.10.4-6.sl6.3.i686.rpme8834bf818d84927aee6d0b471212f49cc5ed3bd8ed6d01dc62a9250b3863a3bxorg-x11-server-Xvfb-1.10.4-6.sl6.3.i686.rpmee8a2241e86d969b6a0f03782c2d93626606a4e211628d8aa799ed7e8ae1acc7xorg-x11-server-common-1.10.4-6.sl6.3.i686.rpma430c81e68dfd21db2e61e0f0473c90d16d66b29ce9835524e219c7ca2902b98xorg-x11-server-devel-1.10.4-6.sl6.3.i686.rpmdea8e3502d41e30096c0825ed8685a36f1595be62697d9ff9e203f8941e23436xorg-x11-server-source-1.10.4-6.sl6.3.noarch.rpm6a6bac4d5bde5a234f81c0cb47fe26c563a84bfacf0a8a28cca37f86e88e3fa1SLBA-2012:0371-1This update fixes the following bugs: * The SPICE client did not properly support the Xinerama extension in full screen mode on multi-screen setups. Therefore, if the user switched to full screen mode while using Xinerama, the SPICE client windows failed to cover all physical screens used by the guest. With this update, the underlying code has been modified to provide Xinerama support and the SPICE client now behaves correctly in full screen mode. * Any attempt of sound recording in the guest failed if there was another application accessing the recording device on the SPICE client startup. This update ensures that the client uses the PulseAudio sound server, which now allows multiple applications to access the recording device at the same time.Scientific LinuxScientific Linux 6spice-client-0.8.2-7.el6_2.2.i686.rpm9ffb20854a279ceff756fd9b4fedc1c692ade2de00808433fb2afb67ca50bc61SLBA-2012:0372-1The icedtea-web package has been upgraded to upstream version 1.1.5, which ensures that Firefox 10 and later does not terminate unexpectedly when LiveConnect is heavily used, and that Chrome browser tabs no longer terminate unexpectedly during JavaScript execution. Note: This update is not compatible with Firefox 3.6 and earlier. If you are using such a Firefox version, upgrade to a later supported version before applying this update.Scientific LinuxScientific Linux 6icedtea-web-1.1.5-1.el6_2.i686.rpm1a58400fc967769dcac838e87e1ebe205162524344e65efcd8cfdf19c2eadf1cicedtea-web-javadoc-1.1.5-1.el6_2.i686.rpmd709737f4dfe39382a69afe127a36dcba6d9a351eb8111df2e7a9ddd20bf2220SLBA-2012:0373-1This update fixes the following bug: * Previously, the range condition for the update_aru() function could cause incorrect check of message IDs. Due to this, in rare cases, the corosync utility entered the "FAILED TO RECEIVE" state, and so failed to receive multicast packets. With this update, the range value in the update_aru() function is no longer checked for; the fail_to_recv_const constant performs such checks. Now, corosync does not fail to receive packets.Scientific LinuxScientific Linux 6corosync-1.4.1-4.el6_2.1.i686.rpm8c1b3b43c2b7e4762e98f317a004269876d1eeecdbb631be213407689ccd2eeccorosynclib-1.4.1-4.el6_2.1.i686.rpm6551a5e93713670fba40685a5b50b73246eaef8bfb5724eb0471ca2631fcff26corosynclib-devel-1.4.1-4.el6_2.1.i686.rpmc7b0323a54f7f8bc344c22a053e6fba450f4440612e90f0315ed4abeed6e1e07SLBA-2012:0377-1This update fixes the following bug: * Previously, on big-endian architectures, including IBM System z, the Konqueror web browser could terminate unexpectedly or become unresponsive when loading certain web sites. A patch has been applied to address this issue, and Konqueror no longer crashes or hangs on the aforementioned architectures.Scientific LinuxScientific Linux 6kdelibs-4.3.4-14.el6.i686.rpm7ba8a108d8dbba1dcb95c4b66f969d3312bda914cb4ecf0deb8112dec5fa3d93kdelibs-apidocs-4.3.4-14.el6.noarch.rpmdf00bae61381fcf563d8b190193fd50613587d0fab914a99e4fee73968b1c154kdelibs-common-4.3.4-14.el6.i686.rpm552b59f648df935b970c2c2d175ddd7f42de76feccddfd85b3b9065411cce706kdelibs-devel-4.3.4-14.el6.i686.rpmab8a57b08d1c0708d2cddb26a399e97b3574aedc6c6706d7ec74a173a1f19024SLBA-2012:0380-1This update fixes the following bugs: * The QXL driver for Scientific Linux 6.2 did not contain the compatibility layer. As a consequence, updating a Scientific Linux 6 guest running on a Scientific Linux 5 host in the RHEV 2.2 environment caused the SPICE client window to become black after the update, and therefore unusable. A patch has been applied to ensure proper compatibility and the driver now works correctly in the described scenario. * The QXL driver for Scientific Linux 6.2 was not able to cache images on the client side. This led to visible and significant impact on user experience (users could have experienced delays when loading images contained in web presentations or slideshows). With this update, images can be optionally cached on the client side.Scientific LinuxScientific Linux 6xorg-x11-drv-qxl-0.0.14-13.el6_2.i686.rpme04c7ba282916dbef0cc699cd6cfa2b92231d145687d2f1142d1975f4016c8a2SLBA-2012:0381-1This update fixes the following bug: * Previously, the libgweather library did not contain information for the city of Jerusalem, making it impossible to search for the city or select the city from the list of cities offered by the weather panel applet. This update adds the missing information to the libgweather database, so that users can now select Jerusalem as a valid option.Scientific LinuxScientific Linux 6libgweather-2.28.0-5.el6.i686.rpm9ea0db4269b16a1483b422096a31cdeecbbf0014039ce3e5d13a00741507d27alibgweather-devel-2.28.0-5.el6.i686.rpm71f521d9f369096133f6ca2c3054584d46c4ac3d5129028617406dc5eaa3922fSLBA-2012:0382-1This update fixes the following bug: * When opening an X Display Manager Control Protocol (XDMCP) connection using the tsclient utility, tsclient could terminate unexpectedly with a segmentation fault. A patch has been applied to address this issue, so that an XDMCP connection is now started correctly for the configured host.Scientific LinuxScientific Linux 6tsclient-2.0.2-8.el6.i686.rpm2935a384220b7575673e758eff195b4d94a6e8acdd74c97186bf80dbf23ba779tsclient-devel-2.0.2-8.el6.i686.rpm10fb0f2054a1a9c02a118eb438de025e6627d9657e402278f278aede59337213SLBA-2012:0383-1This update fixes the following bug: * Previously, the dropwatch utility could terminate unexpectedly with a segmentation fault. The failure was caused by a double-free error which occurred while issuing the start and stop messages. This update removes the freeing function calls from the underlying code, which prevents the dropwatch utility from crashing.Scientific LinuxScientific Linux 6dropwatch-1.2-1.el6.i686.rpm6bab2a5f12644e889a51e72ce8382c3102ff9cc3d04b13e95a98c06671d2ffc1SLBA-2012:0384-1This update fixes the following bug: * Previously, the "fonts.dir" file provided with the liberation-fonts packages was empty. As a consequence, legacy applications were not able to make use of liberation-fonts even when the package was installed. This was because the "mkfontscale" command was run after the "mkfontdir" command. The order of running the commands has been changed and legacy applications can use liberation-fonts as expected.Scientific LinuxScientific Linux 6liberation-fonts-common-1.05.1.20090721-5.el6.noarch.rpm5655f4ef0740f80c494e17710e7ffcf9a271170f60d41a3dd1b02e58db2385a3liberation-mono-fonts-1.05.1.20090721-5.el6.noarch.rpm40ac236e3467cff81c1a155dde8bf32a9053a2e5180592230aa7503fe7cad68cliberation-sans-fonts-1.05.1.20090721-5.el6.noarch.rpma369a39f5cc8625250e23a47ff293927b3c144782f89906616bcd85d151f08a1liberation-serif-fonts-1.05.1.20090721-5.el6.noarch.rpm35d921d8e2fb1141e5ca2d1bd2fafe3d1ec21c9fe0266d78d4794b6484aad561SLBA-2012:0385-1This update fixes the following bugs: * Prior to this update, the gawk utility could, under certain circumstances, interpret some run-time variables as internal zero-length variable prototypes. When gawk tried to free such run-time variables, it actually freed the internal prototypes, that were allocated just once due to memory savings. As a consequence, gawk sometimes failed and the error message "awk: double free or corruption" was displayed. With this update the problem has been corrected and the error no longer occurs. * Prior to this update, the gawk utility did not copy variables from the command line arguments. As a consequence, the variables were not accessible as intended. This update modifies the underlying code so that gawk makes copies of those variables. * Prior to this update, the Yacc interpreter encountered problems handling larger stacks. As a consequence, the Yacc interpreter could fail with a stack overflow error when interpreting the AWK code. This update enlarges the stack and Yacc can now handle these AWK programs.Scientific LinuxScientific Linux 6gawk-3.1.7-9.el6.i686.rpm63eb436d57bc74c744d7cd80714b68264348b1c762bbd76419cd92c5f08242f5SLBA-2012:0386-1This update fixes the following bug: * The anacron scheduler starts the yum-cron utility with the "nice" value of 10. This caused Yum's RPM transactions to run at very low priority level. Also, any updated service inherited this "nice" value, which influenced the system behavior. This update adds the "reset_nice" configuration option, which allows Yum to reset the "nice" value to 0 before running an RPM transaction. With this option set, Yum's RPM transactions run at normal priority level so that updated services are restarted with normal priority as expected.Scientific LinuxScientific Linux 6yum-3.2.29-22.el6_2.2.noarch.rpm751b2cab3a76307ca2f032a69146ec6029c4d7551b648191f7e5c1f15a9dc1cbyum-cron-3.2.29-22.el6_2.2.noarch.rpme9d44d1620acf743a890376e5be03de95078cc1971cbcccd91ef5b79d9619521SLBA-2012:0391-1This update fixes the following bugs: * Previously, the file utility contained "magic" patterns that incorrectly detected files according to one byte only. Unicode text files starting with that particular byte could be therefore incorrectly recognized as DOS executable files. This update removes the problematic patterns. Patterns that match less than 16 bits are no longer accepted, and the utility no longer detects Unicode files as DOS executables. * Previously, the "magic" pattern for detection of Dell BIOS headers was outdated. As a consequence, the file utility did not detect newer BIOS formats. The "magic" pattern has been updated, and the file utility now detects new formats of Dell BIOS properly. * Previously, users were allowed to add new "magic" files only into the home directory. As a consequence, users were not able to configure "magic" patterns for certain special file formats system-wide. With this update, a backported patch provides a way to read "magic" patterns from the /etc/magic file. * Previously, "magic" patterns for Python were insufficient. The file utility was therefore unable to detect a Python script according to the Python function definition. With this update, detection of Python is improved, and Python scripts are properly recognized. * Previously, the file utility did not contain a "magic" pattern for detection of files compressed using the LZMA algorithm. As a consequence, the file utility was unable to detect these files. This update adds the missing "magic" pattern, and LZMA compressed files are now detected as expected. * Previously, the file utility did not contain a "magic" pattern to detect the swap signature on Itanium microprocessors. As a consequence, the file utility was unable to detect the signature. This update adds the missing "magic" pattern, and the swap signature on Itanium microprocessors is detected as expected. * Previously, the file utility did not parse the name of an RPM package from the RPM file. As a consequence, the utility did not print the name of the RPM package. This update adds a "magic" pattern for RPM package name parsing, and the name is now printed as expected.Scientific LinuxScientific Linux 6file-5.04-13.el6.i686.rpmcda653463354fed5235a798124569c7a3b1ad66a2234fd6ee77894939b9ff669file-devel-5.04-13.el6.i686.rpm6debe48194ca33a279b3a5c0829fa3f16e2d0b5e90f2afc3acc2f902c3dd189dfile-libs-5.04-13.el6.i686.rpmd2d0cc35740a6bad7e0d906d86c9204ec3c875c8a0b09f90c41534583d7bba2bfile-static-5.04-13.el6.i686.rpm4f335ccd94f04f633abef7fd8fa592d2009796d47ffdba5cedbf9432a2d8d065python-magic-5.04-13.el6.i686.rpm0cc4787d0a9b1d90987f3c94f6fdcfcb8d52e4a72691e061bd4d361d742750cfSLBA-2012:0392-1The iok package has been upgraded to upstream version 1.3.13, which provides a number of bug fixes over the previous version. This update also fixes the following bugs: * Due to xkb keymaps being rewritten in a recent update of the xkeyboard-config package, the iok's language list contained incorrect xkb keymap names when selecting the Hindi X Keyboard Extension (XKB). To fix this problem, the iok's xkb parser has been rewritten. * Previously, iok looked for files with the ".mim" suffix in the "~/.m17n" directory instead of the "~/.m17n.d" directory. This update modifies the directory path to the correct "~/.m17n.d" so that the user-defined keymap files are saved in the correct directory. * Previously, when using the on-screen keyboard, mouse clicks on various characters worked as expected. However, finger inputs failed because the first selected character was selected regardless of what characters the user selected next. With this update, users can use the drag-and-drop feature when running iok in advanced mode (the "iok -a" command), which allows users to drag the first key button over the second button. The drag-and-drop feature is not available in iok's default mode. * Due to a small size of the xkb name array, if the user selected the xkb- Malayalam keymap (enhanced Indian Script with the Rupee sign), and then pressed the "To English" button, the iok utility could terminate unexpectedly. With this update, the size of the xkb name array has been increased so that the utility no longer crashes in the described scenario.Scientific LinuxScientific Linux 6iok-1.3.13-2.el6.i686.rpmd66e0370f200fb26ade9775cef4c05f77b2265dbc567447d04c2aad6d8ed1be4SLBA-2012:0394-1This update fixes the following bugs: * The SLBA-2011:1656 errata advisory released a patch that fixed a problem of mod_nss crashing when clearing its SSL cache on startup without the NSS library initialized. However, that patch placed the fix in the improper location in the code, which caused a file descriptor leak in the Apache httpd daemon. With this update, the necessary fix has been relocated to the appropriate location in the code so that the problem is fixed and the file descriptor leak no longer occurs.Scientific LinuxScientific Linux 6mod_nss-1.0.8-14.el6_2.i686.rpm25accaeebe924eb61f2893b8d7c82d551fb735be1751f36250afab4166b576baSLBA-2012:0400-1This update fixes the following bug: * Previously, the kdebase-workspace package relied on the bluez-libs-devel package for rebuild. However, bluez-libs-devel was not supported on IBM System z architectures and builds could be created only with help of the fake-build- provides package which is not required behavior. With this update, the bluez- libs-devel package is no longer required as a dependency on IBM System z architecture and rebuilds are successful.Scientific LinuxScientific Linux 6kdebase-workspace-4.3.4-23.el6.i686.rpmf365a2def513bc30cc7de19a1d159a5eaa26b0095f21b17b776ef63dd67a336fkdebase-workspace-akonadi-4.3.4-23.el6.i686.rpm6b98db3db657704b6e13287ac36073f57fa456cea40668afc17c2b0b6b6d4270kdebase-workspace-devel-4.3.4-23.el6.i686.rpm06f241de1f1a5d4a6a1f1a50a003284289620a5cd8ee64b228be6fe2ce761c9ekdebase-workspace-libs-4.3.4-23.el6.i686.rpm1f1d4c96a0feb02c11b9fdebf59f61702eeface0b279fb0597c8f7b1cf578b75kdebase-workspace-python-applet-4.3.4-23.el6.i686.rpm39c1518ad74d8f864c0800baac5ca3aa96c5c4967bcb995edd67810200f86db5kdebase-workspace-wallpapers-4.3.4-23.el6.noarch.rpm95e80c6ca44bcc5c4c912ae810ea7f0f20b41b63f468ac925edfd2a817b1cf04kdm-4.3.4-23.el6.i686.rpm616a4ffff014be3357af5281271787e2d853b2abac88c7d02dbc4bf5c9ed6c5bksysguardd-4.3.4-23.el6.i686.rpmce5f732414a2f00d1481a3244f4b38fd12412f626572e18a0353332753ac1de9oxygen-cursor-themes-4.3.4-23.el6.noarch.rpme7d12e51d60818d9a1c9865ac1ba33164c297b8901f018b1b34450abbdd5b21aSLBA-2012:0402-1This update fixes the following bug: * Previously, binary files from the base atlas package contained illegal instructions from an incompatible instruction set (3DNow!). As a consequence, an "Illegal instruction" error was displayed. This update disables usage of the instruction set.Scientific LinuxScientific Linux 6atlas-3.8.4-2.el6.i686.rpmea5c4ac816c94d00ef1c4ed0702f06ad7ceeb79da7d3f46463babd89ce0a597fatlas-3dnow-3.8.4-2.el6.i686.rpmf70fbc7712ba3905c6c8cea5c0c67b1c8fb398b03aa6b191ff37ed5bdbd9c595atlas-3dnow-devel-3.8.4-2.el6.i686.rpm3a3b92210c8a99126d7a2ceb6952fd9fbc36eec50acf6110ab6fae2783d75739atlas-devel-3.8.4-2.el6.i686.rpm9c8af5f03b9b34fb9152408743b6b02a04dda81754812e5bfad34e19cde984aeatlas-sse-3.8.4-2.el6.i686.rpm7b05eb033f0602926c6c2a63f72453a72d95d830978b08027065a2404c63ce11atlas-sse-devel-3.8.4-2.el6.i686.rpm4f96e27089140a23599228b5a825968a51b4e48525aae471aab06fd2e3b9e2aeatlas-sse2-3.8.4-2.el6.i686.rpm4f28a140b87c953dd60e079eaab4f9195aa7a2d2b19d148cb1767a10776c8200atlas-sse2-devel-3.8.4-2.el6.i686.rpm3c27e151c0daa68bf6fb41f746015f3caea7ee911c3ddaf6a93c1414246a1298atlas-sse3-3.8.4-2.el6.i686.rpme55246980d010332250d71e00a43b7e11de4edb8ac156ab9144368e5e2d4caeeatlas-sse3-devel-3.8.4-2.el6.i686.rpmb76fd943fb10ed908a097a35e5340a1e9921b64731542369080ea0d635620b97SLBA-2012:0403-1This update fixes the following bugs: * Previously, the "mkbootdisk --iso" command could fail with a "Volume ID string too long" error. This was because the length of the volume ID is limited to 32 characters but the limit was not verified. With this update, the string length is verified and if it is longer than 32 characters, the fixed string "Scientific Linux" is used for volume ID. * Previously, the mkbootdisk package was missing a dependency on the genisoimage package that was required for functionality of the "--iso" option. This update adds the missing dependency.Scientific LinuxScientific Linux 6mkbootdisk-1.5.5-3.el6.i686.rpm4f2e0de3ee1977781a23391d1c58a7c1af51281e7edbf7c5a1cba4d9306a4590SLBA-2012:0404-1This update fixes the following bug: * Previously, no dependency on the rpcbind package was specified in the rstatd and rusers SysV init scripts. In addition, when the rstatd and rusersd services were started, a check to see if networking was enabled was not performed, and an incorrect exit code was returned. This update adds rpcbind dependency to the rusersd and rstatd init scripts. Also, the SysV init scripts have been adjusted to return correct exit codes. Checks are now performed when starting the rstatd and rusersd services to see whether networking is available and binding to rpcbind was successful.Scientific LinuxScientific Linux 6rusers-0.17-61.el6.i686.rpm956da88b2e687c8feb27b3a3ab9fde4d7ac15685bf36a6ece60a2a4246524cdcrusers-server-0.17-61.el6.i686.rpm6486f396c12701ae54620003c62bbdbe73d1fe85a9531e6a04de358dba379efeSLBA-2012:0405-1This update fixes the following bug: * Previously, due to an object not being destroyed, the Nautilus file manager could consume an excessive amount of memory. Consequently, constantly growing resident memory would slow down the system. The source code has been modified to prevent memory leaks from occurring and Nautilus now consumes a reasonable amount of memory.Scientific LinuxScientific Linux 6gnome-desktop-2.28.2-9.el6.i686.rpm602fa48bc4ba87d01fd732d6ffc5b6fb571611affcba93098c54e5e57f4b338egnome-desktop-devel-2.28.2-9.el6.i686.rpm107805dfbb2c462b17afb7d8ca7fbc7874626afba374c362956c6da0c7c0469cSLBA-2012:0409-1This update fixes the following bugs: * Under certain circumstances, the xinetd daemon could become unresponsive (for example, when trying to acquire an already acquired lock for writing to its log file) when an unexpected signal arrived. With this update, the daemon handles unexpected signals correctly and no longer hangs under these circumstances. * Previously, a bug in the xinetd code could cause corruption of the time_t variable resulting in the following compiler warning: warning: dereferencing type-punned pointer will break strict-aliasing rules A patch has been applied to address this issue, so that the warning no longer occurs. * Previously, the xinetd daemon ignored the "port" line of the service configuration file, and it was therefore impossible to bind certain RPC services to a specific port. The underlying source code has been modified to ensure that xinetd honors the "port" line, so that the port numbers are now handled appropriately. * Incorrect use of the realloc() function could cause memory corruption. This resulted in the xinetd daemon terminating unexpectedly right after the start when a large number of services had been configured. The realloc() function has been removed, which ensures that memory corruption no longer occurs in this scenario, and the xinetd daemon starts successfully even when configuring a large number of services.Scientific LinuxScientific Linux 6xinetd-2.3.14-34.el6.i686.rpm79638cf2a280fa7bb3af41140d90512a49bc938dc28c15ec2ede2909fbaa4293SLBA-2012:0413-1The python-slip packages have been upgraded to upstream version 0.2.20, which provides a number of bug fixes over the previous version. In addition, this update fixes a bug causing previous versions of python-slip to incorrectly determine whether SELinux was enabled or not. Therefore, convenience functions for writing files always attempted to set SELinux labels even if SELinux was disabled. This could cause for example the system-config-date tool to fail to change settings.Scientific LinuxScientific Linux 6python-slip-0.2.20-1.el6_2.noarch.rpm718fe4e2d58e1fa8f82882c0e5c9fa6b7c4761034ac82372bba29ead0625317bpython-slip-dbus-0.2.20-1.el6_2.noarch.rpm0eb0378bd4201e8b2940272030ed6c8b84284c730cad20dac5825e3392e7da01python-slip-gtk-0.2.20-1.el6_2.noarch.rpmf6a56f9abf85a6936cd1be198e3892b3f4f3bca76a68a218375c90f226cd5556SLBA-2012:0414-1This update fixes the following bug: * Previously, the "start-time" command-line argument of the tcpslice utility was parsed incorrectly. As a consequence, the utility produced error messages every time the command-line argument was used. With this update, the "start- time" command-line argument is parsed correctly, and an error message is displayed only if "start-time" is defined in an incorrect format.Scientific LinuxScientific Linux 6tcpdump-4.0.0-3.20090921gitdf3cb4.2.el6.i686.rpm7cd44fbf9ce7ac3d42b1ca0006bdcd16275857741da90c08cd1b3fd5a0a464a7SLBA-2012:0415-1This update fixes the following bugs: * When installing multiple Linux Standard Base (LSB) services which only had LSB headers, the stop priority of the related LSB init scripts could have been miscalculated and set to "-1". With this update, the LSB init script ordering mechanism has been fixed, and the stop priority of the LSB init scripts is now set correctly. * When an LSB init script requiring the "$local_fs" facility was installed with the "install_initd" command, the installation of the script could fail under certain circumstances. With this update, the underlying code has been modified to ignore this requirement because the "$local_fs" facility is always implicitly provided. LSB init scripts with requirements on "$local_fs" are now installed correctly.Scientific LinuxScientific Linux 6chkconfig-1.3.49.3-1.el6_2.i686.rpm09cc52bbb6385e9f81a73fb169bc1e0ed37f241f63eea9c4b5d534973051c695ntsysv-1.3.49.3-1.el6_2.i686.rpm232aceb120438e723a85d4797aaf15707073e2724da36b2abd458adccde17875SLBA-2012:0418-1This update fixes the following bug: * Previously, empty jobs could be created using the "lp" command either by submitting an empty file to print (for example by executing "lp /dev/null") or by providing an empty file as standard input. In this way, a job was created but was never processed. With this update, creation of empty print jobs is not allowed, and the user is now informed that no file is in the request.Scientific LinuxScientific Linux 6cups-1.4.2-44.el6_2.3.i686.rpmf36ace6eec32dc2d4fb2750836c1d4394c1dffceda04871c4c2745ea2d49996fcups-devel-1.4.2-44.el6_2.3.i686.rpm01c9ab6a87929a9fa7409b19ccb591c1aa58b1940f44515f07886f52cc782da3cups-libs-1.4.2-44.el6_2.3.i686.rpma381c811d89dd0e63ca5c91ceabea88d205386de8059df6c5c0647e95e3e957acups-lpd-1.4.2-44.el6_2.3.i686.rpm205d275f72738d176141ede69c370537d62e04ec5ebf569d565ff95e1d194305cups-php-1.4.2-44.el6_2.3.i686.rpmc668790222a778a55c3cf0a38aaaa152c9cc9109fd3b14a315b2e001ced72f5aSLBA-2012:0419-1This update fixes the following bugs: * If the user attempted to connect locally as a non-root user to the libvirtd daemon (using "qemu:///user"), the ".libvirt" directory was not created in the home directory. As a consequence, non-root users failed to use libvirt. This update ensures that the directory is created, and libvirt now works as expected for non-root users. * The localtime_r() function used in the libvirt code was not async signal safe, which caused child processes to enter a deadlock when attempting to generate a log message. As a consequence, the virsh utility became unresponsive. This update applies backported patches and adds a new API for generating log time stamps in an async-signal safe manner. The virsh utility no longer hangs under these circumstances. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.Scientific LinuxtrueScientific Linux 6libvirt-0.9.4-23.el6_2.7.i686.rpm5b05d932a2dc645c2a2c31392ac75ce8a2dd5d1cad6e68f865a9b404ca8f226alibvirt-client-0.9.4-23.el6_2.7.i686.rpm69c74864258d0a3068b313ab9c675073c185d6cb533c149dbbd148c2eebdea79libvirt-devel-0.9.4-23.el6_2.7.i686.rpm57b76aff3e8cef0e646614dc4af813825c7e065bbad9fb4c3fee0441835fc378libvirt-lock-sanlock-0.9.4-23.el6_2.7.i686.rpm1924004d3096d8c227b95d7615ec598ae546b4a65191e5dff89c52831018b3f5libvirt-python-0.9.4-23.el6_2.7.i686.rpm935e63e01212c5f90f9814a5e90983371fabc304d12045c874a0b3cb9e1de030SLBA-2012:0425-1This update fixes the following bug: * If a marshaled object contained multiple child objects and the call to the Marshal.load method was interrupted by a context switch, a segmentation fault could have been triggered. This was due to a thread-safety bug in the Ruby interpreter and could affect multiple packages. To prevent segmentation faults from occurring, the destination string is marked, and data tables that are identical with symbol tables are cleared.Scientific LinuxScientific Linux 6ruby-1.8.7.352-7.el6_2.i686.rpm219342e9c3eb70551367b4678792d5aeebacc5d9c7969ec77955bad6a55a581aruby-devel-1.8.7.352-7.el6_2.i686.rpm126b72c1fa548f75d776361d8082e921aa74992619f1128e4521bb7ec9e6e326ruby-docs-1.8.7.352-7.el6_2.i686.rpm62e7e588bd8b5f1ab020e7fb7f1657d2fb2eefe2f84e9b9b48f8c5f4a6ef0606ruby-irb-1.8.7.352-7.el6_2.i686.rpm791899f74f9b6539ef5a2eed6e668042d5f538a17868a9d7d8737a7be66291a4ruby-libs-1.8.7.352-7.el6_2.i686.rpm2390a51c4612f8b1dd4807170c7c5ec2405fb9fefac36778ea2e2957cf095507ruby-rdoc-1.8.7.352-7.el6_2.i686.rpm9e20b0826bb3a1accab28642cd4ce60415c2669f7a04e009d0014c649aaec0bbruby-ri-1.8.7.352-7.el6_2.i686.rpmcace163b3cb9cdb4e925062c8087d4b1532ac1e7bb75e2b006c7b74b30489e60ruby-static-1.8.7.352-7.el6_2.i686.rpm30594b47ae88b39162872c26a8302f7be823ddedbb7e18a3d65dd58ec294a668ruby-tcltk-1.8.7.352-7.el6_2.i686.rpm6d59e2db57706c599143b2635c25ff7b359f0021848690f6a3d972c837910d4fSLBA-2012:0430-1This update fixes the following bugs: * Previously, SSL connections could not be established with libcurl if the selected Network Security Services (NSS) database was broken or invalid. This update modifies the code of libcurl to initialize NSS without a valid database, which allows applications to establish SSL connections as expected in this scenario. * The OpenLDAP suite was recently modified to use NSS instead of OpenSSL as the SSL back end. This change led to collisions between libcurl and OpenLDAP on NSS initialization and shutdown. Consequently, applications that were using both, libcurl and OpenLDAP, failed to establish SSL connections. This update modifies libcurl to use the same NSS API as OpenLDAP, which prevents collisions from occurring. Applications using OpenLDAP and libcurl can now connect to the LDAP server over SSL as expected. All running applications that use libcurl have to be restarted for this update to take effect.Scientific LinuxScientific Linux 6curl-7.19.7-26.el6_2.4.i686.rpm66c0503e1d0bd7960025cfb7bbab3838cff4ba1e0f68ff0c80045cb023d6a33dlibcurl-7.19.7-26.el6_2.4.i686.rpmb06ea55ad288b4ecf7ac400833a47319155070612b461fdf724cc0742231f589libcurl-devel-7.19.7-26.el6_2.4.i686.rpm0c39c85515a633ceba1dc75a7ef546812c802f97b0b37a2791c15c8542ca0b62SLBA-2012:0431-1This update fixes the following bugs: * Previously, an insufficient data type was used for certain bit shift operations in the libssh2 code. This could result in an arithmetic overflow, which caused the curl utility to terminate unexpectedly when downloading files larger than 2 GB over the SFTP protocol. With this update, the underlying code has been modified to use the correct data type and curl now works as expected in the scenario described. * When sending a large amount of data over SSH, libssh2 could, under certain circumstances, fail to resume an interrupted key exchange. Instead of that, further data was erroneously sent, which caused the remote site to close the connection immediately. This update modifies the code of libssh2 so that libssh2 now properly resumes the interrupted key exchange before sending any further data. The connection remains open and the data transfer proceeds as expected. After installing this updated package, all running applications using libssh2 have to be restarted for this update to take effect.Scientific LinuxScientific Linux 6libssh2-1.2.2-7.el6_2.3.i686.rpmbc11f1246a6559a3ab2a5e4ab539d93850af680fda61dd2b9ff53a318b3dbcf1libssh2-devel-1.2.2-7.el6_2.3.i686.rpm90904fdecf46c4f3fea368236f8a6573ee237e037d9851063e9f024938cbd786libssh2-docs-1.2.2-7.el6_2.3.i686.rpma827beb63e831a9df00e7bf5e3f377a5f752cec4014cc50c17ff73f619c79294SLBA-2012:0442-1This updated lsof package fixes the following bugs: * Previously, only the first "+e" or "-e" option was processed and the rest were ignored. Consequently it was not possible to exclude more than one file system from being subjected to kernel function calls. This update fixes this issue and lsof now functions as expected with multiple +e or -e options. * Prior to this update, the lsof utility ignored the "-w" option if both the "-b" and the "-w" options were specified. As a consequence, lsof failed to suppress warning messages. Now, the -w option successfully suppresses warning messages.Scientific LinuxScientific Linux 6lsof-4.82-4.el6.i686.rpmdf0d3e3c2278774d327c55578a724ab07f7ef6e92a4bda709f7cfcdbd5ab54abSLBA-2012:0443-1This update fixes the following bug: * Prior to this update, memory corruption could occur in an "eval" expression if one of its sub-expressions was assigned to the same variable. An upstream patch has been applied to address this issue, and memory corruption no longer appears in the described scenario.Scientific LinuxScientific Linux 6make-3.81-20.el6.i686.rpm1ff571253a2fc5386ae665d1848ccf87854a4233f1efae6aaa27f2c43f0ccec7SLBA-2012:0444-1This update fixes the following bug: * Prior to this update,the options --to-stdout and --no-absolute-filenames were not listed in the cpio (1) manual page. This update includes the missing options and corrects several misprints.Scientific LinuxScientific Linux 6cpio-2.10-10.el6.i686.rpm603eba59fe1d06bbd2134ecf0e4c97b5545669a836836b9670ad911fb3bbeca9SLBA-2012:0445-1This update fixes the following bugs: * Prior to this update, the PCRE license file was missing from the pcre-static subpackage. This update adds the license file. * Prior to this update, the pcretest(1) manual page contained various misprints. This update corrects these misprints. * Prior to this update, the pcregrep(1) manual page contained various misprints. This update corrects these misprints.Scientific LinuxScientific Linux 6pcre-7.8-4.el6.i686.rpm93066dd8feedc6c9837a2f7e3b46b66e3ae1f9cf46dae90a1d50b9f134f3569bpcre-devel-7.8-4.el6.i686.rpm495499f1fbb063a805cb5ad55c731c71fe5b0e356f37705c486ffe249887bae7pcre-static-7.8-4.el6.i686.rpme665e0c9122fcb82914d99beaf2e87765a142daba12f50edd40d6314e6a70a10SLBA-2012:0446-1This update fixes the following bugs: * If the SDL_VM_GrabInput() function was called when the window of an SDL application was not visible (for example, the window was displayed on a different workspace or outside of the screen borders), the SDL library, and therefore the current application thread, was unresponsive until the window became visible and the input could be grabbed. The SDL_VM_GrabInput() function has been adjusted to return immediately with the proper error code signaling that the grab failed. * Previously, calling the SDL_BlitSurface() function on overlapping rectangles when running the Streaming SIMD Extensions 3 (SSE3) optimized standard C library caused the bitmap content on the screen to be corrupted. The internal SDL_BlitCopyOverlap() function has been fixed to copy bitmaps between overlapping areas correctly. The SDL_BlitSurface() function now performs correctly even if the standard C library does not implement the memcpy() function safely for operations on overlapping memory areas. * When running an SDL application in window mode and using certain window managers (like Fluxbox), the left-button event was not reported to the application. This update fixes dispatching of notifications when a window is left and the parent window is not interested in grabbing or ungrabbing events to handle window focus changes. With this update, the event of pressing the mouse button is reported to the application even if the window manager handles grab events. * When using a hat-type analog joystick in an SDL application, the application terminated unexpectedly with a segmentation fault when the user moved the hat. The data structure which defines the analog part of a joystick has been updated to match the data structure passed by the kernel to the SDL library. The state of the analog hat is now properly passed by the kernel to the SDL library and it is interpreted accurately by the library. * Prior to this update, the SDL spec file contained two invalid configuration options. This update removes these unrecognized options from the spec file. All options defined in the spec file are now recognized by the SDL configure script.Scientific LinuxScientific Linux 6SDL-1.2.14-3.el6.i686.rpm01869d41397f8e35fab801b1763f8a5d9230d14340ce38a77f8704cdc9ed2c43SDL-devel-1.2.14-3.el6.i686.rpm4828b7bc528dddd7f471cd1e2f4895e06cb3d226d90798d8366f7da9cf1f716cSDL-static-1.2.14-3.el6.i686.rpmd2c83d0b9e407807430782816d935e8680a6c5c93edbea9aaefcc91b6867dc3aSLBA-2012:0447-1This update fixes the following bugs: * Prior to this update, the init script for the portreserve daemon did not always return the correct exit code. As a consequence, an incorrect error message was displayed. With this update, the init script is modified to return the correct exit codes, and also appropriate messages are now displayed. * The portreserve package requires the "chkconfig" command because it is run in installation scriptlets. However, this was previously not reflected in the package metadata, and error messages could be displayed during installation. To prevent this issue, this update adds requirement tags for chkconfig.Scientific LinuxScientific Linux 6portreserve-0.0.4-9.el6.i686.rpm0bad7ad0435a562ae26fad16aca29312b38c1b1e93310c66cba712e893588431SLBA-2012:0448-1This update fixes the following bugs: * Previously, displaying tooltips while being in a main loop recursion caused the system-config-printer utility to terminate unexpectedly. To prevent system- config-printer from crashing, displaying tooltips is now avoided during the main loop recursion. * Python bindings for the CUPS library were not reliable when threads were used. In particular, a single password callback function was used instead of one for each thread. This, in some cases, caused the system-config-printer utility to terminate unexpectedly with a segmentation fault. With this update, thread local storage is used for the password callback function in Python bindings for the CUPS library.Scientific LinuxScientific Linux 6system-config-printer-1.1.16-23.el6.i686.rpmdf2a568893022cd9e6890bbda154c99ff3ecfbb939dcc16b8c570841189e3925system-config-printer-libs-1.1.16-23.el6.i686.rpm6b1e1d8c0ef63e15874bef20bf37ffc714748d02bb361752b432a86a031bd689system-config-printer-udev-1.1.16-23.el6.i686.rpmd6a22266e46f1672d0d34b905a9e27c5e388b4f40ac11bcc0d7345b9f67ed409SLBA-2012:0449-1This update fixes the following bugs: * Previously, the Japanese version of the man(1) manual page contained a duplicate line in the specification of the "-p pager" option. This update removes the duplicate. * Prior to this update, the makewhatis script, which creates the whatis database of manual pages, ignored symbolic links between pages. With this update, the makewhatis script includes symbolic links in the whatis database.Scientific LinuxScientific Linux 6man-1.6f-30.el6.i686.rpmc14de69c37330122c84aa8b0d7768361d8c9d5da32097a7698d40636f9b51944SLBA-2012:0450-1This update fixes the following bug: * Previously, the KPendulum and KRotation screen savers, listed in the OpenGL group of KDE screen savers, produced only a blank screen. This update disables KPendulum and KRotation and none of them is listed in the OpenGL group anymore.Scientific LinuxScientific Linux 6kde-style-phase-4.3.4-7.el6.i686.rpm3af072d535e234704f675fe7611406342b8c118a6d531ee02f655d9b30805eadkdeartwork-4.3.4-7.el6.i686.rpm7449609a55c9db577674a184e59f0cc192dbc88a5d07267a181acf8cd84e3730kdeartwork-screensavers-4.3.4-7.el6.i686.rpm4706cd5eab2d2312b9b1740190d02fb7b4b304070f4b714bed5ea174be509299kdeartwork-sounds-4.3.4-7.el6.noarch.rpmc279323ed46337e63942b55a14f1215bbff370ae0bb2232d63e8cb5b39d5403akdeartwork-wallpapers-4.3.4-7.el6.noarch.rpm38edb0f226cad44f24a7b828acfb2c27215721372b98ef434f01d57b2f1c6b39nuvola-icon-theme-4.3.4-7.el6.noarch.rpm1b2e9f65acefc4f638953f8e7f0d2db329f1e85a3b71a8f1670ada8071f3f6e7SLBA-2012:0452-1This update fixes the following bug: * The db4 spec file incorrectly stated that the "License" is simply "BSD", whereas it is in fact licensed under both the BSD and Sleepycat licenses, the latter of which differs from the Berkeley Software Distribution (BSD) license by including a redistribution clause. This update corrects the spec file so it correctly states that the db4 software is provided under the "Sleepycat and BSD" license.Scientific LinuxScientific Linux 6db4-4.7.25-17.el6.i686.rpmb6141931cbdb3f18e8544d99faaaf39f1ddcc77501dd4e9d063aae5b1daf3540db4-cxx-4.7.25-17.el6.i686.rpmb1974b41df21c6ecf63a4dbe84f5c8b2baca398421dfb2e1c24c4fd1741740a6db4-devel-4.7.25-17.el6.i686.rpm9aa13045e47397ffa7f3172317e9b8c62fef7d6b1bf7d5cd39896076181a271cdb4-devel-static-4.7.25-17.el6.i686.rpmfc14b575debcd426f61262bf4264053543c01818c40f2cdc9de8ed8455d00d57db4-java-4.7.25-17.el6.i686.rpm73a981e69ec1a5ec2f814cc4dcda78f4b6bf419d6850273e8bde57e6acd31238db4-tcl-4.7.25-17.el6.i686.rpm054403b9956fd378a70f6534bf641cfac67f336010ee99c92a8c3b64cc96a913db4-utils-4.7.25-17.el6.i686.rpm631b4ec13d03f0f3c70a5a84cd23b72dad5b513283a51b65c2f79b101b98c588SLBA-2012:0454-1This update fixes the following bugs: * Previously, when using the VimExplorer file manager with the locale set to Simplified Chinese (zh_CN), the netrw.vim script inserted an unwanted "e" character in front of file names. The underlying code has been modified so that file names are now displayed correctly, without unwanted characters. * The spec file template that was used when new spec files were edited contained outdated information. With this update, the spec file template is updated to adhere to the latest spec file guidelines. * When using the file explorer in a subdirectory of the root directory, the "vim .." command displayed only part of the root directory's content. A patch has been applied to address this issue, and the "vim .." command now lists the content of the root directory properly in the described scenario. * Due to a typographic error in the filetype plug-in, the vim utility could display the httpd configuration files with incorrect syntax highlighting. This update corrects the errors in the filetype plug-in, and the httpd configuration files are now displayed with the correct syntax highlighting.Scientific LinuxScientific Linux 6vim-X11-7.2.411-1.8.el6.i686.rpm053cc0787e92a11d7e374727aba18c4e5b24265538abd3ddcca8d55abb7fcc28vim-common-7.2.411-1.8.el6.i686.rpm3f0b15045daf52e86faffd033419e6fbddc0cc30d7881837c9e5f74a4d1e1395vim-enhanced-7.2.411-1.8.el6.i686.rpm02098b854df267b558e004876b6ec350c7961b41d23ea296d2ed5f7dadb18732vim-minimal-7.2.411-1.8.el6.i686.rpm7ef02e77d04292597e40138c8ecb17131abd17ec405e7e2d731b2d9eb0181b29SLBA-2012:0455-1This update fixes the following bugs: * When creating a user account in Lightweight Directory Access Protocol (LDAP), the libuser library used the value of the "gecos" attribute as the default value of the "cn" attribute. When the "gecos" attribute was empty, this made the value of "cn" invalid, and the creation of the user account failed. With this update, the user name of the account is stored in the "cn" attribute if the "gecos" attribute is empty, thus allowing successful creation of the user account. * When populating a home directory by copying files from the /etc/skel directory, libuser ignored the "set user-id" and "set group-id" flags. This made it impossible to set up group-shared directories in a home directory. With this update, the "set user-id" and "set group-id" flags are preserved. * Previously, when searching for the user or group account information in files of certain sizes, the libuser library could terminate unexpectedly with a segmentation fault. A patch has been applied to address this issue, and crashes no longer occur in the aforementioned scenario.Scientific LinuxScientific Linux 6libuser-0.56.13-5.el6.i386.rpmcf68bc04a3aee152b1c6261293a1b254654ab90c3add3ae9c614e33f35d7aa53libuser-devel-0.56.13-5.el6.i386.rpmf58945ca851700b95291fed88fddcf9c1491a0daa6052be67f9e2990c5b08890libuser-python-0.56.13-5.el6.i386.rpmaf6d4fb4c6cbca32d2cd911bb5bed2aefe0055a85d4dcf5da8a70921ecd870f6SLBA-2012:0456-1This update fixes the following bugs: * Prior to this update, the expect(1) manual page was not formatted properly. As a result, the content of the manual page was not readable. The formatting has been corrected to ensure easy readability. * Prior to this update, the passmass script did not call the "su" binary with the full path (/bin/su). The passmass script has been modified to call "/bin/su" rather than "su", which is more secure. * Due to incorrect characters matching, applications created by the autoexpect utility could terminate unexpectedly with a segmentation fault. With this update, the number of characters is matched correctly and applications created by autoexpect run successfully. * Previously, the expect-devel subpackage contained a symbolic link to the expect library, which led to an unnecessary dependency. With this update, the link is located in the expect package.Scientific LinuxScientific Linux 6expect-5.44.1.15-4.el6.i686.rpm2577eecdd92bc22e5c101a32a22c3e799728146b63c938d0a347e6b63bb652e8expect-devel-5.44.1.15-4.el6.i686.rpm068c893064be66ac77e15e739f5b06c44fc7715a11f39e7a25fc6041853d0231expectk-5.44.1.15-4.el6.i686.rpm459d726d5fe8d859c1a7fbebd408682c93e2929ebf92061a217e499314e1556dSLBA-2012:0461-1This update fixes the following bugs: * Prior to this update, it was not possible to instruct the "top" utility by using command-line options to sort processes according to the memory consumption. This was possible only in interactive mode (by using the "Shift+M" key combination). This update introduces a new command-line option, "-a", that instructs the "top" utility to sort processes according to the memory consumption in batch mode. Note that in Scientific Linux 5, this functionality is provided by the "-m" option whereas the same option is used for another feature in Scientific Linux 6. * Previously, the CPULOOP variable effected only the statistical lines representing the particular CPU cores. With this update, the "top" command additionally applies the CPULOOP variable on the CPU summary line (that represents all the CPU cores). * Prior to this update, no development package was generated for procps. With this update, a separate procps-devel package containing a set of procps development headers is available.Scientific LinuxScientific Linux 6procps-3.2.8-23.el6.i686.rpm1c2b872e0b80769e7c7ef0a1581b09a19ae231837f58719dfbb88d64ba6725f0procps-devel-3.2.8-23.el6.i686.rpm7aa20e393312af19a7cab7fd195e2e4bfc6675066bd2d195831331a50fdebaf8SLBA-2012:0462-1This update fixes the following bug: * Previously, the build system configuration files included in the libtar package were incompatible with the way the rpmbuild tool extracts debugging information from the binaries installed to the rpm build root during the build of a package. As a consequence, the libtar-debuginfo package did not contain debugging information. A patch has been applied to address this issue, and the libtar-debuginfo package now contains the appropriate content.Scientific LinuxScientific Linux 6libtar-1.2.11-17.el6.i686.rpma75d007c2f559a407f6a7cdd3de90b6759b733237b622ea6a5b578b5981be5b2libtar-devel-1.2.11-17.el6.i686.rpm6711215eb2514bc8d14a990c3ccadad1b54bbadc867535f310ef338e2f297c0aSLBA-2012:0463-1This update fixes the following bug: Prior to this update, the mansupfr.tar.bz2 tarball that contains supplemental French manual pages, was not correctly extracted. As a consequence, some manual pages were not installed. With this update, supplemental manual pages are added back when no known file conflicts appear, and the supplemental French manual pages are again available. All users, requiring localized manual pages in French, are advised to upgrade to this updated package, which fixes this bug.Scientific LinuxScientific Linux 6man-pages-fr-3.23-9.el6.noarch.rpmfa74528a4e0204cb1344b917d52b3861ab4ff4b37221b42b4b6f60a7f1c906e9SLBA-2012:0464-1This update fixes the following bug: * A bug introduced by fixing the CVE-2011-1777 security vulnerability broke functionality of the ISO 9660 CD-ROM image reader and prevented users from opening ISO 9660 images. A patch has been applied to restore full functionality.Scientific LinuxScientific Linux 6libarchive-2.8.3-4.el6_2.i686.rpm57faa0dda8a5fa703873931fd0864beb5f04581ce9edc2765378ea6c5b923d52libarchive-devel-2.8.3-4.el6_2.i686.rpm448b8c97afa2f206e93bcb0ace752a5866724aa11b97013d4f88805d9254e54eSLBA-2012:0470-1This update fixes the following bug: * Previously, Squid did not pass the ident value to a URL rewriter that was configured using the "url_rewrite_program" directive. As a consequence, the URL rewriter received the dash character ("-") as the user value instead of the correct user name. The underlying source code has been modified so that the URL rewriter now receives the correct user name in the described scenario. After installing this update, the squid service will be restarted automatically.Scientific LinuxScientific Linux 6squid-3.1.10-1.el6_2.3.i686.rpm3b1bba8faea3703c624b2f90fd96687eb3512e35c88aa2d3742bd9efad6187daSLBA-2012:0472-1This update fixes the following bugs: * The ESC utility did not start when the latest 10 series release of the XULRunner runtime environment was installed on the system. This update includes necessary changes to ensure that ESC works as expected with the latest version of XULRunner. * After removing and replacing an enrolled token, ESC could terminate unexpectedly followed by a traceback. A patch has been applied to address this issue and ESC now displays the enrolled smart card details as expected.Scientific LinuxScientific Linux 6esc-1.1.0-24.el6_2.2.i686.rpmaac3c2374c7ee82b4321a9b9d0b1b8a6bf7c9f3072f9a06856722af8c6d41c82SLBA-2012:0473-1This update fixes the following bugs: * When creating a sparse file that was zero blocks long, the "rsync --sparse" command did not properly truncate the sparse file at the end of the copy transaction. As a consequence, the file size was bigger than expected. With this update, the underlying source code has been modified to ensure proper truncating of such files. * Previously, the rsync utility could terminate unexpectedly with the following error during a data transfer: Inflate (token) returned -5 This happened if the block size was exactly of the size of the CHUNK_SIZE constant. The output buffer was completely filled after calling the inflate() function for the first time, and it was therefore not possible to obtain remaining buffer output when calling inflate() the next time. The Z_BUF_ERROR constant is now handled properly, and so prevents rsync from terminating in the described scenario.Scientific LinuxScientific Linux 6rsync-3.0.6-9.el6.i686.rpm9901f25b9c5d85d356ab8d86334a97d57aff96ceb2e7c3be4e9a4ec3c809d3e0SLBA-2012:0479-2This update fixes the following bug: * When running kdump after a kernel crash on the system using the ext4 file systems, the kdump initrd could have been created with the zero byte size. This happened because the system waits for several seconds before writing the changes to the disk when using the ext4 file system. Consequently, the kdump initial root file system (rootfs) could not have been mounted and kdump failed. This update modifies kexec-tools to perform the sync operations after creating the initrd. This ensures that initrd is properly written to the disk before trying to mount rootfs so that kdump now successfully proceeds and captures a core dump. In addition, this update adds the following enhancement: * The kdump utility does not support Xen para-virtualized (PV) drivers on Hardware Virtualized Machine (HVM) guests in Scientific Linux 6. Therefore, kdump failed to start if the guest had loaded PV drivers. This update modifies underlying code to allow kdump to start without PV drivers on HVM guests configured with PV drivers.Scientific LinuxScientific Linux 6kexec-tools-2.0.0-209.el6_2.5.i686.rpm29357f8653bd3e0213ed4b5a30d9c185727b818bffad60ec24d0561f97a0c9f7SLBA-2012:0483-1This update fixes the following bug: * Previously, the fence_vmware_soap fence agent did not expose the full path to a virtual machine that is required for fencing. With this update, fence_vmware_soap has been modified to support identification of virtual machines as expected.Scientific LinuxScientific Linux 6fence-agents-3.1.5-10.el6_2.2.i686.rpm640d5a1416a3cfe9190d77c6a0c9e7e707a9662144f761445618745bc060fcabSLBA-2012:0485-1This update fixes the following bug: * Previously, the libvirt-qpid plug-in was linked directly against Qpid libraries instead of being linked only against QMFv2 libraries. As a consequence, newer versions of Qpid libraries could not be used with the libvirt-qpid plug-in. This update modifies the appropriate makefile so that libvirt-qpid is no longer linked directly against the Qpid libraries. The libvirt-qpid plug-in does not have to be re-linked to work with the newer Qpid libraries.Scientific LinuxScientific Linux 6fence-virt-0.2.3-5.1.el6_2.i686.rpm3417f2ef073b19b997c0481d03f90a93cbf689ce05ee007df4ef0dc002a6ccc9fence-virtd-0.2.3-5.1.el6_2.i686.rpm5aeb9e988ab2b29eaebe65efe06c0e0e03637ebc8d686c2f60f6a95290ebedb3fence-virtd-checkpoint-0.2.3-5.1.el6_2.i686.rpma0293041d46e154ca12fdb6157924d2e2d9b798b701ccb28c5aeb50eb66b555dfence-virtd-libvirt-0.2.3-5.1.el6_2.i686.rpmf702dd8ed7a0ecfc565ced8cdc79aaa288df7e48f9926a3212e803ed819978abfence-virtd-libvirt-qpid-0.2.3-5.1.el6_2.i686.rpmcef8e9ca0f1e2dd62231e9b6de69c9f42aaf77e62a4d13df3eaa8cfcefdbb0cbfence-virtd-multicast-0.2.3-5.1.el6_2.i686.rpmb1a0369a1630b873ec52716807094ae95b15c3e27df35c6255dffe2b84408b49fence-virtd-serial-0.2.3-5.1.el6_2.i686.rpmad644b4250ee776884f66a8c39488ddff8dd1085bea543fd2e68f32e5f503641SLBA-2012:0500-3This update fixes the following bug: * When a live migration of a guest was terminated abruptly (using the Ctrl+C key combination), the libvirt daemon could have failed to accept any future migration request of that guest with the following error message: error: Timed out during operation: cannot acquire state change lock This update adds support for registering cleanup callbacks which are called for a domain when a connection is closed. The migration API is more robust to failures, and if a migration process is terminated, it can be restarted on a subsequent command. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.Scientific LinuxtrueScientific Linux 6libvirt-0.9.4-23.el6_2.8.i686.rpm5ab7082975096aabe5e38e606f27564f29e2473a18c6627a5172accc300288f1libvirt-client-0.9.4-23.el6_2.8.i686.rpm89c60b43a38039ead4928aa70f02c15a53817c36d458ab2a4574418414e90ef8libvirt-devel-0.9.4-23.el6_2.8.i686.rpm9cb160efe353f3c92c01cf956b0b1300e84d5c54f3a93881a30d636b711e3a75libvirt-lock-sanlock-0.9.4-23.el6_2.8.i686.rpma3f978658afaf323bd125c6f3ab7ccfefbfc494a8454b87a30a5840c469c8ee4libvirt-python-0.9.4-23.el6_2.8.i686.rpmd76976c06a5fd0e6ba90a8deff9eb3cd99139828af117a95c84a0e3c04e673b5SLBA-2012:0502-1This update fixes the following bug: * Device-Mapper Multipath uses certain regular expressions in the built-in device configurations to determine a multipath device so that the correct configuration can be applied to the device. Previously, some regular expressions for the device vendor and product ID were set too broad. As a consequence, some devices could be matched with incorrect device configurations. With this update, the product and vendor regular expressions have been set more strict so that all multipath devices can now be properly configured.Scientific LinuxScientific Linux 6device-mapper-multipath-0.4.9-46.el6_2.2.i686.rpm24a3da98927c86f848cbd6173be6dfc9376f132db34a142a8c296bc6022a3002device-mapper-multipath-libs-0.4.9-46.el6_2.2.i686.rpm6c7f37437747b3fefdda4f6c1f221bbfea09b0c539519fef26f9229a891a2938kpartx-0.4.9-46.el6_2.2.i686.rpmc0f714a5972d0e6988a60c96ce53130485a7eb9de1530473e88c902edf89a81aSLBA-2012:0511-1This update fixes the following bug: * Qpid APIs using the libpidclient and libqpidcommon libraries are not application binary interface (ABI) stable. These dependencies have been removed so that Qpid rebuilds do not affect the matahari packages.Scientific LinuxScientific Linux 6matahari-0.4.4-12.el6_2.i686.rpm21c3d3d1f69af10f14c454f01f02cd149667bc8a6a7477c0349264fc62fd8ee7matahari-agent-lib-0.4.4-12.el6_2.i686.rpm2bf0b4b5b73b69d56fedc8102c179ef4c02e0729a5e9e09ffd2faa4df5130db4matahari-broker-0.4.4-12.el6_2.i686.rpm25b18ca9c43c687a2c12e16cd293bdeeddbf5a60bb006cd1478502b3b33e9af2matahari-consoles-0.4.4-12.el6_2.i686.rpm5851e764d481928677a2c637f361412b41640104e75870adaeb051325f601c72matahari-devel-0.4.4-12.el6_2.i686.rpm677fc4a02e1da651612f38129904a5e04493b3a51012324a9bb0222fe9018ce8matahari-host-0.4.4-12.el6_2.i686.rpm430bf65e21afd35a254a3ea96c78ea6b60587fe2fcb4782af17eea593c6c9ddbmatahari-lib-0.4.4-12.el6_2.i686.rpm5197f468ada2c9169b5cd8f76ef64e422cae204b690e7f1dc913e4ecbf6f9e7bmatahari-network-0.4.4-12.el6_2.i686.rpmfc9f7d2f955cb50fb43533707d8b008054773434083ecf64e6f4f3f5c18ef051matahari-service-0.4.4-12.el6_2.i686.rpm3bc4a25fb708f7e86a5f583b4ef2b338ea9bd078212db0be769eceac6b45ac9ematahari-sysconfig-0.4.4-12.el6_2.i686.rpm1806759091b9522e39ec48958e1bde10444b963c7644754e09133f98eb460c72SLBA-2012:0512-1This update fixes the following bug: * Previously, the aide utility incorrectly initialized the gcrypt library. This consequently prevented aide to initialize its database if the system was running in FIPS-compliant mode. The initialization routine has been corrected, and along with an extension to the libgcrypt's API introduced in the SLEA-2012:0486 advisory, aide now initializes its database as expected if run in a FIPS-compliant way.Scientific LinuxScientific Linux 6aide-0.14-3.el6_2.2.i686.rpm4011135caa4299f40a6c8da2862b7944a1eb14de4a3d13c56e27872c05605c88SLBA-2012:0525-1This update fixes the following bug: * Qpid APIs using the libpidclient and libpidcommon libraries are not application binary interface (ABI) stable. These dependencies have been removed so that Qpid rebuilds do not affect the libvirt-qmf packages.Scientific LinuxScientific Linux 6libvirt-qmf-0.3.0-7.el6_2.i686.rpma6d29ec1357a0fa00fe2184f25a1339d9d820c4b80618e1c08409fd3228bd28bSLBA-2012:0536-1This update fixes the following bug: * Previously, the underlying library of corosync did not delete temporary buffers used for Inter-Process Communication (IPC) that are stored in the /dev/shm shared memory file system. Therefore, if the user without proper privileges attempted to establish an IPC connection, the attempt failed with an error message as expected but memory allocated for temporary buffers was not released. This could eventually result in /dev/shm being fully used and Denial of Service. This update modifies the coroipcc library to let applications delete temporary buffers if the buffers were not deleted by the corosync server. The /dev/shm file system is no longer cluttered with needless data in this scenario and IPC connections can be established as expected.Scientific LinuxScientific Linux 6corosync-1.4.1-4.el6_2.2.i686.rpmb8bf05baac7768c15a26dc8f73b1243c94790e93141218a42cc07fb37ce3a141corosynclib-1.4.1-4.el6_2.2.i686.rpm75d3a860704aaf4cd941f9ed5897d5e29513a2858524445827e085017f8ddf16corosynclib-devel-1.4.1-4.el6_2.2.i686.rpm2d89b346ef4937c137a87e596f1317e361b6916822a759aeaae9e750e25502d4SLBA-2012:0541-1These updated openswan packages include numerous bug fixes. Documentation of these changes will be available shortly in the Technical Notes document:Scientific LinuxScientific Linux 6openswan-2.6.32-12.el6_2.i686.rpm25ecb98788ef9bb9836d8d2a82b18f4ae882ee59cfbbb9589a6e060cabafa5d3openswan-doc-2.6.32-12.el6_2.i686.rpmb53a4b86c71f434c99ab668440e044b10bf11958ce5c488d85c9e70a8b2134d5SLBA-2012:0548-1This update fixes the following bug: * Previously, fencing a Scientific Linux cluster node with the fence_soap_vmware fence agent running in a virtual machine on VMWare could fail with the following error message: KeyError: 'config.uuid' This was because the fence agent was not able to work with more than one hundred machines in a cluster. With this update, the underlying source code has been modified to support fencing of such clusters.Scientific LinuxScientific Linux 6fence-agents-3.1.5-10.el6_2.3.i686.rpm58023ca52412f155dcd44383d0f6c4b7964b3dc98848b9db2cabb5e6e5966244SLBA-2012:0550-1This update fixes the following bug: * When executing either the "mdir" or "mls" command, the FTP client stores results returned by the server in a specified local file. Previously, when opening the file, the client did not ensure that the mode value it passed to the fopen() function was properly null-terminated. This could cause unpredictable failures. This update ensures that the value is properly null- terminated so that the failures no longer occur in this scenario.Scientific LinuxScientific Linux 6krb5-appl-clients-1.0.1-7.el6_2.1.i686.rpm07895fa517b4bf06612294c38f14618a43c75a7815cbdc2f237dce7e1247d357krb5-appl-servers-1.0.1-7.el6_2.1.i686.rpm917cd85497c46cb8f32a071d1c6ea458784a66d54efcc30cfb93fcc55a35180aSLBA-2012:0552-1This update fixes the following bug: * The irqbalance daemon assigns each interrupt source in the system to a "class", which represents the type of the device (for example Networking, Storage or Media). Previously, irqbalance used the IRQ handler names from the /proc/interrupts file to decide the source class, which caused irqbalance to not recognize network interrupts correctly. As a consequence, systems using biosdevname NIC naming did not have their hardware interrupts distributed and pinned as expected. With this update, the device classification mechanism has been improved, and so ensures a better interrupts distribution.Scientific LinuxScientific Linux 6irqbalance-0.55-30.el6_2.i686.rpmda5389da7bdef65364b7b7fe2f5d5b96204bdb7f6383de8d2173b4f3f8f97caaSLBA-2012:0555-1This update fixes the following bug: * Running the "hostname" command with the "-A, --all-fqdns" or "-I, --all-ip- addresses" option to display all Fully Qualified Domain Names (FQDNs) or network addresses of the host failed with the "Hostname lookup failure" error if the machine's host name was not resolved in DNS. With this update, these options are no longer dependent on name resolution; all FQDNs and network addresses of the host are now displayed as expected even if the host name cannot be resolved or is not included in the /etc/hosts file.Scientific LinuxScientific Linux 6net-tools-1.60-110.el6_2.i686.rpm5234a7c6bcc941aa9cc36e590061d3a7ae87b2ed7dbcfddbfdf6e12c3577bd67SLBA-2012:0556-1This update fixes the following bugs: * An error in the parsing of the "brctl" command's output caused the sosreport utility to log errors on systems with bridged network configurations. The "sosreport" command printed a Python backtrace and certain bridge configuration information was not collected from the system. This update corrects the parsing of the "brctl" command's output so that no backtrace is printed and full bridge configuration data is collected from the system. * Previously, sos used a single fixed path to collect all libvirt logs in one directory. On certain releases of RHEV, the libvirtd.log file could be located in the parent directory and, therefore, the libvirtd.log file was not collected on such systems. The sosreport utility now uses a wildcard character that matches both possible locations for the file. The livirtd.log file is now collected reliably on all supported versions of RHEV. This update also adds the following enhancement: * This update adds a new plug-in that is necessary to collect the requisite logs for the Gluster product. Information is collected from the files located in the /etc/glusterd/ and /var/log/glusterfs/ directories.Scientific LinuxScientific Linux 6sos-2.2-17.el6_2.3.noarch.rpm39f4687bc185afcf47ba794a85ea876d419939800366e28510f598f13df8ea40SLBA-2012:0557-1This update fixes the following bug: * Squid used as a transparent proxy can only handle the HTTP protocol. Previously, when using Squid as a transparent proxy, it was possible to define a URL in which the access protocol contained the asterisk character (*) or an unknown protocol namespace URI (Uniform Resource Identifier). As a consequence, an "Invalid URL" error message was logged in the access.log file during reload time. This update ensures that "http://" is always used in transparent proxy URLs, and error message is no longer logged in this scenario.Scientific LinuxScientific Linux 6squid-3.1.10-1.el6_2.4.i686.rpma79a6a1c4ebe65e93255ddd921f3483a1d3c793b24d6cee00a8d0b74a0cc4058SLBA-2012:0561-1This update fixes the following bug: * When a SIGCHLD signal was received in job control mode and a handler for the signal was installed, Bash called the trap handler within the signal handler itself. This was unsafe and could cause Bash to enter a deadlock or to terminate unexpectedly with a segmentation fault due to memory corruption. With this update, the trap handler is now called outside of the signal handler, and Bash no longer enters a deadlock, neither crashes in this scenario.Scientific LinuxScientific Linux 6bash-4.1.2-9.el6_2.i686.rpm1bdad987fc79de822bb98396b749a869c819578f249335145fc8dea381a8c569bash-doc-4.1.2-9.el6_2.i686.rpm79aa05b8e526081bf34d41e1da5a60d6e08874ecd292deee44f4cf1ef441303bSLBA-2012:0565-1This update fixes the following bugs: * A race condition in the signal handling code caused the sudo process to become unresponsive after receiving the SIGCHLD signal. This update modifies the signal handling to prevent the race condition, which ensures that the sudo process no longer hangs under these circumstances. * The "-l" option is used to list allowed and forbidden commands for the invoking user or for the user specified by the "-U" option. However, previously, the getgrouplist() function incorrectly checked the invoker's group membership instead of the membership of the specified user. Consequently, using the "sudo" command with both the "-l" and "-U" options listed privileges granted to any group the invoker was a member of. The getgrouplist() function has been fixed to properly check the group membership of the intended user rather than checking the invoker's membership. This ensures that the required output is listed when using the "-l" and "-U options.Scientific LinuxScientific Linux 6sudo-1.7.4p5-9.el6_2.i686.rpmcc1ce7651ee833fc5a547209c074089317193c9f137ac6cd224a809d04596c99SLBA-2012:0566-1This update fixes the following bugs: * Previously, glibc looked for an error condition in the wrong location and failed to process a second response buffer in the gaih_getanswer() function. As a consequence, the getaddrinfo() function could not properly return all addresses. This update fixes an incorrect error test condition in gaih_getanswer() so that glibc now correctly parses the second response buffer. The getaddrinfo() function now correctly returns all addresses. * Previously, if the nscd daemon received a CNAME (Canonical Name) record as a response to a DNS (Domain Name System) query, the cached DNS entry adopted the TTL (Time to Live) value of the underlying "A" or "AAAA" response. This caused the nscd daemon to wait for an unexpectedly long time before reloading the DNS entry. With this update, nscd uses the shortest TTL from the response as the TTL value for the entire record. DNS entries are reloaded as expected in this scenario.Scientific LinuxScientific Linux 6glibc-2.12-1.47.el6_2.12.i686.rpm058fa0a882fa5dfe07170449adf7ee2ae2a657b7f9e154c3382301ad2277bcceglibc-common-2.12-1.47.el6_2.12.i686.rpm24d2bb387bcd2c06c962e6d9dd67076895665e8c6af69bc9951a569e9c95b23aglibc-devel-2.12-1.47.el6_2.12.i686.rpm1c10f85f5bc2ec1bbf2ef63ede2b7d2c7146af6be2a67751455c420b0ebf3d57glibc-headers-2.12-1.47.el6_2.12.i686.rpm34b87eed96a6a7c275a61ca34b1ac2857e7cb3429c2f41749b331591886b1888glibc-static-2.12-1.47.el6_2.12.i686.rpm5b7f9358db909abbd46e955fd1ccfceaa2a5f6a44e6848f5b9704393c6825fa5glibc-utils-2.12-1.47.el6_2.12.i686.rpm8028af6693786e745da885113503c7ff5178406fda6ff1ea3214caa066e58adanscd-2.12-1.47.el6_2.12.i686.rpmb72e3fe57e3428b6ebf95048bb5c0a6fbcfc55197ac073c7294fc7596de70ea5SLBA-2012:0673-1This update fixes the following bug: * Previously, the nfsd daemon was started before the mountd daemon. However, nfsd uses mountd to validate file handles. Therefore, if an existing NFS client sent requests to the NFS server when nfsd was started, the client received the ESTALE error causing client applications to fail. This update changes the startup order of the daemons: the mountd daemon is now started first so that it can be correctly used by nfsd, and the client no longer receives the ESTALE error in this scenario.Scientific LinuxScientific Linux 6nfs-utils-1.2.3-15.el6_2.1.i686.rpma2084469a0d6cccd5d9b93caf448b5627409e47b04d75dcbd2a4bdc3631c17ddSLBA-2012:0686-1* After resuming the system or re-enabling the display, an icon could appear in the notification area with an erroneous tooltip that read "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor." and included a URL to an external web page. This error message was incorrect, had no effect on the system and could be safely ignored. In addition, linking to an external URL from the notification and status area is unwanted. To prevent this, the icon is no longer used for debugging idle problems. gnome-power-manager packages, which fix this bug.Scientific LinuxScientific Linux 6gnome-power-manager-2.28.3-6.el6_2.i686.rpmd4706152377549d02f2e34f308c14407fc30d4630f931ac4acd89cfb3e6eb318gnome-power-manager-extra-2.28.3-6.el6_2.i686.rpmf3b26591ad5a3675a437a865a2725a126367cf11420c3e6a7e445c9b36c13479SLBA-2012:0687-1This update fixes the following bugs: * When using multiple shells simultaneously, the command history is saved from all shells in one ".history" file. Previously, when running multiple csh scripts at the same time, lines in the ".history" file could be reordered with different timestamps or some of the entries could disappear, rendering the ".history" file corrupted. As a consequence, start-up scripts could be slowed down. This update implements file locking mechanism that uses shared readers and an exclusive writer to prevent the ".history" file from being corrupted. * Previously, the "anyerror" variable could be selected to set the tcsh exit value behavior. However, "anyerror" is a shell variable and therefore was not propagated to subshells, and could not globally affect csh scripts. This update modifies the tcsh exit value behavior to the default behavior of csh: the new "tcsh_posix_status" variable is now available instead of "anyerror" to allow behavior similar to the POSIX standard.Scientific LinuxScientific Linux 6tcsh-6.17-19.el6_2.i686.rpm792db9a5924f3fb4b448607940677fbc3ef8ded4e4f5c673de22749610e4e6e8SLBA-2012:0703-1This update fixes the following bug: * Due to libatasmart incorrectly calculating the number of bad sectors, certain tools, for example gnome-disk-utility, could erroneously report hard disks with Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T) as failing when logging in GNOME. This update corrects the bad sector calculation, which ensures that tools such as gnome-disk-utility do not report false positive warnings in this scenario.Scientific LinuxScientific Linux 6libatasmart-0.17-4.el6_2.i686.rpmf1760e5bedccba5d37918d8faa507cab3f1634dabeedbb0e445c2df85a69f4b8libatasmart-devel-0.17-4.el6_2.i686.rpm1eb12703eca948323d691cee06c2d4e0095d0eb58ac7e1680254f458d76eb39aSLBA-2012:0708-1This update fixes the following bug: * Previously, the idled daemon incorrectly used signals for communication with the imapd daemon. This could cause a user's mailbox to become unresponsive. To prevent this problem, idled no longer uses signals to communicate with imapd; the AF_UNIX datagram sockets are now used instead.Scientific LinuxScientific Linux 6cyrus-imapd-2.3.16-6.el6_2.5.i686.rpm1f639f7f1231463ac01475e28c72a651a8c772a48c9cc2d3df2d7e6dcd43a457cyrus-imapd-devel-2.3.16-6.el6_2.5.i686.rpmb7e2da64f7a426eee10c24389e17d8260986f16f30f7dba8d72e87123d54c8fecyrus-imapd-utils-2.3.16-6.el6_2.5.i686.rpma9cc721c30c0ad20d715ceb0d22a5b20c10d5a0b7426971086f558780a09d736SLBA-2012:0727-1This update fixes the following bugs: * Due to a locking problem in one of the routines involved in the migration process, migrations could become unresponsive, for example, when repeatedly migrating a domain between two nodes. The locking problem has been fixed with this update, and migrating a guest is now successful in this scenario. * Closing a file descriptor multiple times could, under certain circumstances, lead to a failure to execute the qemu-kvm binary. As a consequence, a guest failed to start. A patch has been applied to address this issue, so that the guest now starts successfully.Scientific LinuxScientific Linux 6libvirt-0.9.4-23.el6_2.9.i686.rpmf71172a7ed3b2c8ff1e559a185746ee27b366a5dd96e443ecbdc5b7b35ffe208libvirt-client-0.9.4-23.el6_2.9.i686.rpm7c1f7183d5874030f0581528ccd040aaf2ac3c36b3248ed8cd46930fc375f522libvirt-devel-0.9.4-23.el6_2.9.i686.rpm6403234b9fd5481f351778e32aa718dcc878a75eb58fd828f53b608a09fb21d2libvirt-lock-sanlock-0.9.4-23.el6_2.9.i686.rpm3924cc58571595ac181bdb2b40dbf2d97ec1b56b4ad063a27c0cf8a2de0a6fc5libvirt-python-0.9.4-23.el6_2.9.i686.rpmad8ff260f165c4757eaf766bd80589b23cd79426594220bb74a0ff2f18f0b10dSLBA-2012:0728-1This update fixes the following bug: * Previously, dcbtool commands could, under certain circumstances, fail to enable the Fibre Channel over Ethernet (FCoE) application type-length-values (TLV) for a selected interface during the installation process. Consequently, various important features might have not been enabled (for example priority flow control, or PFC) by the Data Center Bridging eXchange (DCBX) peer. To prevent such problems, application-specific parameters (such as the FCoE application TLV) in DCBX are now enabled by default.Scientific LinuxScientific Linux 6lldpad-0.9.43-13.el6_2.1.i686.rpm176ba7fc0d793ab4b6797c3c10a344c444368573d936cb36ff3825292db1e525lldpad-devel-0.9.43-13.el6_2.1.i686.rpme47c0632c56a6ff4d3832b938d46263e88a8f46d550084c01645b4b6ec87e34fSLBA-2012:0737-1This update fixes the following bug: * Previously, it was not possible to activate or deactivate debug logs at runtime due to memory corruption in the objdb structure. With this update, the debug logging can now be activated or deactivated on runtime, for example with the command "corosync-objctl -w logging.debug=off".Scientific LinuxScientific Linux 6corosync-1.4.1-4.el6_2.3.i686.rpm260e3c60dac2718ff82261d0ae6f724fd5db5a0522ef205f19dac65f846aa7e8corosynclib-1.4.1-4.el6_2.3.i686.rpm29727d269b5baf6d2d9b49cd21910c68b4f3ec5b7189848ea94f8f7bb895fbe9corosynclib-devel-1.4.1-4.el6_2.3.i686.rpmb11f5111352a037cccf9205dc5c50a351235efa07a28d489e1804e82b525dec0SLBA-2012:0740-1This update fixes the following bug: * Previously, a bug in the handling of IPv6 sockets was present in the apr_mcast_hops() function. This bug could have prevented applications from successfully using multicast with IPv6 sockets. With this update, this bug has been fixed so that the applications now operate correctly.Scientific LinuxScientific Linux 6apr-1.3.9-5.el6_2.i686.rpm2c98ce95ca1b2d83f66112d8f58f9ff7a3fced8d042dd9aa1cb5fc9339d80e73apr-devel-1.3.9-5.el6_2.i686.rpmdfe4bd499921430eaa1382de87ee28d9d020804f10a313bd0bc0971d6cb09e01SLEA-2011:1776-1The rng-tools package contains the random number generator user space utilities, such as the rngd daemon. This update adds the following enhancements: * The startup script and configuration files for the rngd daemon have been added to the /etc/init.d/ and /etc/sysconfig/ directory, respectively.Scientific LinuxScientific Linux 6rng-tools-2-13.el6_2.i686.rpm497d2ca1b2a71ed13fbc7753f89007f30e1d3bcbd65575944888d762307af6baSLEA-2011:1810-1This update fixes the following bugs: * SSSD responders did not verify whether a username string, which was passed to SSSD by a client application, contained any invalid UTF-8 characters. As a consequence, SSSD terminated unexpectedly when trying to pass such a string to the data provider over the D-Bus protocol, and the validation test performed by the libdbus library failed. To prevent this problem from occurring, UTF-8 validity checks on the string have been added in the underlying SSSD code. SSSD now does not accept username strings that are not compliant with UTF-8 encoding so that SSSD no longer crashes. * When establishing a connection to an LDAP server, SSSD did not handle all possible error codes it could receive but only the ETIMEDOUT error code. Therefore, if SSSD received an error code different from ETIMEDOUT, it did not perform the expected failover to another LDAP server and switched to off-line mode. With this update, SSSD has been modified to handle all error codes received on connection attempt. SSSD now tries to connect to all specified LDAP servers and goes off-line only when it fails to connect to all of them.Scientific LinuxScientific Linux 6libipa_hbac-1.5.1-66.el6_2.1.i686.rpm7986676898cb4fdcc439a100404bc4900ade761fa8001848cc1f77f1837fd14dlibipa_hbac-devel-1.5.1-66.el6_2.1.i686.rpm9abdb4386ce2b3d4ecc2aa0f2cd0fedebf2a411bb044f94a071f1a3d8e42b601libipa_hbac-python-1.5.1-66.el6_2.1.i686.rpm20fa99e270248b24e0850c4101a43aaca746262e594ada9e72f24314546d9f4dsssd-1.5.1-66.el6_2.1.i686.rpmca0bfdcfe62bcb346e79a5ebf16d2947e32c5aeac1bc9c2ab117ac3b8f8674f9sssd-client-1.5.1-66.el6_2.1.i686.rpm37adf8ec54f7d0e6b2edd49eaf0c8529e20b836178a83648fd6a99feb1fff018sssd-tools-1.5.1-66.el6_2.1.i686.rpm928d88c8e09d142f6456146e490bc512f4839409f6ba524b158c0060067b9fa9SLEA-2012:0065-1This update adds the following enhancement: * Previously, OpenSSH could use the Advanced Encryption Standard New Instructions (AES-NI) instruction set only with the AES Cipher-block chaining (CBC) cipher. This update adds support for Counter (CTR) mode encryption in OpenSSH so the AES-NI instruction set can now be used efficiently also with the AES CTR cipher.Scientific LinuxScientific Linux 6openssh-5.3p1-70.el6_2.2.i686.rpm20da1d6b049d7f978b610505dfacf25bffa2d21d40e546335cf9abd0c3ad97d2openssh-askpass-5.3p1-70.el6_2.2.i686.rpm409e3ac46771c3ed93d8906b69e74de824beced0c022a2645c26fe4b750e8ab2openssh-clients-5.3p1-70.el6_2.2.i686.rpmbdbd05df249a6f27b3708d25794eb4cc0a7a3246756f4be37ffbb9265ced966fopenssh-ldap-5.3p1-70.el6_2.2.i686.rpm75090d54760e9bd1ee9766c842b5a3316dd34f00a3a196b475e837465a68d815openssh-server-5.3p1-70.el6_2.2.i686.rpm9d612c07fa53e0d65ff871221e2865dd39c5186670649a486bb41cf052f82a39pam_ssh_agent_auth-0.9-70.el6_2.2.i686.rpm749e0d51d8d82ef82b380f58a9afdb7d04bc94dad76160ef793c70cc58545de7SLEA-2012:0327-2The firefox packages have been upgraded from version 3.6.26 to version 10.0.1, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bug: * Previously, with the xulrunner-5.0-2.el6 package installed, the yelp plug-in failed to start and returned the "Could not initialize gecko!" error message. Now, the updated yelp package has been provided and yelp works as expected in the described scenario. Important: Firefox 10 is not completely backwards-compatible with all Mozilla add-ons and Firefox plug-ins that worked with Firefox 3.6. Firefox 10 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. After installing the update, Firefox must be restarted for the changes to take effect.Scientific LinuxtrueScientific Linux 6firefox-10.0.1-1.el6_2.i686.rpmf9fe527476d3da51bdead0c738b8206a53b0a4715f5ebd02c7294e63928a3adaxulrunner-10.0.1-2.el6_2.i686.rpme7990196adb8625ee26ae8c9f6297610c4110ec956fe96735d3bdf7bc37d1c0fxulrunner-devel-10.0.1-2.el6_2.i686.rpm773eb04db8c1f76029622be9cd85e5c3809df46e5ee4b623a44368e502251096yelp-2.28.1-13.el6_2.i686.rpmb1bbd62b27baeabb63882f5553789bcf3de9f93d0322b9bc59a73d6b3b0e5729SLEA-2012:0328-1This update adds the following enhancements: * The passwd command now supports a new option, "-e", that allows the system administrator to expire the password of the specified user so that the user is forced to change the password on the next login attempt. * The passwd executable file is a setuid program so it needs to be well protected against various types of attacks. With this update, passwd has been built with the Position Independent Executables (PIE) flag, "-fPIE -pie", and the full read-only relocations (RELRO) flags, "-Wl,-z,relro,-z,now". The passwd binary is now well protected against "return-to-text" and memory corruption attacks and also against attacks based on the program's ELF section overwriting.Scientific LinuxScientific Linux 6passwd-0.77-4.el6_2.2.i686.rpm2bd56b4999e948c994e1489743db2b472b0714d1fe2a5ec0ac3b6b2840262c8dSLEA-2012:0329-2For Scientific Linux 5, the thunderbird packages have been upgraded from version 2.0.0.24 to version 10.0.1, which provides a number of bug fixes and enhancements over the previous version. For Scientific Linux 6, the thunderbird packages have been upgraded from version 3.1.18 to version 10.0.1, which provides a number of bug fixes and enhancements over the previous version. Important: Thunderbird 10 is not completely backwards-compatible with all Mozilla add-ons and Thunderbird plug-ins that worked with previous versions of Thunderbird. Thunderbird 10 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug- ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. After installing the update, Thunderbird must be restarted for the changes to take effect.Scientific LinuxtrueScientific Linux 6thunderbird-10.0.1-3.el6_2.i686.rpmdf185a0ecc4f1fedaa0f05b1bf715a85f4199dfac561befbf1cd1ef43e535d5aSLEA-2012:0401-1This update adds the following enhancement: * Users are now able to configure the maximum number of open files. This allows the conman daemon to easily manage a large number of nodes.Scientific LinuxScientific Linux 6conman-0.2.5-2.4.el6.i686.rpm0c2e25f7722d05516a4ebf1088751e9e262b5a178136f5c784b35921473d9f10SLEA-2012:0435-1This update adds the following enhancement: * Previously, X server audit messages were not included by default in the X server log. Now, those messages are unconditionally included in the log. Also, with this update, verbose messages are added to the X server log if debugging is enabled in the /etc/gdm/custom.conf file (by setting "Enable=true" in the [debug] section).Scientific LinuxScientific Linux 6gdm-2.30.4-33.el6_2.i686.rpmd4e53cc2bb60a6890f800448d54bcb183d0ab95b065438de0685d1cc26bf065bgdm-libs-2.30.4-33.el6_2.i686.rpmd0ae3521c76411949da28f46b35c708fefb51731b4b7e7a503c5c6106ef64d8fgdm-plugin-fingerprint-2.30.4-33.el6_2.i686.rpm2b79f0bf50ffddbf7d5592cd5dec9eb22fefee63786e65c98d6054fa80faeee9gdm-plugin-smartcard-2.30.4-33.el6_2.i686.rpm313fc80990977ef3b74746829916ac6d81f31f5d6d7b66c040afd80e5203a4a5gdm-user-switch-applet-2.30.4-33.el6_2.i686.rpmc5355972f5e20b76438483adb100e5c5c7c27f18cc5dc672577a3f613200d89fSLEA-2012:0482-1This update adds the following enhancement: * The pam_cracklib is a PAM module for password-quality checking used by various applications. With this update, the pam_cracklib module has been improved with additional password-quality checks. The pam_cracklib module now allows to check whether a new password contains the words from the GECOS field from entries in the "/etc/passwd" file. The GECOS field is used to store additional information about the user, such as the user's full name or a phone number, which could be used by an attacker for an attempt to crack the password. The pam_cracklib module now also allows to specify the maximum allowed number of consecutive characters of the same class (lowercase, uppercase, number and special characters) in a password.Scientific LinuxScientific Linux 6pam-1.1.1-10.el6_2.1.i686.rpm9c55466e209b338296a629b41dbedc887f94d13f88962c8c55fb57e614110cf6pam-devel-1.1.1-10.el6_2.1.i686.rpm5c9d1dd91d9838e83e57afb2fb2b45f117926a6bbcfe7aeace530732c7b541f7SLEA-2012:0486-1This update adds the following enhancement: * With Federal Information Processing Standards (FIPS) mode enabled, the libgcrypt library always started in the soft FIPS mode which allows applications to use the MD5 cryptographic hash algorithm. The libgcrypt API previously did not allow the library to programmatically switch from the soft FIPS mode to the enforced FIPS mode. With this update, if the application does not need MD5 support for the Transport Layer Security (TLS) protocol or non- cryptographic purposes, libgcrypt can be preset in the enforced FIPS mode.Scientific LinuxScientific Linux 6libgcrypt-1.4.5-9.el6_2.2.i686.rpm7e5751df3c583e35c91091fa557f87549d72ac0c7b5debc64a03cce2cfcd87adlibgcrypt-devel-1.4.5-9.el6_2.2.i686.rpm4ed7e85e2b4e46920e13b099e5b5244d575b2a7d7ec4044a49ce4b126355b6efSLEA-2012:0503-1The kmod-bnx2x packages provide temporary drivers for the following hardware beyond what was delivered in Scientific Linux 6.2: Broadcom NetXtreme II BCM5771x/578xx 10/20-Gigabit Ethernet The kmod-bnx2i packages provide temporary drivers for the following hardware beyond what was delivered in Scientific Linux 6.2: Broadcom NetXtreme II BCM570x/5771x/578xx iSCSI The kmod-bnx2fc packages provide temporary drivers for the following hardware beyond what was delivered in Scientific Linux 6.2: Broadcom NetXtreme II BCM5771x/578xx FCoE This enhancement update adds the kmod-bnx2x, kmod-bnx2i and kmod-bnx2fc packages to Scientific Linux 6 as part of the Scientific Linux Driver Update Program (DUP). Unless a system includes the exact hardware supported by kmod-bnx2x, kmod- bnx2i, or kmod-bnx2fc, these packages must not be installed.Scientific LinuxScientific Linux 6kmod-bnx2-2.2.1-1.el6_2.i686.rpm57709132e4d6b2a5614f6f8be0d4a44717e7db0604fd47d5db1a16f062b6598fkmod-bnx2fc-1.0.10-1.el6_2.i686.rpmfcba2f92c17cd038f57f0317298ca8ccd26df09971ab40f83c4661412974be7ckmod-bnx2i-2.7.2.1-1.el6_2.i686.rpm80f54e0a78b949910e9dbc8e0e9db055694c89182f5f4f027dbf3354e3374298kmod-bnx2x-1.72.00_0-1.el6_2.i686.rpmd855aa76499d7948cf1dab1aa0a507ddd11c00809e37e71798bd1a7784530e12kmod-bnx2x-firmware-1.72.00_0-1.el6_2.i686.rpm856526f9c46e3dc7bcf3da2555a1eb3be53504d1053bdf76fbdd3d6706c13802kmod-cnic-2.5.9-1.el6_2.i686.rpm56afe217f6efefba14efdfcd4c8df164faa27aaa2462545ba0f8018c8b7195e6SLEA-2012:0530-1The qpid-cpp, qpid-qmf, qpid-tools, qpid-tests and python-qpid packages have been upgraded to upstream version 0.14, which provide a number of bug fixes and enhancements over the previous version.Scientific LinuxScientific Linux 6python-qpid-0.14-7.el6_2.noarch.rpm2ef9e217ca1c8ebe163497bf0bb4a2e9863a0aefb65283428d2d556356457f10python-qpid-qmf-0.14-7.el6_2.i686.rpm6b0b2ecac370cc2aeb1e0bddca489e44012e0036e8d1c1fc1b3943c93bc0aceeqpid-cpp-client-0.14-14.el6_2.i686.rpm34d0e1d4aa00e60f084ab228e261e584528ac59cde5de3386580f564302c438aqpid-cpp-client-devel-0.14-14.el6_2.i686.rpmc7bb2bccf2b4420e0e2902edd1c15f1b7e2b406545a391a6f4e0f0eba1b9522aqpid-cpp-client-devel-docs-0.14-14.el6_2.noarch.rpmfd8502831ea533eb1db656ef9770982152ee323e2ffbf44ed464a73d51bd7b34qpid-cpp-client-rdma-0.14-14.el6_2.i686.rpm2f2d4b60afd30ca96c8c3724c9a33df78e59cfd481ba855b86fc5ec8becebc2eqpid-cpp-client-ssl-0.14-14.el6_2.i686.rpm9351dcc683b2ada90cbc1e58324d0cb64c06f2e9317169f7cd2c6b4812005aabqpid-cpp-server-0.14-14.el6_2.i686.rpmd19fb22e2a554dfee8e85795e0f073d8e3076685837a26e055f0520bbfc81b89qpid-cpp-server-cluster-0.14-14.el6_2.i686.rpm5d185686472c8ae195169ca6240150d442c3b1d4c0a1a1bdc0acfd36ef23347dqpid-cpp-server-devel-0.14-14.el6_2.i686.rpmf0140cd0acb288b14c90484ee59a353e5b3e9e58621a65fe76859a3ca9e940bcqpid-cpp-server-rdma-0.14-14.el6_2.i686.rpm3a8b2135e90ff69012c74b92832c93756f0c9b350c7c2b00b9e8c117cdafaf95qpid-cpp-server-ssl-0.14-14.el6_2.i686.rpm13ce7b50821dc7699339133846bef3c70b3f3133cf6ff5e2e302df7dfb6b7accqpid-cpp-server-store-0.14-14.el6_2.i686.rpm0a64021ad519b8296ebb08585be45037729abc05f531325d735514fc83723db7qpid-cpp-server-xml-0.14-14.el6_2.i686.rpm89036df4015dd333aa5edc35b1b668d6acbfdb3d9fd4003bdbbfedb24f180e87qpid-qmf-0.14-7.el6_2.i686.rpm4b8d9dfe20cb558896fa6aba169ff8f56a8cd8c6df1b885d527a2d459e538155qpid-qmf-devel-0.14-7.el6_2.i686.rpm138ffc5c353105a06007143a91725271908b384aa9250c40ca791a3086560584qpid-tests-0.14-1.el6_2.noarch.rpm7a0b71b4b34b9a0d7b121168e88ba1896d6aeaff421090b5ca423221af7af9fcqpid-tools-0.14-2.el6_2.noarch.rpm605a2d3f6999a6dd485a77f7d92c1d408de4f4c4666342f2b16a39ab1909783arh-qpid-cpp-tests-0.14-14.el6_2.i686.rpm0d8c32feb6ed9f65d254fdb1d574d3140ffc6778ba4efb6bbe2f494bb3d703ebruby-qpid-qmf-0.14-7.el6_2.i686.rpmf218dd236546e782e0f4e3f86a089f8dc2f569c9a927fb8aceccc0a2924507b0SLEA-2012:0563-1The kmod-snd_hda and kmod-snd_core packages provide kernel modules for controlling Intel High Definition Audio compatible devices. The kmod-snd_hda and kmod-snd_core packages provide temporary drivers for the following hardware beyond what was delivered in Scientific Linux 6.2: * IDT 92HD93 and RealTek ALC 269 HD audio codecs This enhancement update adds the kmod-snd_hda and kmod-snd_core packages to Scientific Linux 6 as part of the Scientific Linux Driver Update Program.Scientific LinuxScientific Linux 6kmod-snd_core-1.0.21.6.3.0-1.el6_2.i686.rpmb6615875486c64a6d1169fde6edca8ccd43c37b5058c1ac9eb1c202d225f670fkmod-snd_hda-1.0.21.6.3.0-1.el6_2.i686.rpmeb6e82f258cb9590655644bfaba10533d49038759748d2bb420295418800c6bfSLEA-2012:0564-1The kmod-tg3 packages provide temporary drivers for the following hardware beyond what was delivered in Scientific Linux 6.2: Broadcom Tigon3 Ethernet This enhancement update adds the kmod-tg3 packages to Scientific Linux 6 as part of the Scientific Linux Driver Update Program (DUP). Unless a system includes the exact hardware explicitly supported by kmod-tg3, these packages must not be installed.Scientific LinuxScientific Linux 6kmod-tg3-3.122-1.el6_2.i686.rpm45a19e404bb46269e5a822ef6b97a235222075b24c624bcc5572b4f48f44d0d6SLEA-2012:0739-1The kmod-mlx4_en, kmod-mlx4_ib and kmod-mlx4_core packages provide kernel modules for controlling Mellanox Technologies ConnectX PCI Express adapters. The kmod-mlx4_en, kmod-mlx4_ib and kmod-mlx4_core packages provide temporary drivers for the following hardware beyond what was delivered in Scientific Linux 6.2: * Mellanox Technologies ConnectX-3 PCI Express adapters This enhancement update adds the kmod-mlx4_en, kmod-mlx4_ib and kmod-mlx4_core packages to Scientific Linux 6 as part of the Scientific Linux Driver Update Program. Due to a bug in the Scientific Linux 6.2 installer, these packages are not used during installation when included on a Driver Update Disk. To work around this problem, switch to the second console by pressing Crtl+Alt+F2 when the graphical welcome screen appears and execute the following commands: rmmod mlx4_en rmmod mlx4_ib rmmod mlx4_core modprobe mlx4_en modprobe mlx4_ib Then switch back by pressing Alt+F6 and continue the installation. Alternatively, copy the commands mentioned above into a kickstart pre- installation script. Unless a system includes the exact hardware explicitly supported by kmod- mlx4_en, kmod-mlx4_ib and kmod-mlx4_core packages, these packages must not be installed.Scientific LinuxScientific Linux 6kmod-mlx4_core-1.1.32.269-1.el6_2.i686.rpmb11f4917bbc7e3bdcbfd93473f2da5452e5127a0872fe7c7318f7328a6748ccdkmod-mlx4_en-2.0.32.269-1.el6_2.i686.rpmbad0a1c69a3aa7c876f0c585ba3beb922dbd90809f2d5a7cca1524eab8e45d46kmod-mlx4_ib-1.0.32.269-1.el6_2.i686.rpm2ebca320020bac88954a2f535057ca9cd77d386e031df8c0ea7103ba05b42fbd