Updated thermostat1-thermostat packages that fix one security issue are nowavailable for Red Hat Software Collections 1.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpotJava Virtual Machine (JVM) with support for monitoring multiple JVMinstances.It was discovered that, in certain configurations, the Thermostat agentdisclosed JMX management URLs of all local Java virtual machines to anylocal user. A local, unprivileged user could use this flaw to escalatetheir privileges on the system. (CVE-2014-8120)This issue was discovered by Elliott Baron of Red Hat.All thermostat1-thermostat users are advised to upgrade to these updatedpackages, which contain a backported patch to correct this issue.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
thermostat1-thermostat-1.0.4-60.6.el6.src.rpm
    MD5: c0111902864b5c88d6768d44d5d63bd7SHA-256: bcb6f5267511d0ae5caca8fa3f705e15cb35761d3a815df637cae24de54a67c6
 
x86_64:
thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm
    MD5: e6b1c901db79b38d37cba2b6436e1a3fSHA-256: e3b00844d31c52c16a74fda607b722790d608172af20e3e58d52d76495924957
thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm
    MD5: eea2cbce03a73d6cae3563b53ba9a1ccSHA-256: 8118270341fdf1b6d5fec872cc48668de9f916c91349cde4c46ee6c8b2602c6c
thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm
    MD5: 1837bc932bdcc16209c265b9fd8bf263SHA-256: 01a9f97c4d29a1f34674fa1f8182e52a91c4da7ded87d0c02c7bc3d381425df3
thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm
    MD5: ca86be6c672854b758bd56839ab2cce5SHA-256: d09cb64f67545bbcaebcbe1865635a940df52126e6a62b8369cd7395a435e42d
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
thermostat1-thermostat-1.0.4-70.6.el7.src.rpm
    MD5: d1e462f777855595e789e4819d35b5c5SHA-256: 88b7ebce950ec6936f563c5e0229ec4e54a3bcc4424da8c91de4873b5013c147
 
x86_64:
thermostat1-thermostat-1.0.4-70.6.el7.x86_64.rpm
    MD5: 65ed131c3eec3466d5d6fce428343e35SHA-256: 2297746308d1eb2c36be44041868bf0ff6e2b939602b6bb784affac281ef9b15
thermostat1-thermostat-debuginfo-1.0.4-70.6.el7.x86_64.rpm
    MD5: 5e11807b1380c258fb31a1f419a640d0SHA-256: 0f5ec87805b16f19defd5b94e2aebb4d94b9db2c2ebbd2149ac311193966d0a8
thermostat1-thermostat-javadoc-1.0.4-70.6.el7.noarch.rpm
    MD5: cc93a99f24b2a513c7f11aee0f7e5e21SHA-256: d2715a98e5861d5bb70ac624c07d60866c35f58c5961686c9bcba0f632ea12ad
thermostat1-thermostat-webapp-1.0.4-70.6.el7.noarch.rpm
    MD5: e7a12776447da6ca3d58bf3ed4abdfd6SHA-256: 71ce7d4b7a2e9999ea40e811ad6aedb8bbfb157e76b6febec6206cf2c88b281e
 
(The unlinked packages above are only available from the Red Hat Network)
1168977 – CVE-2014-8120 thermostat: local JMX URL disclosure

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply