RedHat: RHSA-2021-4404:03 Low: kexec-tools security, bug fix,
Summary
The kexec-tools packages contain the /sbin/kexec binary and utilities that
together form the user-space component of the kernel's kexec feature. The
/sbin/kexec binary facilitates a new kernel to boot using the kernel's
kexec feature either on a normal or a panic reboot. The kexec fastboot
mechanism allows booting a Linux kernel from the context of an already
running kernel.
Security Fix(es):
* kexec-tools: incorrect permissions on kdump dmesg file (CVE-2021-20269)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2021-20269 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
Package List
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kexec-tools-2.0.20-57.el8.src.rpm
aarch64:
kexec-tools-2.0.20-57.el8.aarch64.rpm
kexec-tools-debuginfo-2.0.20-57.el8.aarch64.rpm
kexec-tools-debugsource-2.0.20-57.el8.aarch64.rpm
ppc64le:
kexec-tools-2.0.20-57.el8.ppc64le.rpm
kexec-tools-debuginfo-2.0.20-57.el8.ppc64le.rpm
kexec-tools-debugsource-2.0.20-57.el8.ppc64le.rpm
s390x:
kexec-tools-2.0.20-57.el8.s390x.rpm
kexec-tools-debuginfo-2.0.20-57.el8.s390x.rpm
kexec-tools-debugsource-2.0.20-57.el8.s390x.rpm
x86_64:
kexec-tools-2.0.20-57.el8.x86_64.rpm
kexec-tools-debuginfo-2.0.20-57.el8.x86_64.rpm
kexec-tools-debugsource-2.0.20-57.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for kexec-tools is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Bugs Fixed
1892558 - kdump: provide a library API to export suggested crashkernel reservation values
1915819 - perror_exit call inside check_user_configured_target() function is not providing absolute path of dump location upon kdump service failure.
1918499 - kdump initrd generation fails if /boot not writable
1934261 - CVE-2021-20269 kexec-tools: incorrect permissions on kdump dmesg file
1965267 - [RHEL-8.5][ppc64le] makedumpfile failed to copy /proc/kcore that 'get_mm_sparsemem: Can't get the address of mem_section' or output nothing