Date:         Wed, 8 Apr 2009 15:14:14 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: device-mapper-multipath on SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: device-mapper-multipath security update
Issue date:	2009-04-07
CVE Names:	CVE-2009-0115

It was discovered that the multipathd daemon set incorrect permissions 
on the socket used to communicate with command line clients. An 
unprivileged, local user could use this flaw to send commands to 
multipathd, resulting in access disruptions to storage devices 
accessible via multiple paths and, possibly, file system corruption on 
these devices. (CVE-2009-0115)

The multipathd service must be restarted for the changes to take effect.

Important: the version of the multipathd daemon in Scientific Linux 5 
has a known issue which may cause a machine to become unresponsive when 
the multipathd service is stopped.  Until this issue is resolved, we 
recommend restarting the multipathd service by issuing the following 
commands in sequence:

        # killall -KILL multipathd

        # service multipathd restart


SL 4.x

      SRPMS:
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm
      i386:
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm
      x86_64:
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm

SL 5.x

      SRPMS:
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm
      i386:
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm
kpartx-0.4.7-23.el5_3.2.i386.rpm
      x86_64:
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm
kpartx-0.4.7-23.el5_3.2.x86_64.rpm

-Connie Sieh
-Troy Dawson