Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Scientific Linux 5: Kexec-Tools Moderate Security Update and Fixes

Scientific Large Esm H446
Moderate: kexec-tools security, bug fix, and enhancement update
Date: Tue, 6 Mar 2012 14:48:49 -0600
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: Security ERRATA Moderate: kexec-tools on SL5.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Moderate: kexec-tools security, bug fix, and enhancement update
Issue Date: 2012-02-21
CVE Numbers: CVE-2011-3588

The kexec-tools package contains the /sbin/kexec binary and utilities that
together form the user-space component of the kernel's kexec feature. The
/sbin/kexec binary facilitates a new kernel to boot using the kernel's
kexec feature either on a normal or a panic reboot. The kexec fastboot
mechanism allows booting a Linux kernel from the context of an already
running kernel.

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
dumping to SSH targets, causing the target kdump server's SSH host key not
to be checked. This could make it easier for a man-in-the-middle attacker
on the local network to impersonate the kdump SSH target server and
possibly gain access to sensitive information in the vmcore dumps.
(CVE-2011-3588)

The mkdumprd utility created initrd files with world-readable permissions.
A local user could possibly use this flaw to gain access to sensitive
information, such as the private SSH key used to authenticate to a remote
server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

The mkdumprd utility included unneeded sensitive files (such as all files
from the "/root/.ssh/" directory and the host's private SSH keys) in the
resulting initrd. This could lead to an information leak when initrd
files were previously created with world-readable permissions. Note: With
this update, only the SSH client configuration, known hosts files, and the
SSH key configured via the newly introduced sshkey option in
"/etc/kdump.conf" are included in the initrd. The default is the key
generated when running the "service kdump propagate" command,
"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

This updated kexec-tools package also includes numerous bug fixes and
enhancements.

All users of kexec-tools are advised to upgrade to this updated package,
which resolves these security issues, fixes these bugs and adds these
enhancements.

SL5:
 i386
 kexec-tools-1.102pre-154.el5.i386.rpm
 kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm
 x86_64
 kexec-tools-1.102pre-154.el5.x86_64.rpm
 kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm

- Scientific Linux Development Team