Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Moderate Security Issue in Scientific Linux SL7.x: kexec-tools Risk Alert

Scientific Large Esm H446
Moderate: kexec-tools security, bug fix, and enhancement update
Date: Wed, 13 May 2015 15:27:36 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: kexec-tools on SL7.x x86_64
MIME-Version: 1.0

Synopsis: Moderate: kexec-tools security, bug fix, and enhancement update
Advisory ID: SLSA-2015:0986-1
Issue Date: 2015-05-12
CVE Numbers: CVE-2015-0267
--

It was found that the module-setup.sh script provided by kexec-tools
created temporary files in an insecure way. A malicious, local user could
use this flaw to conduct a symbolic link attack, allowing them to
overwrite the contents of arbitrary files. (CVE-2015-0267)

This update also fixes the following bug:

* On Atomic Host systems, the kdump tool previously saved
kernel crash dumps in the /sysroot/crash file instead of the /var/crash
file. The parsing error that caused this problem has been fixed, and the
kernel crash dumps are now correctly saved in /var/crash.

In addition, this update adds the following enhancement:

* The makedumpfile command now supports the new sadump format that can
represent more than 16 TB of physical memory space. This allows users of
makedumpfile to read dump files over 16 TB, generated by sadump on certain
upcoming server models.
--

SL7
 x86_64
 kexec-tools-2.0.7-19.el7_1.2.x86_64.rpm
 kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm
 kexec-tools-eppic-2.0.7-19.el7_1.2.x86_64.rpm

- Scientific Linux Development Team