Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorysecurity updatebug fixRed Hat Enterprise Linux 5: RHSA-2009:1341-02 Security Fix for Cman
Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: cman security, bug fix, and enhancement update Advisory ID: RHSA-2009:1341-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1341.html Issue date: 2009-09-02 Keywords: cman CVE Names: CVE-2008-4579 CVE-2008-6552 ==================================================================== 1. Summary: Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579, CVE-2008-6552) Bug fixes: * a buffer could overflow if cluster.conf had more than 52 entries per block inside the block. The limit is now 1024. * the output of the group_tool dump subcommands were NULL padded. * using device="" instead of label="" no longer causes qdiskd to incorrectly exit. * the IPMI fencing agent has been modified to time out after 10 seconds. It is also now possible to specify a different timeout value withthe '-t' option. * the IPMI fencing agent now allows punctuation in passwords. * quickly starting and stopping the cman service no longer causes the cluster membership to become inconsistent across the cluster. * an issue with lock syncing caused 'receive_own from' errors to be logged to '/var/log/messages'. * an issue which caused gfs_controld to segfault when mounting hundreds of file systems has been fixed. * the LPAR fencing agent now properly reports status when an LPAR is in Open Firmware mode. * the LPAR fencing agent now works properly with systems using the Integrated Virtualization Manager (IVM). * the APC SNMP fencing agent now properly recognizes outletStatusOn and outletStatusOff return codes from the SNMP agent. * the WTI fencing agent can now connect to fencing devices with no password. * the rps-10 fencing agent now properly performs a reboot when run with no options. * the IPMI fencing agent now supports different cipher types with the '-C' option. * qdisk now properly scans devices and partitions. * cman now checks to see if a new node has state to prevent killing the first node during cluster setup. * 'service qdiskd start' now works properly. * the McData fence agent now works properly with the McData Sphereon 4500 Fabric Switch. * the Egenera fence agent can now specify an SSH login name. * the APC fence agent now works with non-admin accounts when using the 3.5.x firmware. * fence_xvmd now tries two methods to reboot a virtual machine. * connections to OpenAIS are now allowed from unprivileged CPG clients with the user and group of 'ais'. * groupd no longer allows the default fence domain to be '0', which previously caused rgmanager to hang. Now, rgmanager no longer hangs. * the RSA fence agent now supports SSH enabled RSA II devices. * the DRAC fence agent now works with the Integrated Dell Remote Access Controller (iDRAC) on Dell PowerEdge M600 blade servers. * fixed a memory leak in cman. * qdisk now displays a warning if more than one label is found with the samename. * the DRAC5 fencing agent now shows proper usage instructions for the '-D' option. * cman no longer uses the wrong node name when getnameinfo() fails. * the SCSI fence agent now verifies that sg_persist is installed. * the DRAC5 fencing agent now properly handles modulename. * QDisk now logs warning messages if it appears its I/O to shared storage is hung. * fence_apc no longer fails with a pexpect exception. * removing a node from the cluster using 'cman_tool leave remove' now properly reduces the expected_votes and quorum. * a semaphore leak in cman has been fixed. * 'cman_tool nodes -F name' no longer segfaults when a node is out of membership. Enhancements: * support for: ePowerSwitch 8+ and LPAR/HMC v3 devices, Cisco MDS 9124 and MDS 9134 SAN switches, the virsh fencing agent, and broadcast communication with cman. * fence_scsi limitations added to fence_scsi man page. Users of cman are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 276541 - fence_impilan blocks alternative fencing agents when connectivity to IPMI fails. 322291 - rps-10 fence agent does not perform default reboot action 447497 - RFE: support for IPMI v2.0 ciphersuites in fence_ipmilan 447964 - fence_ipmilan does not handle punctuation in password 467386 - CVE-2008-4579 cman/fence: insecure temporary file usage in the apc fence agents 468966 - Possible buffer overflow in cman config loader can lead to memory corruption 472460 - cman_tool nodes -F name segfaults when a node is out of membership 472786 - cluster view inconsistent after "service cman stop; service cman start" 473961 - clvmd memory leak 474163 - gfs_controld: receive_own from N messages withplock_ownership enabled 480178 - fence_xvmd Fails to Reboot VM 480401 - gfs_controld segfault during multiple mount attempt 480836 - [RFE] Add support for Cisco 9124 and 9134 SAN switches as fence devices 481566 - [PATCH] /sbin/fence_lpar - properly report status on systems in Open Firmware 481664 - fence_wti is unable to connect to (password-less) fencing device 484095 - fence_apc_snmp: invalid status outletStatusOff 484956 - qdiskd does not prune partitions mapped to dm-mpio devices 485026 - Cman kills first node in initial cluster setup 485199 - 'service qdiskd restart' doesn't work 485469 - Normal users cannot run CPG clients if openais is started by cman. 485700 - fence_lpar doesn't work with hmc version 3 487436 - Qdisk should choose first disk if multiple disks containing same label exist 487501 - Exceptions in fencing agents 488565 - cman uses local node name for lookup during start up 488958 - GFS: Allow fence_egenera to specify ssh login name 491640 - APC Fence Agent does not work with non-admin account 493165 - group_tool ls fence returns one for fence id ZERO 493207 - groupd assigns zero group id 493802 - [RFE] Providing support for ssh enabled RSA II fence devices 496629 - [RFE] Include fence_virsh along with the present agents 496724 - fence_drac5 uses module_name instead of modulename 498329 - fence_drac5 help output shows incorrect usage 499767 - groupd segfaults on start 500450 - qdiskd I/O hang reporting 500567 - Flag added to openais to report security errors causes cman not to build 501586 - fence agents (fence_apc, fence_wti) fails with pexpect exception 502674 - fence_lpar can't log in to IVM systems 504705 - fence_lpar: lssyscfg command on HMC can take longer than SHELL_TIMEOUT 505258 - cman_tool leave remove does not reduce quorum 505594 - semaphore leak during cluster startup/shutdown cycle 512998 - Fence_scsi limitations man page fix needed 514758 - [RHEL5][cman] fence_apc_snmp: local variable 'verbose_filename' referenced before assignment 519436 - CVE-2008-6552 cman, gfs2-utils,rgmanager: multiple insecure temporary file use issues 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: i386: cman-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.i386.rpm x86_64: cman-2.0.115-1.el5.x86_64.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.x86_64.rpm cman-devel-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: cman-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.i386.rpm ia64: cman-2.0.115-1.el5.ia64.rpm cman-debuginfo-2.0.115-1.el5.ia64.rpm cman-devel-2.0.115-1.el5.ia64.rpm ppc: cman-2.0.115-1.el5.ppc.rpm cman-debuginfo-2.0.115-1.el5.ppc.rpm cman-debuginfo-2.0.115-1.el5.ppc64.rpm cman-devel-2.0.115-1.el5.ppc.rpm cman-devel-2.0.115-1.el5.ppc64.rpm s390x: cman-2.0.115-1.el5.s390x.rpm cman-debuginfo-2.0.115-1.el5.s390.rpm cman-debuginfo-2.0.115-1.el5.s390x.rpm cman-devel-2.0.115-1.el5.s390.rpm cman-devel-2.0.115-1.el5.s390x.rpm x86_64: cman-2.0.115-1.el5.x86_64.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.x86_64.rpm cman-devel-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2008-4579 https://www.cve.org/CVERecord?id=CVE-2008-6552 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniLhXlSAg2UNWIIRAtAOAJ0SrFjaDs000GRLzUBIVXmP0EOnhgCgpvoq x+uMGBr8XX8kuPre5qpRyLE=e/BF -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 02, 2009
•Low
Red Hat
89
security advisoryFedoracritical updateFedora 9: 2008-9042 Critical: Cman File Usage Issues Fix
This update includes security fixes for: CVE-2008-4192 CVE-2008-4579 among many other upstream bug fixes.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2008-9042 2008-10-23 16:01:35 --------------------------------------------------------------------------------Name : cman Product : Fedora 9 Version : 2.03.08 Release : 1.fc9 URL : Summary : CMAN - The Cluster Manager Description : CMAN - The Cluster Manager --------------------------------------------------------------------------------Update Information: This update includes security fixes for: CVE-2008-4192 CVE-2008-4579 among many other upstream bug fixes. --------------------------------------------------------------------------------ChangeLog: * Tue Oct 21 2008 Fabio M. Di Nitto - 2.03.08-1 - New upstream release Fix rhbz#460376 CVE-2008-4192 Fix rhbz#467386 CVE-2008-4579 - cleanup/update patches to match 2.6.26 kernel in F-9 - add /var/log/cluster to the package --------------------------------------------------------------------------------References: [ 1 ] Bug #460476 - CVE-2008-4192 cman/fence: insecure temporary file usage in the egenera fence agent https://bugzilla.redhat.com/show_bug.cgi?id=460476 [ 2 ] Bug #467386 - CVE-2008-4579 cman/fence: insecure temporary file usage in the apc fence agents https://bugzilla.redhat.com/show_bug.cgi?id=467386 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update cman' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Oct 23, 2008
•Critical
Fedora
98
security advisorydenial of servicebuffer overflowRed Hat Enterprise Linux 5 RHSA-2007:0559-01 Critical: Cman Buffer Overflow
Updated cman packages that correct a security issue are now available for Red Hat Enterprise Linux 5.A flaw was found in the cman daemon. A local attacker could connect to the cman daemon and trigger a static buffer overflow leading to a denial of service or, potentially, an escalation of privileges This update has been rated as having important security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: cman security update Advisory ID: RHSA-2007:0559-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0559.html Issue date: 2007-06-28 Updated on: 2007-06-28 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3374 - ---------------------------------------------------------------------1. Summary: Updated cman packages that correct a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: cman is the Red Hat Cluster Manager. A flaw was found in the cman daemon. A local attacker could connect to the cman daemon and trigger a static buffer overflow leading to a denial of service or, potentially, an escalation of privileges. (CVE-2007-3374) Users of Cluster Manager should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed(http://bugzilla.redhat.com/): 244891 - CVE-2007-3374 possible buffer overflow could cause local DoS by crashing cman 6. RPMs required: RHEL Desktop Workstation (v. 5 client): SRPMS: 1fcc797abeb94c5822f21ad4a851aab2 cman-2.0.64-1.0.1.el5.src.rpm i386: fae8fdb3d0ce291b73e386013273e58e cman-2.0.64-1.0.1.el5.i386.rpm 6371c048892e75240e3a415e703ec8b8 cman-debuginfo-2.0.64-1.0.1.el5.i386.rpm 14b0724782b621886026c0cd342ba733 cman-devel-2.0.64-1.0.1.el5.i386.rpm x86_64: de0045b6cf4b0b1965a06ae63272252e cman-2.0.64-1.0.1.el5.x86_64.rpm 6371c048892e75240e3a415e703ec8b8 cman-debuginfo-2.0.64-1.0.1.el5.i386.rpm 6911cdbfdff203e9376115bdb23b2417 cman-debuginfo-2.0.64-1.0.1.el5.x86_64.rpm 14b0724782b621886026c0cd342ba733 cman-devel-2.0.64-1.0.1.el5.i386.rpm 0310e2f5055a9e5b7fbb35dfdfa6f8bb cman-devel-2.0.64-1.0.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: 1fcc797abeb94c5822f21ad4a851aab2 cman-2.0.64-1.0.1.el5.src.rpm i386: fae8fdb3d0ce291b73e386013273e58e cman-2.0.64-1.0.1.el5.i386.rpm 6371c048892e75240e3a415e703ec8b8 cman-debuginfo-2.0.64-1.0.1.el5.i386.rpm 14b0724782b621886026c0cd342ba733 cman-devel-2.0.64-1.0.1.el5.i386.rpm ia64: 9774f665b8af6b784660348b5b6dab64 cman-2.0.64-1.0.1.el5.ia64.rpm 6de561ee1c0c6ee534108bc8dba119aa cman-debuginfo-2.0.64-1.0.1.el5.ia64.rpm bddaad0ff171cb92671d157309e44e7b cman-devel-2.0.64-1.0.1.el5.ia64.rpm ppc: a89444882d12337cb6cb3a8a328f5c9b cman-2.0.64-1.0.1.el5.ppc.rpm 105b1aa47879285203895d29aaf81a9b cman-debuginfo-2.0.64-1.0.1.el5.ppc.rpm a6a449888f141541f61402a00dee8467 cman-debuginfo-2.0.64-1.0.1.el5.ppc64.rpm e9df7cfc0ed760455867b7a454f15beb cman-devel-2.0.64-1.0.1.el5.ppc.rpm 1e035386019255d5e24724230d99dcbd cman-devel-2.0.64-1.0.1.el5.ppc64.rpm s390x: dd30779b292d16e80f6430ded4420cba cman-2.0.64-1.0.1.el5.s390x.rpm 0ebb254e184ac68d5a1c280e9ad75c6c cman-debuginfo-2.0.64-1.0.1.el5.s390.rpm e68803a4c83b46e799e7c10e8c5f187f cman-debuginfo-2.0.64-1.0.1.el5.s390x.rpm d7d6b697e58cf728a22d401155571d7a cman-devel-2.0.64-1.0.1.el5.s390.rpm 8d7665f0a81ffa094d145ace6bec2218 cman-devel-2.0.64-1.0.1.el5.s390x.rpm x86_64: de0045b6cf4b0b1965a06ae63272252e cman-2.0.64-1.0.1.el5.x86_64.rpm 6371c048892e75240e3a415e703ec8b8 cman-debuginfo-2.0.64-1.0.1.el5.i386.rpm 6911cdbfdff203e9376115bdb23b2417 cman-debuginfo-2.0.64-1.0.1.el5.x86_64.rpm 14b0724782b621886026c0cd342ba733 cman-devel-2.0.64-1.0.1.el5.i386.rpm 0310e2f5055a9e5b7fbb35dfdfa6f8bb cman-devel-2.0.64-1.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-3374 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. . Crucial security enhancements for Red Hat cman components have been released to address a buffer overflow vulnerability that threatens system reliability.. Cman Security Update, Red Hat Patches, Local DoS Attack, Privilege Escalation Fix. . Severity: Important. LinuxSecurity.com Team
Jun 29, 2007
•Important
Red Hat
89
security advisorymoderateupdateFedora Core 4 FEDORA-2005-462 Moderate Cman 1.0.0 Update
Updated upstream sources.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-462 2005-06-29 ---------------------------------------------------------------------Product : Fedora Core 4 Name : cman Version : 1.0.0 Release : 1 Summary : cman - The Cluster Manager Description : cman - The Cluster Manager ---------------------------------------------------------------------Update Information: Updated upstream sources. ------------------------------------------------------------------------------------------------------------------------------------------This update can be downloaded from: 29ea0f705826662526852954fcc99dfb SRPMS/cman-1.0.0-1.src.rpm bfb618fe1308e0633bb5f8faf6f1d7e1 ppc/cman-1.0.0-1.ppc.rpm 45760d6e18fe71734daae4e2a251fef2 ppc/debug/cman-debuginfo-1.0.0-1.ppc.rpm e097e206595d5233b7ea4328f8433464 x86_64/cman-1.0.0-1.x86_64.rpm a66f2db456ef73e5bdb177cf6b76c65e x86_64/debug/cman-debuginfo-1.0.0-1.x86_64.rpm 839456ff94bbe022cbac474105cf1e10 i386/cman-1.0.0-1.i386.rpm b3b475b9491dfdf67ab28dc8c1335b15 i386/debug/cman-debuginfo-1.0.0-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jun 29, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!