Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
91
security advisoryprivilege escalationgentoo linuxGentoo Linux GLSA-201110-18 Normal: rgmanager Privilege Escalation
A vulnerability was found in rgmanager, allowing for privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: rgmanager: Privilege escalation Date: October 22, 2011 Bugs: #352213 ID: 201110-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was found in rgmanager, allowing for privilege escalation. Background ========= rgmanager is a clustered resource group manager. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/rgmanager < 2.03.09-r1 > = 2.03.09-r1 Description ========== A vulnerability has been discovered in rgmanager. Please review the CVE identifier referenced below for details. Impact ===== A local attacker could gain escalated privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All rgmanager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =sys-cluster/rgmanager-2.03.09-r1" References ========= [ 1 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201110-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressedto
Oct 22, 2011
Gentoo
98
security advisorysecurity issueupdateRed Hat Enterprise Linux 5: RHSA-2011:1000-01 Low: rgmanager Security Issue
An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: rgmanager security, bug fix, and enhancement update Advisory ID: RHSA-2011:1000-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1000.html Issue date: 2011-07-21 CVE Names: CVE-2010-3389 ==================================================================== 1. Summary: An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides the ability to create and manage high-availability server applications in the event of system downtime. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting this issue. This update also fixes the following bugs: * The failover domain "nofailback" option was not honored if a service was in the "starting"state. This bug has been fixed. (BZ#669440) * PID files with white spaces in the file name are now handled correctly. (BZ#632704) * The /usr/sbin/rhev-check.sh script can now be used from within Cron. (BZ#634225) * The clustat utility now reports the correct version. (BZ#654160) * The oracledb.sh agent now attempts to try the "shutdown immediate" command instead of using the "shutdown abort" command. (BZ#633992) * The SAPInstance and SAPDatabase scripts now use proper directory name quoting so they no longer collide with directory names like "/u". (BZ#637154) * The clufindhostname utility now returns the correct value in all cases. (BZ#592613) * The nfsclient resource agent now handles paths with trailing slashes correctly. (BZ#592624) * The last owner of a service is now reported correctly after a failover. (BZ#610483) * The /usr/share/cluster/fs.sh script no longer runs the "quotaoff" command if quotas were not configured. (BZ#637678) * The "listen" line in the /etc/httpd/conf/httpd.conf file generated by the Apache resource agent is now correct. (BZ#675739) * The tomcat-5 resource agent no longer generates incorrect configurations. (BZ#637802) * The time required to stop an NFS resource when the server is unavailable has been reduced. (BZ#678494) * When using exclusive prioritization, a higher priority service now preempts a lower priority service after status check failures. (BZ#680256) * The postgres-8 resource agent now correctly detects failed start operations. (BZ#663827) * The handling of reference counts passed by rgmanager to resource agents now works properly, as expected. (BZ#692771) As well, this update adds the following enhancements: * It is now possible to disable updates to static routes by the IP resource agent. (BZ#620700) * It is now possible to use XFS as a file system within a cluster service. (BZ#661893) * It is now possible to use the "clustat" command as a non-root user, so long as that user is in the "root" group. (BZ#510300) * It is now possible to migrate virtualmachines when central processing is enabled. (BZ#525271) * The rgmanager init script will now delay after stopping services in order to allow time for other nodes to restart them. (BZ#619468) * The handling of failed independent subtrees has been corrected. (BZ#711521) All users of Red Hat Resource Group Manager are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 592613 - clufindhostname -i returns random value 592624 - nfsclient exports doens't work. 610483 - last_owner is not correctly updated on service reallocarion on failover 632704 - If whitespace in mysql resource name then pid file is not found 634225 - rhev-check.sh needs /usr/sbin in path 637154 - SAPInstance and SAPDatabase fail to start/stop/status if /u exists 637678 - service failover hangs at quotaoff in /usr/share/cluster/fs.sh 637802 - Fix problems in generated config file for tomcat-5 639044 - CVE-2010-3389 rgmanager: insecure library loading vulnerability 654160 - clustat -v reports "clustat version DEVEL" on release package 661893 - Support/testing of XFS filesystem as part of RHEL Cluster 663827 - postgres-8 resource agent does not detect a failed start of postgres server 669440 - Service will failback on "nofailback" failover domain if service is in "starting" state 675739 - Listen line in generated httpd.conf incorrect 678494 - netfs.sh patch, when network is lost it takes too long to unmount the NFS filesystems 680256 - Service with highest exclusive prio should be relocated to another node with lower exclusive prio 711521 - Dependencies in independent_tree resources does not work as expected 6. PackageList: RHEL Clustering (v. 5 server): Source: i386: rgmanager-2.0.52-21.el5.i386.rpm rgmanager-debuginfo-2.0.52-21.el5.i386.rpm ia64: rgmanager-2.0.52-21.el5.ia64.rpm rgmanager-debuginfo-2.0.52-21.el5.ia64.rpm ppc: rgmanager-2.0.52-21.el5.ppc.rpm rgmanager-debuginfo-2.0.52-21.el5.ppc.rpm x86_64: rgmanager-2.0.52-21.el5.x86_64.rpm rgmanager-debuginfo-2.0.52-21.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3389 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCnlXlSAg2UNWIIRAufKAKC7sejax1sWiGL0AthPm4yWLdD7bgCgsCka lzuPnpDzCO52dNDz+iNi1tg=M56t -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 21, 2011
•Low
Red Hat
98
security advisorysecurity issuebug fixRed Hat 5: RHSA-2011:1000-01 Low Severity rgmanager Security Update
An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: rgmanager security, bug fix, and enhancement update Advisory ID: RHSA-2011:1000-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1000.html Issue date: 2011-07-21 CVE Names: CVE-2010-3389 ==================================================================== 1. Summary: An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides the ability to create and manage high-availability server applications in the event of system downtime. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting this issue. This update also fixes the following bugs: * The failover domain "nofailback" option was not honored if a service was in the "starting" state. This bug has been fixed. (BZ#669440) * PID files with white spaces in the file name are now handledcorrectly. (BZ#632704) * The /usr/sbin/rhev-check.sh script can now be used from within Cron. (BZ#634225) * The clustat utility now reports the correct version. (BZ#654160) * The oracledb.sh agent now attempts to try the "shutdown immediate" command instead of using the "shutdown abort" command. (BZ#633992) * The SAPInstance and SAPDatabase scripts now use proper directory name quoting so they no longer collide with directory names like "/u". (BZ#637154) * The clufindhostname utility now returns the correct value in all cases. (BZ#592613) * The nfsclient resource agent now handles paths with trailing slashes correctly. (BZ#592624) * The last owner of a service is now reported correctly after a failover. (BZ#610483) * The /usr/share/cluster/fs.sh script no longer runs the "quotaoff" command if quotas were not configured. (BZ#637678) * The "listen" line in the /etc/httpd/conf/httpd.conf file generated by the Apache resource agent is now correct. (BZ#675739) * The tomcat-5 resource agent no longer generates incorrect configurations. (BZ#637802) * The time required to stop an NFS resource when the server is unavailable has been reduced. (BZ#678494) * When using exclusive prioritization, a higher priority service now preempts a lower priority service after status check failures. (BZ#680256) * The postgres-8 resource agent now correctly detects failed start operations. (BZ#663827) * The handling of reference counts passed by rgmanager to resource agents now works properly, as expected. (BZ#692771) As well, this update adds the following enhancements: * It is now possible to disable updates to static routes by the IP resource agent. (BZ#620700) * It is now possible to use XFS as a file system within a cluster service. (BZ#661893) * It is now possible to use the "clustat" command as a non-root user, so long as that user is in the "root" group. (BZ#510300) * It is now possible to migrate virtual machines when central processing is enabled. (BZ#525271) * The rgmanager init script will now delay afterstopping services in order to allow time for other nodes to restart them. (BZ#619468) * The handling of failed independent subtrees has been corrected. (BZ#711521) All users of Red Hat Resource Group Manager are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 592613 - clufindhostname -i returns random value 592624 - nfsclient exports doens't work. 610483 - last_owner is not correctly updated on service reallocarion on failover 632704 - If whitespace in mysql resource name then pid file is not found 634225 - rhev-check.sh needs /usr/sbin in path 637154 - SAPInstance and SAPDatabase fail to start/stop/status if /u exists 637678 - service failover hangs at quotaoff in /usr/share/cluster/fs.sh 637802 - Fix problems in generated config file for tomcat-5 639044 - CVE-2010-3389 rgmanager: insecure library loading vulnerability 654160 - clustat -v reports "clustat version DEVEL" on release package 661893 - Support/testing of XFS filesystem as part of RHEL Cluster 663827 - postgres-8 resource agent does not detect a failed start of postgres server 669440 - Service will failback on "nofailback" failover domain if service is in "starting" state 675739 - Listen line in generated httpd.conf incorrect 678494 - netfs.sh patch, when network is lost it takes too long to unmount the NFS filesystems 680256 - Service with highest exclusive prio should be relocated to another node with lower exclusive prio 711521 - Dependencies in independent_tree resources does not work as expected 6. Package List: RHEL Clustering (v. 5server): Source: i386: rgmanager-2.0.52-21.el5.i386.rpm rgmanager-debuginfo-2.0.52-21.el5.i386.rpm ia64: rgmanager-2.0.52-21.el5.ia64.rpm rgmanager-debuginfo-2.0.52-21.el5.ia64.rpm ppc: rgmanager-2.0.52-21.el5.ppc.rpm rgmanager-debuginfo-2.0.52-21.el5.ppc.rpm x86_64: rgmanager-2.0.52-21.el5.x86_64.rpm rgmanager-debuginfo-2.0.52-21.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3389 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. . Uncover the latest Red Hat Bulletin regarding rgmanager's security patches, bug resolutions, and functionality improvements just released for RHEL 5.. rgmanager Update, Red Hat Advisory, Bug Fixes. . Severity: Low. LinuxSecurity.com Team
Jul 21, 2011
•Low
Red Hat
200
security advisoryfile overwritelocal attackScientific Linux: 2011:0021 Low: rgmanager Multiple Security Fixes
Low: rgmanager security and bug fix update. Date: Thu, 24 Feb 2011 13:46:31 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Low: rgmanager on SL4.x i386/x86_64 Comments: To: "
Feb 24, 2011
•Low
Scientific Linux
98
security advisorysecurity issuebug fixRed Hat: RHSA-2011:0264-01 Low: rgmanager Security and Bug Fix
An updated rgmanager package that fixes multiple security issues and several bugs is now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: rgmanager security and bug fix update Advisory ID: RHSA-2011:0264-01 Product: Red Hat Cluster Suite Advisory URL: https://access.redhat.com/errata/RHSA-2011:0264.html Issue date: 2011-02-16 CVE Names: CVE-2008-6552 CVE-2010-3389 ==================================================================== 1. Summary: An updated rgmanager package that fixes multiple security issues and several bugs is now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Cluster Suite 4AS - i386, ia64, ppc, x86_64 Red Hat Cluster Suite 4ES - i386, ia64, x86_64 Red Hat Cluster Suite 4WS - i386, ia64, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications. Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552) It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able totrick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting the CVE-2010-3389 issue. This update also fixes the following bugs: * Previously, starting threads could incorrectly include a reference to an exited thread if that thread exited when rgmanager received a request to start a new thread. Due to this issue, the new thread did not retry and entered an infinite loop. This update ensures that new threads do not reference old threads. Now, new threads no longer enter an infinite loop in which the rgmanager enables and disables services without failing gracefully. (BZ#502872) * Previously, nfsclient.sh left temporary nfsclient-status-cache-$$ files in /tmp/. (BZ#506152) * Previously, the function local_node_name in /resources/utils/member_util.sh did not correctly check whether magma_tool failed. Due to this issue, empty strings could be returned. This update checks the input and rejects empty strings. (BZ#516758) * Previously, the file system agent could kill a process when an application used a mount point with a similar name to a mount point managed by rgmanager using force_unmount. With this update, the file system agent kills only the processes that access the mount point managed by rgmanager. (BZ#555901) * Previously, simultaneous execution of "lvchange --deltag" from /etc/init.d/rgmanager caused a checksum error on High Availability Logical Volume Manager (HA-LVM). With this update, ownership of LVM tags is checked before removing them. (BZ#559582) * Previously, the isAlive check could fail if two nodes used the same file name. With this update, the isAlive function prevents two nodes from using the same file name. (BZ#469815) * Previously, the S/Lang code could lead to unwanted S/Lang stack leaks during event processing. (BZ#507430) All users of rgmanager are advised to upgrade to this updatedpackage, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 469815 - clurgmgrd[15993]: status on clusterfs "gfs" returned 1 (generic error) 498985 - rgmanager is affected by several symlink attack vulnerabilities 506152 - nfsclient.sh leaves temporary files /tmp/nfsclient-status-cache-$$ 507430 - S/Lang stack / memory leaks 516758 - rgmanager: local_node_name does not check if magma_tool failed. 519436 - CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues 555901 - fs.sh can kill processes that are not on the mount point which is being unmounted 639044 - CVE-2010-3389 rgmanager: insecure library loading vulnerability 6. Package List: Red Hat Cluster Suite 4AS: Source: i386: rgmanager-1.9.88-2.el4.i386.rpm rgmanager-debuginfo-1.9.88-2.el4.i386.rpm ia64: rgmanager-1.9.88-2.el4.ia64.rpm rgmanager-debuginfo-1.9.88-2.el4.ia64.rpm ppc: rgmanager-1.9.88-2.el4.ppc64.rpm rgmanager-debuginfo-1.9.88-2.el4.ppc64.rpm x86_64: rgmanager-1.9.88-2.el4.x86_64.rpm rgmanager-debuginfo-1.9.88-2.el4.x86_64.rpm Red Hat Cluster Suite 4ES: Source: i386: rgmanager-1.9.88-2.el4.i386.rpm rgmanager-debuginfo-1.9.88-2.el4.i386.rpm ia64: rgmanager-1.9.88-2.el4.ia64.rpm rgmanager-debuginfo-1.9.88-2.el4.ia64.rpm x86_64: rgmanager-1.9.88-2.el4.x86_64.rpm rgmanager-debuginfo-1.9.88-2.el4.x86_64.rpm Red Hat Cluster Suite 4WS: Source: i386: rgmanager-1.9.88-2.el4.i386.rpm rgmanager-debuginfo-1.9.88-2.el4.i386.rpm ia64: rgmanager-1.9.88-2.el4.ia64.rpm rgmanager-debuginfo-1.9.88-2.el4.ia64.rpm x86_64: rgmanager-1.9.88-2.el4.x86_64.rpm rgmanager-debuginfo-1.9.88-2.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2008-6552 https://access.redhat.com/security/cve/CVE-2010-3389 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNW/CaXlSAg2UNWIIRAonpAJ9BaU7Y+6qXzBY5oiQ4PgQFDpQrMQCgrrAw g+llk7ovrBjO2zjH2U/tuSg=lug0 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 16, 2011
•Low
Red Hat
98
security advisorysecurity issuebug fixRed Hat Cluster Suite 4: RHSA-2011:0264-01 Low Severity rgmanager Update
An updated rgmanager package that fixes multiple security issues and several bugs is now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: rgmanager security and bug fix update Advisory ID: RHSA-2011:0264-01 Product: Red Hat Cluster Suite Advisory URL: https://access.redhat.com/errata/RHSA-2011:0264.html Issue date: 2011-02-16 CVE Names: CVE-2008-6552 CVE-2010-3389 ==================================================================== 1. Summary: An updated rgmanager package that fixes multiple security issues and several bugs is now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Cluster Suite 4AS - i386, ia64, ppc, x86_64 Red Hat Cluster Suite 4ES - i386, ia64, x86_64 Red Hat Cluster Suite 4WS - i386, ia64, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications. Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552) It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could usethis flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting the CVE-2010-3389 issue. This update also fixes the following bugs: * Previously, starting threads could incorrectly include a reference to an exited thread if that thread exited when rgmanager received a request to start a new thread. Due to this issue, the new thread did not retry and entered an infinite loop. This update ensures that new threads do not reference old threads. Now, new threads no longer enter an infinite loop in which the rgmanager enables and disables services without failing gracefully. (BZ#502872) * Previously, nfsclient.sh left temporary nfsclient-status-cache-$$ files in /tmp/. (BZ#506152) * Previously, the function local_node_name in /resources/utils/member_util.sh did not correctly check whether magma_tool failed. Due to this issue, empty strings could be returned. This update checks the input and rejects empty strings. (BZ#516758) * Previously, the file system agent could kill a process when an application used a mount point with a similar name to a mount point managed by rgmanager using force_unmount. With this update, the file system agent kills only the processes that access the mount point managed by rgmanager. (BZ#555901) * Previously, simultaneous execution of "lvchange --deltag" from /etc/init.d/rgmanager caused a checksum error on High Availability Logical Volume Manager (HA-LVM). With this update, ownership of LVM tags is checked before removing them. (BZ#559582) * Previously, the isAlive check could fail if two nodes used the same file name. With this update, the isAlive function prevents two nodes from using the same file name. (BZ#469815) * Previously, the S/Lang code could lead to unwanted S/Lang stack leaks during event processing. (BZ#507430) All users of rgmanager are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure allpreviously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 469815 - clurgmgrd[15993]: status on clusterfs "gfs" returned 1 (generic error) 498985 - rgmanager is affected by several symlink attack vulnerabilities 506152 - nfsclient.sh leaves temporary files /tmp/nfsclient-status-cache-$$ 507430 - S/Lang stack / memory leaks 516758 - rgmanager: local_node_name does not check if magma_tool failed. 519436 - CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues 555901 - fs.sh can kill processes that are not on the mount point which is being unmounted 639044 - CVE-2010-3389 rgmanager: insecure library loading vulnerability 6. Package List: Red Hat Cluster Suite 4AS: Source: i386: rgmanager-1.9.88-2.el4.i386.rpm rgmanager-debuginfo-1.9.88-2.el4.i386.rpm ia64: rgmanager-1.9.88-2.el4.ia64.rpm rgmanager-debuginfo-1.9.88-2.el4.ia64.rpm ppc: rgmanager-1.9.88-2.el4.ppc64.rpm rgmanager-debuginfo-1.9.88-2.el4.ppc64.rpm x86_64: rgmanager-1.9.88-2.el4.x86_64.rpm rgmanager-debuginfo-1.9.88-2.el4.x86_64.rpm Red Hat Cluster Suite 4ES: Source: i386: rgmanager-1.9.88-2.el4.i386.rpm rgmanager-debuginfo-1.9.88-2.el4.i386.rpm ia64: rgmanager-1.9.88-2.el4.ia64.rpm rgmanager-debuginfo-1.9.88-2.el4.ia64.rpm x86_64: rgmanager-1.9.88-2.el4.x86_64.rpm rgmanager-debuginfo-1.9.88-2.el4.x86_64.rpm Red Hat Cluster Suite 4WS: Source: i386: rgmanager-1.9.88-2.el4.i386.rpm rgmanager-debuginfo-1.9.88-2.el4.i386.rpm ia64: rgmanager-1.9.88-2.el4.ia64.rpm rgmanager-debuginfo-1.9.88-2.el4.ia64.rpm x86_64: rgmanager-1.9.88-2.el4.x86_64.rpm rgmanager-debuginfo-1.9.88-2.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2008-6552 https://access.redhat.com/security/cve/CVE-2010-3389 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. . Security bulletin regarding updates for Red Hat High Availability Add-On, enhancing rgmanager to address vulnerabilities. Bulletin ID: RHSA-2011:0265-02.. Red Hat Cluster Suite, rgmanager, security update. . Severity: Low. LinuxSecurity.com Team
Feb 16, 2011
•Low
Red Hat
200
security advisorybug fixlow severityScientific Linux 5.x: Low Advisory for rgmanager Security Flaw
Low: rgmanager security, bug fix, and enhancement update. Date: Thu, 1 Oct 2009 12:08:33 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Low: rgmanager on SL5.x i386/x86_64 Comments: To: "
Oct 01, 2009
•Low
Scientific Linux
98
security advisorysecurity issuered hatRed Hat Enterprise Linux 5: RHSA-2009-1339-02 Low: Rgmanager Security Fix
An updated rgmanager package that fixes multiple security issues, various bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: rgmanager security, bug fix, and enhancement update Advisory ID: RHSA-2009:1339-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1339.html Issue date: 2009-09-02 CVE Names: CVE-2008-6552 ==================================================================== 1. Summary: An updated rgmanager package that fixes multiple security issues, various bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications in the event of system downtime. Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552) This update also fixes the following bugs: * clulog now accepts '-' as the first character in messages. * if expire_time is 0, max_restarts is no longer ignored. * the SAP resource agents included in the rgmanager package shipped with Red Hat Enterprise Linux 5.3 were outdated. This update includes the most recent SAP resource agents and, consequently, improves SAP failover support. * empty PID files no longer causeresource start failures. * recovery policy of type 'restart' now works properly when using a resource based on ra-skelet.sh. * samba.sh has been updated to kill the PID listed in the proper PID file. * handling of the '-F' option has been improved to fix issues causing rgmanager to crash if no members of a restricted failover domain were online. * the number of simultaneous status checks can now be limited to prevent load spikes. * forking and cloning during status checks has been optimized to reduce load spikes. * rg_test no longer hangs when run with large cluster configuration files. * when rgmanager is used with a restricted failover domain it will no longer occasionally segfault when some nodes are offline during a failover event. * virtual machine guests no longer restart after a cluster.conf update. * nfsclient.sh no longer leaves temporary files after running. * extra checks from the Oracle agents have been removed. * vm.sh now uses libvirt. * users can now define an explicit service processing order when central_processing is enabled. * virtual machine guests can no longer start on 2 nodes at the same time. * in some cases a successfully migrated virtual machine guest could restart when the cluster.conf file was updated. * incorrect reporting of a service being started when it was not started has been addressed. As well, this update adds the following enhancements: * a startup_wait option has been added to the MySQL resource agent. * services can now be prioritized. * rgmanager now checks to see if it has been killed by the OOM killer and if so, reboots the node. Users of rgmanager are advised to upgrade to this updated package, which resolves these issues and adds these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed(http://bugzilla.redhat.com/): 250718 - fs.sh inefficient scripting leads to load peaks and disk saturation 412911 - Convert all XM management calls to either lib virt or virsh 449394 - Recovery policy of type restart doesn't work with a service using a resource based on ra-skelet.sh 468691 - Virtual Services guest can start on 2 nodes at same time 470917 - The oracledb.sh script checks in strange intervals(10s, 5m, 4.5m) 471066 - rgmanager oracledb.sh resource agent does not properly check for all db startup failures. 471226 - oracledb.sh script kills ALL oracle instances when failing over 471431 - second ocf_log message doesn't make it to /var/log/messages 474444 - Zero-length pid files cause resource start failures 475826 - Update support for SAP resource agents (rgmanager) 481058 - MySQL Service Startup Timeout after Crash 482858 - Cluster Event Script needs Updates to include Group Exclusive 483093 - rgmanager: samba.sh tries to kill the wrong pid file 486349 - nfsclient.sh leaves temporary files /tmp/nfsclient-status-cache-$$ 486717 - clusvcadm -e -F handling bugs 488714 - Enabling (according to failover domain rules) a frozen service results in a unusable failed+frozen service 489785 - /usr/share/cluster/apache.sh does not handle a valid /etc/httpd/conf/httpd.conf configuration correctly 490449 - domU's restart after cluster.conf update 490455 - rg_test hangs when running against cluster 492828 - RFE: priorities for services/virtual machines 494977 - segfault in check_rdomain_crash() during failover 505340 - VM migration and subsequent cluster.conf update can cause the VM restart 514044 - vm.sh does will fail resource if "no state" is detected 519436 - CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues 6. Package List: RHEL Clustering (v. 5server): Source: i386: rgmanager-2.0.52-1.el5.i386.rpm rgmanager-debuginfo-2.0.52-1.el5.i386.rpm ia64: rgmanager-2.0.52-1.el5.ia64.rpm rgmanager-debuginfo-2.0.52-1.el5.ia64.rpm ppc: rgmanager-2.0.52-1.el5.ppc.rpm rgmanager-debuginfo-2.0.52-1.el5.ppc.rpm x86_64: rgmanager-2.0.52-1.el5.x86_64.rpm rgmanager-debuginfo-2.0.52-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2008-6552 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniLIXlSAg2UNWIIRAlb4AJwIkJJHbOXlvjwOcbwjt70V0asv/wCeNBm+ xcb6vJWVqnC+4Fu+Rc5pXaw=ohX8 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 02, 2009
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!