Subject: | |
From: | |
Reply To: | |
Date: | Wed, 8 Apr 2009 15:14:14 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: device-mapper-multipath security update
Issue date: 2009-04-07
CVE Names: CVE-2009-0115
It was discovered that the multipathd daemon set incorrect permissions
on the socket used to communicate with command line clients. An
unprivileged, local user could use this flaw to send commands to
multipathd, resulting in access disruptions to storage devices
accessible via multiple paths and, possibly, file system corruption on
these devices. (CVE-2009-0115)
The multipathd service must be restarted for the changes to take effect.
Important: the version of the multipathd daemon in Scientific Linux 5
has a known issue which may cause a machine to become unresponsive when
the multipathd service is stopped. Until this issue is resolved, we
recommend restarting the multipathd service by issuing the following
commands in sequence:
# killall -KILL multipathd
# service multipathd restart
SL 4.x
SRPMS:
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm
i386:
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm
x86_64:
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm
SL 5.x
SRPMS:
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm
i386:
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm
kpartx-0.4.7-23.el5_3.2.i386.rpm
x86_64:
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm
kpartx-0.4.7-23.el5_3.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|