Subject: | |
From: | |
Reply To: | |
Date: | Thu, 24 Feb 2011 13:45:18 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Low: fence security, bug fix, and enhancement update
Issue date: 2011-02-16
CVE Names: CVE-2008-4192 CVE-2008-4579
Insecure temporary file use flaws were found in fence_egenera,
fence_apc, and fence_apc_snmp. A local attacker could use these flaws to
overwrite an arbitrary file writable by the victim running those
utilities via a symbolic link attack. (CVE-2008-4192, CVE-2008-4579)
This update also fixes the following bugs:
* fence_apc_snmp now waits for five seconds after fencing to properly
get status. (BZ#494587)
* The fence_drac5 help output now shows the proper commands. (BZ#498870)
* fence_scsi_test.pl now verifies that sg_persist is in the path before
running. (BZ#500172)
* fence_drac5 is now more consistent with other agents and uses
module_name instead of modulename. (BZ#500546)
* fence_apc and fence_wti no longer fail with a pexpect exception.
(BZ#501890, BZ#504589)
* fence_wti no longer issues a traceback when an option is missing.
(BZ#508258)
* fence_sanbox2 is now able to properly obtain the status after fencing.
(BZ#510279)
* Fencing no longer fails if fence_wti is used without telnet. (BZ#510335)
* fence_scsi get_scsi_devices no longer hangs with various devices.
(BZ#545193)
* fence_ilo no longer fails to reboot with ilo2 firmware 1.70. (BZ#545682)
* Fixed an issue with fence_ilo not rebooting in some implementations.
(BZ#576036)
* fence_ilo no longer throws exceptions if the user does not have power
privileges. (BZ#576178)
As well, this update adds the following enhancements:
* Support has been added for SSH-enabled RSA II fence devices. (BZ#476161)
* The APC fence agent will now work with a non-root account. (BZ#491643)
SL 4.x
SRPMS:
fence-1.32.68-5.el4.src.rpm
i386:
fence-1.32.68-5.el4.i686.rpm
x86_64:
fence-1.32.68-5.el4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|