 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 13 May 2015 15:27:36 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: kexec-tools security, bug fix, and enhancement update
Advisory ID: SLSA-2015:0986-1
Issue Date: 2015-05-12
CVE Numbers: CVE-2015-0267
--
It was found that the module-setup.sh script provided by kexec-tools
created temporary files in an insecure way. A malicious, local user could
use this flaw to conduct a symbolic link attack, allowing them to
overwrite the contents of arbitrary files. (CVE-2015-0267)
This update also fixes the following bug:
* On Atomic Host systems, the kdump tool previously saved
kernel crash dumps in the /sysroot/crash file instead of the /var/crash
file. The parsing error that caused this problem has been fixed, and the
kernel crash dumps are now correctly saved in /var/crash.
In addition, this update adds the following enhancement:
* The makedumpfile command now supports the new sadump format that can
represent more than 16 TB of physical memory space. This allows users of
makedumpfile to read dump files over 16 TB, generated by sadump on certain
upcoming server models.
--
SL7
x86_64
kexec-tools-2.0.7-19.el7_1.2.x86_64.rpm
kexec-tools-debuginfo-2.0.7-19.el7_1.2.x86_64.rpm
kexec-tools-eppic-2.0.7-19.el7_1.2.x86_64.rpm
- Scientific Linux Development Team
|
|
|
