Synopsis: Low: fence security, bug fix, and enhancement update Issue date: 2011-02-16 CVE Names: CVE-2008-4192 CVE-2008-4579 Insecure temporary file use flaws were found in fence_egenera, fence_apc, and fence_apc_snmp. A local attacker could use these flaws to overwrite an arbitrary file writable by the victim running those utilities via a symbolic link attack. (CVE-2008-4192, CVE-2008-4579) This update also fixes the following bugs: * fence_apc_snmp now waits for five seconds after fencing to properly get status. (BZ#494587) * The fence_drac5 help output now shows the proper commands. (BZ#498870) * fence_scsi_test.pl now verifies that sg_persist is in the path before running. (BZ#500172) * fence_drac5 is now more consistent with other agents and uses module_name instead of modulename. (BZ#500546) * fence_apc and fence_wti no longer fail with a pexpect exception. (BZ#501890, BZ#504589) * fence_wti no longer issues a traceback when an option is missing. (BZ#508258) * fence_sanbox2 is now able to properly obtain the status after fencing. (BZ#510279) * Fencing no longer fails if fence_wti is used without telnet. (BZ#510335) * fence_scsi get_scsi_devices no longer hangs with various devices. (BZ#545193) * fence_ilo no longer fails to reboot with ilo2 firmware 1.70. (BZ#545682) * Fixed an issue with fence_ilo not rebooting in some implementations. (BZ#576036) * fence_ilo no longer throws exceptions if the user does not have power privileges. (BZ#576178) As well, this update adds the following enhancements: * Support has been added for SSH-enabled RSA II fence devices. (BZ#476161) * The APC fence agent will now work with a non-root account. (BZ#491643) SL 4.x SRPMS: fence-1.32.68-5.el4.src.rpm i386: fence-1.32.68-5.el4.i686.rpm x86_64: fence-1.32.68-5.el4.x86_64.rpm -Connie Sieh -Troy Dawson