Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0456
Important: Red Hat Storage 2.0 security, bug fix, and enhancement update #4
2 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat Storage
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Modify Arbitrary Files -- Existing Account
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2012-5638 CVE-2012-5635 CVE-2012-4406
Reference: ESB-2012.0996
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2013-0691.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Storage 2.0 security, bug fix, and enhancement update #4
Advisory ID: RHSA-2013:0691-01
Product: Red Hat Storage
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0691.html
Issue date: 2013-03-28
CVE Names: CVE-2012-4406 CVE-2012-5635 CVE-2012-5638
=====================================================================
1. Summary:
Updated Red Hat Storage 2.0 packages that fix multiple security issues,
several bugs, and add enhancements are now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Storage 2.0 Console - noarch
Red Hat Storage Native Client for Red Hat Enterprise Linux 5 - x86_64
Red Hat Storage Native Client for Red Hat Enterprise Linux 6 - x86_64
Red Hat Storage Server 2.0 - noarch, x86_64
3. Description:
Red Hat Storage is a software only, scale-out storage solution that
provides flexible and agile unstructured data storage for the enterprise.
A flaw was found in the way the Swift component used Python pickle. This
could lead to arbitrary code execution. With this update, the JSON
(JavaScript Object Notation) format is used. (CVE-2012-4406)
Multiple insecure temporary file creation flaws were found in Red Hat
Storage. A local user on the Red Hat Storage server could use these flaws
to cause arbitrary files to be overwritten as the root user via a symbolic
link attack. (CVE-2012-5635)
It was found that sanlock created "/var/run/sanlock/sanlock.pid" with
world-writable permissions. A local user could use this flaw to make the
sanlock init script kill an arbitrary process when the sanlock daemon is
stopped or restarted. Additionally, "/var/log/sanlock.log" was also
world-writable, allowing local users to modify the contents of the log
file, or store data within it (bypassing any quotas applied to their
account). (CVE-2012-5638)
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting CVE-2012-4406. The CVE-2012-5635 issues were discovered by Kurt
Seifried of the Red Hat Security Response Team and Michael Scherer of the
Red Hat Regional IT team, and CVE-2012-5638 was discovered by David
Teigland of Red Hat.
Bug fixes and enhancements:
* Options to provide POSIX behavior when the O_DIRECT flag is used with
the open() system call across many translators. (BZ#856156)
* A mount time option provided to make the FUSE module's request queue
length configurable. (BZ#856206)
* Various fixes in the FUSE module to ensure the 'read-only' (-o ro) mount
option works. (BZ#858499)
* Various fixes in GlusterFS's rebalance code to handle failures while
replica pairs are getting connected and disconnected in quick succession.
(BZ#859387)
* NFS code fixed to ensure proper inode transformation logic when the
'enable-ino32' option is set. (BZ#864222)
* Fixed the behavior of the posix-locks module per POSIX locking
semantics. As a result, smb-torture's ping-pong tests now run smoothly on
top of GlusterFS mounts. (BZ#869724)
* FUSE module enhanced with the enable-ino32 mount option, required by any
32-bit applications running on top of a GlusterFS mount. (BZ#876679)
* Corrections were made to fd table behavior when both NFS and
geo-replication are in progress. (BZ#880193)
* With this update, disconnections are now handled better in the
geo-replication 'gsyncd' process. (BZ#880308)
* With this update, the 'gluster volume geo-replication config checkpoint'
command returns the output value properly. (BZ#881736)
* With this enhancement, it is possible to set the 'root-squash' volume
option with Gluster CLI. Red Hat Storage volumes now support NFS's
root-squashing behavior. (BZ#883590)
* NFS POSIX lock issue fixed when 'root-squash' option is enabled on the
volume. (BZ#906884)
* Fixed an issue in tracking the changes of Geo-replication when an
unprivileged user accesses the file system. (BZ#883827)
* Fixed NFS locking manager (NLM) code to handle IP failover successfully.
(BZ#888286)
* Fixed issue in rebalance code to handle proper pointer dereference.
(BZ#894237)
* POSIX module made more robust to handle backend brick failures better.
(BZ#895841)
* Fixed the 'gluster volume geo-replication' command to provide a
meaningful message when a wrong hostname is entered. (BZ#902213)
* Fixed Console Configuration Script where it added invalid 'security'
configuration for ENGINEDataSource in JBoss. (BZ#922572)
* Fixed rhsc-setup failure where it does not check for SELinux before
running setsebool. (BZ#923674)
* Provided an update to the rhn-client-tools package to ensure setup
defaults to the correct base Red Hat Enterprise Linux (6.2 Extended Update
Support). (BZ#911777)
Refer to the Release Notes, available shortly from the link in the
References section, for further information.
4. Solution:
All users of Red Hat Storage are advised to upgrade to these updated
packages.
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
854757 - CVE-2012-4406 Openstack-Swift: insecure use of python pickle()
856206 - [FEAT] FUSE queue length needs to be configurable
859387 - [RHEV-RHS] Rebalance migration failures are seen when replicate bricks are brought down and restarted
869724 - smbtorture's raw.ping-pong test fails against GlusterFS share
876679 - 32bit support in Fuse, related to special option nfs.enable-ino32
883590 - Gluster CLI does not allow setting root squashing
886364 - CVE-2012-5635 GlusterFS: insecure temporary file creation
887010 - CVE-2012-5638 sanlock world writable /var/log/sanlock.log
895841 - [glusterfs-3.3.1qa3]: glusterfs client asserted
902213 - "gluster volume geo-replication .. config" with an incorrect hostname for the source gives a DeprecationWarning
922572 - Console Configuration Script adds invalid 'security' configuration for ENGINEDataSource in JBoss
923674 - rhsc-setup fails: does not check for SELinux before running setsebool
6. Package List:
Red Hat Storage Native Client for Red Hat Enterprise Linux 5:
Source:
glusterfs-3.3.0.7rhs-1.el5.src.rpm
x86_64:
glusterfs-3.3.0.7rhs-1.el5.x86_64.rpm
glusterfs-debuginfo-3.3.0.7rhs-1.el5.x86_64.rpm
glusterfs-devel-3.3.0.7rhs-1.el5.x86_64.rpm
glusterfs-fuse-3.3.0.7rhs-1.el5.x86_64.rpm
glusterfs-rdma-3.3.0.7rhs-1.el5.x86_64.rpm
Red Hat Storage Server 2.0:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/appliance-1.7.1-1.el6rhs.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/augeas-0.9.0-1.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/gluster-swift-1.4.8-5.el6rhs.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/glusterfs-3.3.0.7rhs-1.el6rhs.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/rhn-client-tools-1.0.0-73.el6rhs.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/sanlock-2.3-4.el6_3.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/sos-2.2-17.2.el6rhs.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/vdsm-4.9.6-20.el6rhs.src.rpm
noarch:
appliance-base-1.7.1-1.el6rhs.noarch.rpm
gluster-swift-1.4.8-5.el6rhs.noarch.rpm
gluster-swift-account-1.4.8-5.el6rhs.noarch.rpm
gluster-swift-container-1.4.8-5.el6rhs.noarch.rpm
gluster-swift-doc-1.4.8-5.el6rhs.noarch.rpm
gluster-swift-object-1.4.8-5.el6rhs.noarch.rpm
gluster-swift-proxy-1.4.8-5.el6rhs.noarch.rpm
rhn-check-1.0.0-73.el6rhs.noarch.rpm
rhn-client-tools-1.0.0-73.el6rhs.noarch.rpm
rhn-setup-1.0.0-73.el6rhs.noarch.rpm
rhn-setup-gnome-1.0.0-73.el6rhs.noarch.rpm
sos-2.2-17.2.el6rhs.noarch.rpm
vdsm-bootstrap-4.9.6-20.el6rhs.noarch.rpm
vdsm-cli-4.9.6-20.el6rhs.noarch.rpm
vdsm-debug-plugin-4.9.6-20.el6rhs.noarch.rpm
vdsm-gluster-4.9.6-20.el6rhs.noarch.rpm
vdsm-hook-faqemu-4.9.6-20.el6rhs.noarch.rpm
vdsm-hook-vhostmd-4.9.6-20.el6rhs.noarch.rpm
vdsm-reg-4.9.6-20.el6rhs.noarch.rpm
x86_64:
augeas-0.9.0-1.el6.x86_64.rpm
augeas-debuginfo-0.9.0-1.el6.x86_64.rpm
augeas-devel-0.9.0-1.el6.x86_64.rpm
augeas-libs-0.9.0-1.el6.x86_64.rpm
glusterfs-3.3.0.7rhs-1.el6rhs.x86_64.rpm
glusterfs-debuginfo-3.3.0.7rhs-1.el6rhs.x86_64.rpm
glusterfs-devel-3.3.0.7rhs-1.el6rhs.x86_64.rpm
glusterfs-fuse-3.3.0.7rhs-1.el6rhs.x86_64.rpm
glusterfs-geo-replication-3.3.0.7rhs-1.el6rhs.x86_64.rpm
glusterfs-rdma-3.3.0.7rhs-1.el6rhs.x86_64.rpm
glusterfs-server-3.3.0.7rhs-1.el6rhs.x86_64.rpm
libvirt-0.9.10-21.el6_3.8.x86_64.rpm
libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm
libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm
libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm
libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm
libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm
sanlock-2.3-4.el6_3.x86_64.rpm
sanlock-debuginfo-2.3-4.el6_3.x86_64.rpm
sanlock-devel-2.3-4.el6_3.x86_64.rpm
sanlock-lib-2.3-4.el6_3.x86_64.rpm
sanlock-python-2.3-4.el6_3.x86_64.rpm
vdsm-4.9.6-20.el6rhs.x86_64.rpm
vdsm-debuginfo-4.9.6-20.el6rhs.x86_64.rpm
vdsm-python-4.9.6-20.el6rhs.x86_64.rpm
Red Hat Storage 2.0 Console:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/rhsc-2.0.techpreview1-4.el6rhs.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/vdsm-4.9.6-20.el6rhs.src.rpm
noarch:
rhsc-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-backend-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-config-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-dbscripts-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-genericapi-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-jboss-deps-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-notification-service-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-restapi-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-setup-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-tools-common-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-userportal-2.0.techpreview1-4.el6rhs.noarch.rpm
rhsc-webadmin-portal-2.0.techpreview1-4.el6rhs.noarch.rpm
vdsm-bootstrap-4.9.6-20.el6rhs.noarch.rpm
Red Hat Storage Native Client for Red Hat Enterprise Linux 6:
Source:
glusterfs-3.3.0.7rhs-1.el6.src.rpm
x86_64:
glusterfs-3.3.0.7rhs-1.el6.x86_64.rpm
glusterfs-debuginfo-3.3.0.7rhs-1.el6.x86_64.rpm
glusterfs-devel-3.3.0.7rhs-1.el6.x86_64.rpm
glusterfs-fuse-3.3.0.7rhs-1.el6.x86_64.rpm
glusterfs-rdma-3.3.0.7rhs-1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-4406.html
https://www.redhat.com/security/data/cve/CVE-2012-5635.html
https://www.redhat.com/security/data/cve/CVE-2012-5638.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/knowledge/docs/Red_Hat_Storage/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRVMMmXlSAg2UNWIIRAkspAKCS+8QCt8NE+FPUhVObSSvVj5uOSwCfYwBg
QRicrIKUogFiJcPEpqBgCRo=
=nAOB
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUVo55+4yVqjM2NGpAQKpMA//Z4NRUbhZWHf0DJ3OT5zpDuQWt1k/f9Y9
1LNSU6jS5z6ear7pHXUMTdmBlMyUGFglIEI+m0MDyfRaNcR1iq3hO15XQwqcXrGo
A93iNC6foSXR+AoZlkqxADzCt7Wa3sha8QNM5nk1PTssrxC0zecaS1cAtMUW1d3Z
PunsrX/mS++sEXCXRrXdYXsWTJzYOpzO3yQUqJ6aNCSs5yHGTeNpPcgfPVttfdT6
PZX4kfROXSSJgjc3kT3qeaRXkQ3FXDBr1pStd82l6rCAD344o7BO5gW4ujZyMLj6
06qyOZKOptI0BNfs7dLtLRt9k+SDLFO5+6+fl8uPqQ91Iob88cAZjcmHyelcQR+2
khHkXj/mrVWkhspH92DS2BHfvYJGvG+uTd5x9FWTjt4nwe5FKo4zUvSUYsW/+5l3
EQSO/S/HBzdivvGCXBIXAFyql25AWdvt2B/DalILluu7uYIFwJFc4SLk8V8McvEy
yfuGyGBMvGhiAD+6A+oSqlflclcxpBECJTdADJldVSPWciUGewSLY5MQm6z/0Cx4
mxjhukvrxJFnXLFdriQph8CR5EebNiEHX7sE/XDclE7EB2MnKnl4sEPSLi/8rX1y
dlkqKWj1qVUQQ/pgoHPKBFQGd8U0WQeChOMJMZ6y71QX7H1ecn5Qge606r7NwXaY
Ll8PjAgVuAQ=
=Gszb
-----END PGP SIGNATURE-----