USN-875-1: Red Hat Cluster Suite vulnerabilities
18 December 2009
redhat-cluster, redhat-cluster-suite vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Software Description
- redhat-cluster
- redhat-cluster-suite
Details
Multiple insecure temporary file handling vulnerabilities were discovered in Red Hat Cluster. A local attacker could exploit these to overwrite arbitrary local files via symlinks. (CVE-2008-4192, CVE-2008-4579, CVE-2008-4580, CVE-2008-6552)
It was discovered that CMAN did not properly handle malformed configuration files. An attacker could cause a denial of service (via CPU consumption and memory corruption) in a node if the attacker were able to modify the cluster configuration for the node. (CVE-2008-6560)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 8.10
- cman - 2.20080826-0ubuntu1.3
- gfs2-tools - 2.20080826-0ubuntu1.3
- rgmanager - 2.20080826-0ubuntu1.3
- Ubuntu 8.04 LTS
- cman - 2.20080227-0ubuntu1.3
- gfs2-tools - 2.20080227-0ubuntu1.3
- rgmanager - 2.20080227-0ubuntu1.3
- Ubuntu 6.06 LTS
- ccs - 1.20060222-0ubuntu6.3
- cman - 1.20060222-0ubuntu6.3
- fence - 1.20060222-0ubuntu6.3
- libcman1 - 1.20060222-0ubuntu6.3
- rgmanager - 1.20060222-0ubuntu6.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the necessary changes.