USN-875-1: Red Hat Cluster Suite vulnerabilities

Ubuntu Security Notice USN-875-1

18th December, 2009

redhat-cluster, redhat-cluster-suite vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Software description

  • redhat-cluster
  • redhat-cluster-suite


Multiple insecure temporary file handling vulnerabilities were discovered
in Red Hat Cluster. A local attacker could exploit these to overwrite
arbitrary local files via symlinks. (CVE-2008-4192, CVE-2008-4579,
CVE-2008-4580, CVE-2008-6552)

It was discovered that CMAN did not properly handle malformed configuration
files. An attacker could cause a denial of service (via CPU consumption and
memory corruption) in a node if the attacker were able to modify the
cluster configuration for the node. (CVE-2008-6560)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.10:
gfs2-tools 2.20080826-0ubuntu1.3
cman 2.20080826-0ubuntu1.3
rgmanager 2.20080826-0ubuntu1.3
Ubuntu 8.04 LTS:
gfs2-tools 2.20080227-0ubuntu1.3
cman 2.20080227-0ubuntu1.3
rgmanager 2.20080227-0ubuntu1.3
Ubuntu 6.06 LTS:
libcman1 1.20060222-0ubuntu6.3
ccs 1.20060222-0ubuntu6.3
cman 1.20060222-0ubuntu6.3
fence 1.20060222-0ubuntu6.3
rgmanager 1.20060222-0ubuntu6.3

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the
necessary changes.


CVE-2008-4192, CVE-2008-4579, CVE-2008-4580, CVE-2008-6552, CVE-2008-6560