Lucene search

K
redhatRedHatRHSA-2011:0266
HistoryFeb 16, 2011 - 12:00 a.m.

(RHSA-2011:0266) Low: fence security, bug fix, and enhancement update

2011-02-1600:00:00
access.redhat.com
6

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.6%

The fence package allows failed or unreachable nodes to be forcibly
restarted and removed from a cluster.

Insecure temporary file use flaws were found in fence_egenera, fence_apc,
and fence_apc_snmp. A local attacker could use these flaws to overwrite an
arbitrary file writable by the victim running those utilities via a
symbolic link attack. (CVE-2008-4192, CVE-2008-4579)

This update also fixes the following bugs:

  • fence_apc_snmp now waits for five seconds after fencing to properly get
    status. (BZ#494587)

  • The fence_drac5 help output now shows the proper commands. (BZ#498870)

  • fence_scsi_test.pl now verifies that sg_persist is in the path before
    running. (BZ#500172)

  • fence_drac5 is now more consistent with other agents and uses module_name
    instead of modulename. (BZ#500546)

  • fence_apc and fence_wti no longer fail with a pexpect exception.
    (BZ#501890, BZ#504589)

  • fence_wti no longer issues a traceback when an option is missing.
    (BZ#508258)

  • fence_sanbox2 is now able to properly obtain the status after fencing.
    (BZ#510279)

  • Fencing no longer fails if fence_wti is used without telnet. (BZ#510335)

  • fence_scsi get_scsi_devices no longer hangs with various devices.
    (BZ#545193)

  • fence_ilo no longer fails to reboot with ilo2 firmware 1.70. (BZ#545682)

  • Fixed an issue with fence_ilo not rebooting in some implementations.
    (BZ#576036)

  • fence_ilo no longer throws exceptions if the user does not have power
    privileges. (BZ#576178)

As well, this update adds the following enhancements:

  • Support has been added for SSH-enabled RSA II fence devices. (BZ#476161)

  • The APC fence agent will now work with a non-root account. (BZ#491643)

All fence users are advised to upgrade to this updated package, which
corrects these issues and adds these enhancements.

OSVersionArchitecturePackageVersionFilename
RedHat4x86_64fence< 1.32.68-5.el4fence-1.32.68-5.el4.x86_64.rpm

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.6%

Related for RHSA-2011:0266