(RHSA-2011:1000) Low: rgmanager security, bug fix, and enhancement update

The rgmanager package contains the Red Hat Resource Group Manager, which
provides the ability to create and manage high-availability server
applications in the event of system downtime.

It was discovered that certain resource agent scripts set the
LD_LIBRARY_PATH environment variable to an insecure value containing empty
path elements. A local user able to trick a user running those scripts to
run them while working from an attacker-writable directory could use this
flaw to escalate their privileges via a specially-crafted dynamic library.
(CVE-2010-3389)

Red Hat would like to thank Raphael Geissert for reporting this issue.

This update also fixes the following bugs:

• The failover domain “nofailback” option was not honored if a service was
  in the “starting” state. This bug has been fixed. (BZ#669440)

• PID files with white spaces in the file name are now handled correctly.
  (BZ#632704)

• The /usr/sbin/rhev-check.sh script can now be used from within Cron.
  (BZ#634225)

• The clustat utility now reports the correct version. (BZ#654160)

• The oracledb.sh agent now attempts to try the “shutdown immediate”
  command instead of using the “shutdown abort” command. (BZ#633992)

• The SAPInstance and SAPDatabase scripts now use proper directory name
  quoting so they no longer collide with directory names like “/u”.
  (BZ#637154)

• The clufindhostname utility now returns the correct value in all cases.
  (BZ#592613)

• The nfsclient resource agent now handles paths with trailing slashes
  correctly. (BZ#592624)

• The last owner of a service is now reported correctly after a failover.
  (BZ#610483)

• The /usr/share/cluster/fs.sh script no longer runs the “quotaoff” command
  if quotas were not configured. (BZ#637678)

• The “listen” line in the /etc/httpd/conf/httpd.conf file generated by the
  Apache resource agent is now correct. (BZ#675739)

• The tomcat-5 resource agent no longer generates incorrect configurations.
  (BZ#637802)

• The time required to stop an NFS resource when the server is unavailable
  has been reduced. (BZ#678494)

• When using exclusive prioritization, a higher priority service now
  preempts a lower priority service after status check failures. (BZ#680256)

• The postgres-8 resource agent now correctly detects failed start
  operations. (BZ#663827)

• The handling of reference counts passed by rgmanager to resource agents
  now works properly, as expected. (BZ#692771)

As well, this update adds the following enhancements:

• It is now possible to disable updates to static routes by the IP resource
  agent. (BZ#620700)

• It is now possible to use XFS as a file system within a cluster service.
  (BZ#661893)

• It is now possible to use the “clustat” command as a non-root user, so
  long as that user is in the “root” group. (BZ#510300)

• It is now possible to migrate virtual machines when central processing is
  enabled. (BZ#525271)

• The rgmanager init script will now delay after stopping services in order
  to allow time for other nodes to restart them. (BZ#619468)

• The handling of failed independent subtrees has been corrected.
  (BZ#711521)

All users of Red Hat Resource Group Manager are advised to upgrade to this
updated package, which contains backported patches to correct these issues
and add these enhancements.