How it Works
Red Hat
Loading...
D
E
G
J
L
Loading...
Loading...
ENTERPRISE LINUX 5.4
User Manual
80 pgs569.57 Kb0
User Manual
466 pgs2.95 Mb0

Red Hat ENTERPRISE LINUX 5.4 User Manual

Download
Page 1
Red Hat Enterprise
Linux 5.4
Technical Notes
Every Change to Every Package
Page 2
Technical Notes
Red Hat Enterprise Linux 5.4 Technical Notes Every Change to Every Package Edition 1
Author rhelv5-list@redhat.com
Copyright © 2009 Red Hat.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
All other trademarks are the property of their respective owners.
1801 Varsity Drive Raleigh, NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park, NC 27709 USA
The Red Hat Enterprise Linux 5.4 Technical Notes list and document the changes made to the Red Hat Enterprise Linux 5 operating system and its accompanying applications between minor release Red Hat Enterprise Linux 5.3 and minor release Red Hat Enterprise Linux 5.4.
Page 3
iii
Preface xvii
1. Package Updates 1
1.1. NetworkManager ......................................................................................................... 1
1.1.1. RHSA-2009:0361: Moderate security update ...................................................... 1
1.1.2. RHBA-2009:1389: bug fix update ...................................................................... 1
1.2. OpenIPMI ................................................................................................................... 2
1.2.1. RHEA-2009:1312: bug fix and enhancement update ........................................... 2
1.3. acpid .......................................................................................................................... 4
1.3.1. RHSA-2009:0474: Moderate security update ...................................................... 4
1.3.2. RHBA-2009:1403: bug fix update ...................................................................... 4
1.4. acroread ..................................................................................................................... 5
1.4.1. RHSA-2009:1109: Critical security update .......................................................... 5
1.4.2. RHSA-2009:0478: Critical security update .......................................................... 6
1.4.3. RHSA-2009:0376: Critical security update .......................................................... 6
1.5. aide ............................................................................................................................ 7
1.5.1. RHEA-2009:1073: enhancement update ............................................................ 7
1.6. amanda ...................................................................................................................... 7
1.6.1. RHBA-2009:1300: bug fix update ...................................................................... 7
1.7. anaconda ................................................................................................................... 8
1.7.1. RHBA-2009:1306: bug fix and enhancement update ........................................... 8
1.8. apr ........................................................................................................................... 10
1.8.1. RHSA-2009:1204: Moderate and apr-util security update ................................... 10
1.9. apr-util ...................................................................................................................... 10
1.9.1. RHSA-2009:1107: Moderate security update .................................................... 10
1.10. aspell ...................................................................................................................... 11
1.10.1. RHBA-2009:1070: bug fix update ................................................................... 11
1.11. audit ....................................................................................................................... 12
1.11.1. RHBA-2009:0475: bug fix and enhancement update ....................................... 12
1.11.2. RHBA-2009:0443: bug fix update ................................................................... 12
1.11.3. RHEA-2009:1303: enhancement ..................................................................... 13
1.12. authconfig ............................................................................................................... 14
1.12.1. RHBA-2009:0482: bug fix update ................................................................... 14
1.13. authd ...................................................................................................................... 15
1.13.1. RHBA-2009:0442: bug fix update ................................................................... 15
1.14. autofs ..................................................................................................................... 15
1.14.1. RHBA-2009:1131: bug fix update ................................................................... 15
1.14.2. RHBA-2009:1397: bug fix update .................................................................... 16
1.15. avahi ...................................................................................................................... 18
1.15.1. RHBA-2009:1119: bug fix update ................................................................... 18
1.16. bind ........................................................................................................................ 19
1.16.1. RHSA-2009:1179: Important security update .................................................. 19
1.16.2. RHBA-2009:1137: bug fix update ................................................................... 20
1.16.3. RHBA-2009:1420: bug fix and enhancement update ........................................ 20
1.17. binutils .................................................................................................................... 21
1.17.1. RHBA-2009:0465: bug fix update ................................................................... 21
1.18. busybox .................................................................................................................. 22
1.18.1. RHBA-2009:1249: bug fix update ................................................................... 22
1.19. cman ...................................................................................................................... 23
1.19.1. RHBA-2009:1192: bug fix update ................................................................... 23
1.19.2. RHBA-2009:1103: bug fix update ................................................................... 23
1.19.3. RHBA-2009:0416: bug fix update ................................................................... 23
Page 4
Technical Notes
iv
1.19.4. RHSA-2009:1341: Low security, bug fix, and enhancement update ................... 24
1.20. cmirror .................................................................................................................... 26
1.20.1. RHEA-2009:1340: bug-fix update ................................................................... 26
1.21. cmirror-kmod ........................................................................................................... 26
1.21.1. RHBA-2009:1367: bug fix update ................................................................... 26
1.22. conga ..................................................................................................................... 27
1.22.1. RHBA-2009:0381: bug fix update ................................................................... 27
1.22.2. RHBA-2009:1381: bug-fix and enhancement update ....................................... 27
1.23. coreutils .................................................................................................................. 28
1.23.1. RHBA-2009:1262: bug fix update ................................................................... 28
1.24. cpio ........................................................................................................................ 29
1.24.1. RHBA-2009:0379: bug fix update ................................................................... 29
1.25. cpuspeed ................................................................................................................ 30
1.25.1. RHBA-2009:0424: bug fix update ................................................................... 30
1.26. crash ...................................................................................................................... 30
1.26.1. RHBA-2009:0049: bug fix update ................................................................... 30
1.26.2. RHBA-2009:1283: bug fix update ................................................................... 31
1.27. cryptsetup-luks ........................................................................................................ 32
1.27.1. RHBA-2009:1349: bug fix update ................................................................... 32
1.28. cscope .................................................................................................................... 32
1.28.1. RHSA-2009:1102: Moderate security update .................................................. 32
1.29. cups ....................................................................................................................... 33
1.29.1. RHBA-2009:1360: bug fix update .................................................................... 33
1.29.2. RHSA-2009:1082: Important security update .................................................. 34
1.29.3. RHSA-2009:0429: Important security update .................................................. 34
1.30. curl ......................................................................................................................... 36
1.30.1. RHSA-2009:1209: Moderate security update .................................................. 36
1.30.2. RHSA-2009:0341: Moderate security update .................................................. 36
1.31. cvs ......................................................................................................................... 37
1.31.1. RHBA-2009:1370: bug fix update ................................................................... 37
1.32. cyrus-imapd ............................................................................................................ 37
1.32.1. RHSA-2009:1116: Important security update .................................................. 37
1.32.2. RHBA-2009:1120: bug fix update ................................................................... 38
1.33. cyrus-sasl ............................................................................................................... 38
1.33.1. RHBA-2009:1330: bug fix update ................................................................... 38
1.34. db4 ......................................................................................................................... 39
1.34.1. RHBA-2009:0390: bug fix update ................................................................... 39
1.35. device-mapper ........................................................................................................ 39
1.35.1. RHBA-2009:1392: bug-fix and enhancement update ....................................... 39
1.36. device-mapper-multipath .......................................................................................... 40
1.36.1. RHBA-2009:0432: bug fix update ................................................................... 40
1.36.2. RHSA-2009:0411: Moderate security update .................................................. 41
1.36.3. RHBA-2009:0283: bug fix update ................................................................... 41
1.36.4. RHEA-2009:1377: bug-fix and enhancement update ....................................... 42
1.37. dhcp ....................................................................................................................... 43
1.37.1. RHBA-2009:1331: bug fix update ................................................................... 43
1.38. dhcpv6 .................................................................................................................... 44
1.38.1. RHBA-2009:1409: bug fix update ................................................................... 44
1.39. dmidecode .............................................................................................................. 44
1.39.1. RHBA-2009:1324: enhancement update ......................................................... 44
1.40. dmraid .................................................................................................................... 45
Page 5
v
1.40.1. RHBA-2009:1347: bug-fix and enhancement update ....................................... 45
1.41. dos2unix ................................................................................................................. 46
1.41.1. RHBA-2009:0276: bug fix update ................................................................... 46
1.42. dump ...................................................................................................................... 46
1.42.1. RHBA-2009:0425: bug fix update ................................................................... 46
1.43. dvd+rw-tools ........................................................................................................... 47
1.43.1. RHBA-2009:1072: bug fix update ................................................................... 47
1.44. e2fsprogs ................................................................................................................ 48
1.44.1. RHBA-2009:1291: bug fix and enhancement update ....................................... 48
1.45. e4fsprogs ................................................................................................................. 48
1.45.1. RHBA-2009:1413: bug fix update .................................................................... 48
1.46. ecryptfs-utils ............................................................................................................ 49
1.46.1. RHSA-2009:1307: Low security, bug fix, and enhancement update ................... 49
1.47. efax ........................................................................................................................ 51
1.47.1. RHBA-2009:1113: bug fix update ................................................................... 51
1.48. esc ......................................................................................................................... 51
1.48.1. RHBA-2009:1310: bug fix update ................................................................... 51
1.49. ethtool .................................................................................................................... 52
1.49.1. RHEA-2009:1408: enhancement update ......................................................... 52
1.50. evince ..................................................................................................................... 52
1.50.1. RHBA-2009:1404: bug fix update ................................................................... 52
1.51. evolution ................................................................................................................. 52
1.51.1. RHBA-2009:1260: bug fix update ................................................................... 52
1.52. evolution-connector ................................................................................................. 54
1.52.1. RHBA-2009:1261: bug fix update ................................................................... 54
1.53. evolution-data-server ............................................................................................... 55
1.53.1. RHSA-2009:0354: Moderate security update .................................................. 55
1.53.2. RHBA-2009:1259: bug fix update ................................................................... 55
1.54. file .......................................................................................................................... 57
1.54.1. RHBA-2009:0456: bug fix update ................................................................... 57
1.55. findutils ................................................................................................................... 57
1.55.1. RHEA-2009:1410: enhancement update ......................................................... 57
1.56. fipscheck ................................................................................................................ 57
1.56.1. RHEA-2009:1266: enhancement update ......................................................... 57
1.57. firefox ..................................................................................................................... 58
1.57.1. RHSA-2009:1162: Critical security update ...................................................... 58
1.57.2. RHSA-2009:1095: Critical security update ...................................................... 59
1.57.3. RHSA-2009:0449: Critical security update ...................................................... 60
1.57.4. RHSA-2009:0436: Critical security update ...................................................... 60
1.57.5. RHSA-2009:0397: Critical security update ...................................................... 61
1.57.6. RHSA-2009:0315: Critical security update ...................................................... 62
1.57.7. RHSA-2009:0256: Critical security update ...................................................... 63
1.58. flash-plugin ............................................................................................................. 64
1.58.1. RHSA-2009:1188: Critical security update ...................................................... 64
1.58.2. RHSA-2009:0332: Critical security update ...................................................... 64
1.59. foomatic .................................................................................................................. 65
1.59.1. RHBA-2009:1240: bug fix update ................................................................... 65
1.60. freetype .................................................................................................................. 66
1.60.1. RHSA-2009:1061: Important security update .................................................. 66
1.61. gcc ......................................................................................................................... 66
1.61.1. RHBA-2009:1376: bug fix update ................................................................... 66
Page 6
Technical Notes
vi
1.62. gcc44 ..................................................................................................................... 67
1.62.1. RHBA-2009:1375: bug fix and enhancement update ....................................... 67
1.63. gdb ......................................................................................................................... 68
1.63.1. RHBA-2009:1361: bug fix update ................................................................... 68
1.64. gdm ........................................................................................................................ 69
1.64.1. RHSA-2009:1364: Low security and bug fix update ......................................... 69
1.65. gfs-kmod ................................................................................................................. 70
1.65.1. RHBA-2009:1212: bug-fix update ................................................................... 70
1.65.2. RHBA-2009:1338: bug-fix update ................................................................... 70
1.66. gfs-utils ................................................................................................................... 71
1.66.1. RHBA-2009:1336: bug fix update ................................................................... 71
1.67. gfs2-utils ................................................................................................................. 71
1.67.1. RHBA-2009:0477: bug fix update ................................................................... 71
1.67.2. RHBA-2009:0418: bug fix update ................................................................... 72
1.67.3. RHBA-2009:0280: bug fix update ................................................................... 72
1.67.4. RHSA-2009:1337: Low security and bug fix update ......................................... 72
1.68. ghostscript .............................................................................................................. 74
1.68.1. RHSA-2009:0421: Moderate security update .................................................. 74
1.68.2. RHSA-2009:0345: Moderate security update .................................................. 74
1.68.3. RHBA-2009:1257: bug fix update ................................................................... 75
1.69. giflib ....................................................................................................................... 76
1.69.1. RHSA-2009:0444: Important security update .................................................. 76
1.70. glib2 ....................................................................................................................... 76
1.70.1. RHSA-2009:0336: Moderate security update .................................................. 76
1.71. glibc ....................................................................................................................... 77
1.71.1. RHBA-2009:1415: bug fix and enhancement update ........................................ 77
1.71.2. RHBA-2009:1202: bug fix update ................................................................... 80
1.72. gnome-python2-desktop ........................................................................................... 80
1.72.1. RHBA-2009:0405: bug fix update ................................................................... 80
1.73. gnome-session ........................................................................................................ 81
1.73.1. RHBA-2009:1079: bug fix update ................................................................... 81
1.74. grep ........................................................................................................................ 81
1.74.1. RHBA-2009:0481: bug fix update ................................................................... 81
1.75. grub ........................................................................................................................ 82
1.75.1. RHBA-2009:1388: bug fix and enhancement update ....................................... 82
1.76. gstreamer-plugins-base ............................................................................................ 82
1.76.1. RHSA-2009:0352: Moderate security update .................................................. 82
1.77. gstreamer-plugins-good ........................................................................................... 83
1.77.1. RHSA-2009:1123: Moderate security update .................................................. 83
1.77.2. RHSA-2009:0271: Important security update .................................................. 83
1.78. gtk-vnc .................................................................................................................... 84
1.78.1. RHBA-2009:1301: bug fix update ................................................................... 84
1.79. hal ........................................................................................................................... 84
1.79.1. RHBA-2009:1359: bug fix and enhancement update ........................................ 84
1.80. htdig ....................................................................................................................... 85
1.80.1. RHBA-2009:0291: bug fix update ................................................................... 85
1.81. httpd ....................................................................................................................... 86
1.81.1. RHSA-2009:1148: Important security update .................................................. 86
1.81.2. RHSA-2009:1075: Moderate security update .................................................. 87
1.81.3. RHBA-2009:1380: bug fix update ................................................................... 87
1.82. hwbrowser .............................................................................................................. 89
Page 7
vii
1.82.1. RHBA-2009:0277: bug fix update ................................................................... 89
1.83. hwdata .................................................................................................................... 89
1.83.1. RHEA-2009:1348: enhancement update ......................................................... 89
1.84. ia32el ..................................................................................................................... 90
1.84.1. RHBA-2009:1271: bug fix and enhancement update ....................................... 90
1.85. icu .......................................................................................................................... 90
1.85.1. RHSA-2009:1122: Moderate security update .................................................. 90
1.85.2. RHSA-2009:0296: Moderate security update .................................................. 91
1.86. initscripts ................................................................................................................ 91
1.86.1. RHBA-2009:1344: bug fix update .................................................................... 91
1.87. iptables .................................................................................................................... 93
1.87.1. RHBA-2009:1414: bug fix and enhancement update ........................................ 93
1.88. iproute .................................................................................................................... 94
1.88.1. RHBA-2009:0404: bug fix update ................................................................... 94
1.89. iprutils ..................................................................................................................... 94
1.89.1. RHBA-2009:1246: bug fix and enhancement update ....................................... 94
1.90. ipsec-tools .............................................................................................................. 95
1.90.1. RHSA-2009:1036: Important security update .................................................. 95
1.91. iputils ...................................................................................................................... 95
1.91.1. RHBA-2009:1090: bug fix update ................................................................... 95
1.92. ipvsadm .................................................................................................................. 96
1.92.1. RHBA-2009:1398: bug fix update ................................................................... 96
1.93. irqbalance ............................................................................................................... 96
1.93.1. RHBA-2009:1265: bug fix update ................................................................... 96
1.94. iscsi-initiator-utils ..................................................................................................... 97
1.94.1. RHBA-2009:1099: bug fix update ................................................................... 97
1.94.2. RHBA-2009:1368: bug fix update ................................................................... 97
1.95. isdn4k-utils .............................................................................................................. 98
1.95.1. RHBA-2009:1112: bug fix update ................................................................... 98
1.96. iwl3945-firmware ..................................................................................................... 99
1.96.1. RHEA-2009:1253: enhancement update ......................................................... 99
1.97. iwl4965-firmware ..................................................................................................... 99
1.97.1. RHEA-2009:1252: enhancement update ......................................................... 99
1.98. jadetex .................................................................................................................. 100
1.98.1. RHBA-2009:0378: bug fix update ................................................................. 100
1.99. java-1.4.2-ibm ........................................................................................................ 100
1.99.1. RHSA-2009:0445: Critical security update .................................................... 100
1.100. java-1.5.0-ibm ...................................................................................................... 101
1.100.1. RHEA-2009:1208: enhancement update ..................................................... 101
1.100.2. RHSA-2009:1038: Critical security update ................................................... 102
1.101. java-1.5.0-sun ...................................................................................................... 103
1.101.1. RHSA-2009:1199: Critical security update ................................................... 103
1.101.2. RHSA-2009:0394: Critical security update ................................................... 103
1.102. java-1.6.0-ibm ...................................................................................................... 104
1.102.1. RHSA-2009:1198: Critical security update ................................................... 104
1.102.2. RHSA-2009:0369: Critical security update ................................................... 105
1.103. java-1.6.0-openjdk ............................................................................................... 106
1.103.1. RHSA-2009:1201: Important security and bug fix update .............................. 106
1.103.2. RHSA-2009:0377: Important security update ............................................... 107
1.104. java-1.6.0-sun ...................................................................................................... 109
1.104.1. RHSA-2009:1200: Critical security update ................................................... 109
Page 8
Technical Notes
viii
1.104.2. RHBA-2009:1093: bug fix update ............................................................... 110
1.104.3. RHSA-2009:0392: Critical security update ................................................... 110
1.104.4. RHEA-2009:0284: enhancement update ..................................................... 111
1.105. kdebase .............................................................................................................. 111
1.105.1. RHBA-2009:1277: bug fix update ............................................................... 111
1.106. kdegraphics ......................................................................................................... 112
1.106.1. RHSA-2009:1130: Critical security update ................................................... 112
1.106.2. RHSA-2009:0431: Important security update ............................................... 113
1.107. kdelibs ................................................................................................................ 114
1.107.1. RHSA-2009:1127: Critical security update ................................................... 114
1.108. kdenetwork .......................................................................................................... 114
1.108.1. RHBA-2009:0452: bug fix update ............................................................... 114
1.109. kdepim ................................................................................................................ 115
1.109.1. RHBA-2009:1057: bug fix update ............................................................... 115
1.110. kernel .................................................................................................................. 115
1.110.1. RHSA-2009:1193: Important security and bug fix update .............................. 115
1.110.2. RHBA-2009:1151: bug fix update ............................................................... 117
1.110.3. RHBA-2009:1133: bug fix update ............................................................... 118
1.110.4. RHSA-2009:1106: Important security and bug fix update .............................. 118
1.110.5. RHSA-2009:0473: Important security and bug fix update .............................. 120
1.110.6. RHSA-2009:0326: Important security and bug fix update .............................. 122
1.110.7. RHSA-2009:0264: Important security update ............................................... 123
1.110.8. RHSA-2009:1222: Important security and bug fix update .............................. 125
1.110.9. RHSA-2009:1243 ....................................................................................... 125
1.111. kexec-tools .......................................................................................................... 141
1.111.1. RHBA-2009:0467: bug fix update ............................................................... 141
1.111.2. RHBA-2009:0048: bug fix update ............................................................... 142
1.111.3. RHBA-2009:1258: bug fix and enhancement update .................................... 142
1.112. krb5 .................................................................................................................... 143
1.112.1. RHSA-2009:0408: Important security update ............................................... 143
1.112.2. RHBA-2009:1378: bug fix and enhancement update .................................... 144
1.113. ksh ..................................................................................................................... 145
1.113.1. RHBA-2009:1165: bug fix update ............................................................... 145
1.113.2. RHBA-2009:1256: bug fix update ............................................................... 145
1.114. lcms .................................................................................................................... 146
1.114.1. RHSA-2009:0339: Moderate security update ............................................... 146
1.115. less ..................................................................................................................... 147
1.115.1. RHBA-2009:0413: bug fix update ............................................................... 147
1.116. lftp ...................................................................................................................... 147
1.116.1. RHSA-2009:1278: Low security and bug fix update ..................................... 147
1.117. libX11 ................................................................................................................. 149
1.117.1. RHEA-2009:1332: enhancement update ..................................................... 149
1.118. libdhcp ................................................................................................................ 149
1.118.1. RHBA-2009:1333: bug fix update ............................................................... 149
1.119. libgcrypt .............................................................................................................. 150
1.119.1. RHEA-2009:1264: enhancement update ..................................................... 150
1.120. libpng .................................................................................................................. 150
1.120.1. RHSA-2009:0333: Moderate security update ............................................... 150
1.121. libsemanage ........................................................................................................ 151
1.121.1. RHBA-2009:1298: bug fix update ............................................................... 151
1.122. libsepol ............................................................................................................... 151
Page 9
ix
1.122.1. RHBA-2009:1273: bug fix update ............................................................... 151
1.123. libsoup ................................................................................................................ 152
1.123.1. RHSA-2009:0344: Moderate security update ............................................... 152
1.124. libspe2 ................................................................................................................ 152
1.124.1. RHBA-2009:1263: bug fix and enhancement update .................................... 152
1.125. libtiff .................................................................................................................... 153
1.125.1. RHSA-2009:1159: Moderate security update ............................................... 153
1.126. libunwind ............................................................................................................. 154
1.126.1. RHBA-2009:0464: bug fix update ............................................................... 154
1.127. libvirt ................................................................................................................... 154
1.127.1. RHSA-2009:0382: Moderate security update ............................................... 154
1.127.2. RHEA-2009:1269: bug fix and enhancement update .................................... 155
1.128. libvirt-cim ............................................................................................................. 156
1.128.1. RHEA-2009:1270: bug fix and enhancement update .................................... 156
1.129. libvorbis .............................................................................................................. 157
1.129.1. RHSA-2009:1219: Important security update ............................................... 157
1.130. libwmf ................................................................................................................. 158
1.130.1. RHSA-2009:0457: Moderate security update ............................................... 158
1.131. libxml .................................................................................................................. 158
1.131.1. RHSA-2009:1206: Moderate and libxml2 security update ............................. 158
1.132. linuxwacom ......................................................................................................... 159
1.132.1. RHEA-2009:1384: enhancement update ..................................................... 159
1.133. lksctp-tools .......................................................................................................... 159
1.133.1. RHBA-2009:0412: bug fix update ............................................................... 159
1.134. ltrace .................................................................................................................. 160
1.134.1. RHBA-2009:0380: bug fix update ............................................................... 160
1.135. lvm2 .................................................................................................................... 161
1.135.1. RHBA-2009:1393: bug-fix and enhancement update .................................... 161
1.136. lvm2-cluster ......................................................................................................... 163
1.136.1. RHBA-2009:1394: bug-fix and enhancement update .................................... 163
1.137. m2crypto ............................................................................................................. 163
1.137.1. RHBA-2009:1351: bug fix update ............................................................... 163
1.138. man-pages-ja ...................................................................................................... 164
1.138.1. RHBA-2009:0483: bug fix update ............................................................... 164
1.139. mcelog ................................................................................................................ 165
1.139.1. RHBA-2009:1374: bug fix and enhancement update .................................... 165
1.140. mdadm ................................................................................................................ 165
1.140.1. RHBA-2009:1382: bug fix and enhancement update .................................... 165
1.141. microcode_ctl ...................................................................................................... 166
1.141.1. RHEA-2009:1363: enhancement update ..................................................... 166
1.142. mkinitrd ............................................................................................................... 167
1.142.1. RHBA-2009:1088: bug fix update ............................................................... 167
1.142.2. RHBA-2009:1345: bug fix and enhancement update .................................... 167
1.143. mlocate ............................................................................................................... 167
1.143.1. RHBA-2009:1251: bug fix update ............................................................... 167
1.144. mod_auth_mysql ................................................................................................. 168
1.144.1. RHSA-2009:0259: Moderate security update ............................................... 168
1.145. mod_authz_ldap .................................................................................................. 169
1.145.1. RHBA-2009:0305: bug fix update ............................................................... 169
1.146. mod_nss ............................................................................................................. 169
1.146.1. RHEA-2009:0403: enhancement update ..................................................... 169
Page 10
Technical Notes
x
1.146.2. RHBA-2009:1365: bug fix update ............................................................... 169
1.147. module-init-tools .................................................................................................. 170
1.147.1. RHBA-2009:1362: bug fix update ............................................................... 170
1.148. mysql .................................................................................................................. 171
1.148.1. RHSA-2009:1289: Moderate security and bug fix update .............................. 171
1.149. mysql-connector-odbc .......................................................................................... 173
1.149.1. RHBA-2009:1290: bug fix update ............................................................... 173
1.150. nautilus-sendto .................................................................................................... 173
1.150.1. RHBA-2008:0916: bug fix and enhancement update .................................... 173
1.151. net-snmp ............................................................................................................. 174
1.151.1. RHBA-2009:1215: bug fix update ............................................................... 174
1.151.2. RHBA-2009:1069: bug fix update ............................................................... 174
1.151.3. RHBA-2009:1372: enhancement and bug fix update .................................... 175
1.152. netpbm ................................................................................................................ 176
1.152.1. RHSA-2009:0012: Moderate security update ............................................... 176
1.152.2. RHBA-2009:1268: bug fix update ............................................................... 176
1.153. nfs-utils ............................................................................................................... 177
1.153.1. RHSA-2009:1321: Low security and bug fix update ..................................... 177
1.154. nfs-utils-lib ........................................................................................................... 178
1.154.1. RHBA-2009:1250: bug fix update ............................................................... 178
1.155. nfs4-acl-tools ....................................................................................................... 178
1.155.1. RHEA-2009:1407: enhancement update ..................................................... 178
1.156. nspr and nss ....................................................................................................... 179
1.156.1. RHSA-2009:1186: Critical security, bug fix, and enhancement update ........... 179
1.156.2. RHBA-2009:1161: bug fix and enhancement update .................................... 180
1.157. nss_ldap ............................................................................................................. 181
1.157.1. RHBA-2009:1379: bug fix update ............................................................... 181
1.158. ntp ...................................................................................................................... 182
1.158.1. RHSA-2009:1039: Important security update ............................................... 182
1.158.2. RHSA-2009:0046: Moderate security update ............................................... 182
1.159. numactl ............................................................................................................... 183
1.159.1. RHBA-2009:0389: bug fix update ............................................................... 183
1.160. openais ............................................................................................................... 183
1.160.1. RHBA-2009:1191: bug-fix update ............................................................... 183
1.160.2. RHBA-2009:1104: bug-fix update ............................................................... 184
1.160.3. RHBA-2009:0417: bug fix update ............................................................... 184
1.160.4. RHBA-2009:1366: bug-fix and enhancement update .................................... 185
1.161. openhpi ............................................................................................................... 186
1.161.1. RHEA-2009:1279: enhancement update ..................................................... 186
1.162. openib ................................................................................................................. 188
1.162.1. RHBA-2009:1304: bug fix update ............................................................... 188
1.163. openoffice.org ...................................................................................................... 189
1.163.1. RHBA-2009:1248: bug fix update ............................................................... 189
1.164. openssh .............................................................................................................. 191
1.164.1. RHSA-2009:1287: Low security, bug fix, and enhancement update ............... 191
1.165. openssl ............................................................................................................... 192
1.165.1. RHSA-2009:1335: Moderate security, bug fix, and enhancement update ....... 192
1.166. openswan ............................................................................................................ 193
1.166.1. RHSA-2009:1138: Important security update ............................................... 193
1.166.2. RHSA-2009:0402: Important security update ............................................... 194
1.166.3. RHEA-2009:1350: bug fix update ............................................................... 194
Page 11
xi
1.167. oprofile ................................................................................................................ 196
1.167.1. RHBA-2009:1322: bug fix and enhancement update .................................... 196
1.168. pam .................................................................................................................... 196
1.168.1. RHBA-2009:1358: bug fix and enhancement update .................................... 196
1.169. pango ................................................................................................................. 198
1.169.1. RHSA-2009:0476: Important security update ............................................... 198
1.169.2. RHBA-2009:1395: bug fix update ............................................................... 198
1.170. pciutils ................................................................................................................ 199
1.170.1. RHBA-2009:1110: bug fix update ............................................................... 199
1.171. perl ..................................................................................................................... 199
1.171.1. RHBA-2009:0406: bug fix update ............................................................... 199
1.171.2. RHBA-2009:1244: bug fix and enhancement update .................................... 199
1.172. perl-DBD-Pg ........................................................................................................ 200
1.172.1. RHSA-2009:0479: Moderate security update ............................................... 200
1.173. php ..................................................................................................................... 201
1.173.1. RHSA-2009:0338: Moderate security update ............................................... 201
1.174. php-pear ............................................................................................................. 202
1.174.1. RHBA-2009:1071: bug fix update ............................................................... 202
1.175. pidgin .................................................................................................................. 203
1.175.1. RHSA-2009:1218: Critical security update ................................................... 203
1.175.2. RHSA-2009:1139: Moderate security and bug fix update .............................. 203
1.175.3. RHBA-2009:0407: bug fix update ............................................................... 204
1.176. piranha ................................................................................................................ 205
1.176.1. RHBA-2009:1396: bug-fix update ............................................................... 205
1.177. policycoreutils ...................................................................................................... 206
1.177.1. RHBA-2009:1292: bug fix update ............................................................... 206
1.178. poppler ................................................................................................................ 206
1.178.1. RHSA-2009:0480: Important security update ............................................... 206
1.179. ppc64-utils ........................................................................................................... 207
1.179.1. RHEA-2009:1247: enhancement update ..................................................... 207
1.180. psmisc ................................................................................................................ 208
1.180.1. RHBA-2009:0439: bug fix update ............................................................... 208
1.181. pykickstart ........................................................................................................... 208
1.181.1. RHBA-2009:1387: bug fix update ............................................................... 208
1.182. pyorbit ................................................................................................................. 209
1.182.1. RHBA-2009:1056: bug fix update ............................................................... 209
1.183. python ................................................................................................................. 209
1.183.1. RHSA-2009:1176: Moderate security update ............................................... 209
1.183.2. RHBA-2009:1402: bug fix update ............................................................... 210
1.184. python-pyblock .................................................................................................... 211
1.184.1. RHBA-2009:1319: bug fix update ............................................................... 211
1.185. python-virtinst ...................................................................................................... 211
1.185.1. RHBA-2009:1412:bug fix and enhancement update ..................................... 211
1.186. resktop ................................................................................................................. 212
1.186.1. RHEA-2009:1417: bug fix and enhancement update ..................................... 212
1.187. readline ............................................................................................................... 213
1.187.1. RHBA-2009:1078: bug fix update ............................................................... 213
1.188. redhat-release ..................................................................................................... 213
1.188.1. RHEA-2009:1400: bug fix and enhancement update .................................... 213
1.189. redhat-release-notes ............................................................................................ 214
1.189.1. RHEA-2009:1385: enhancement update ..................................................... 214
Page 12
Technical Notes
xii
1.190. redhat-rpm-config ................................................................................................. 214
1.190.1. RHBA-2009:1089: bug fix update ............................................................... 214
1.191. rgmanager ........................................................................................................... 214
1.191.1. RHBA-2009:1196: bug-fix update ............................................................... 214
1.191.2. RHBA-2009:0415: bug fix update ............................................................... 215
1.191.3. RHSA-2009:1339: Low security, bug fix, and enhancement update ............... 215
1.192. rhn-client-tools ..................................................................................................... 217
1.192.1. RHBA-2009:1354: bug fix and enhancement update .................................... 217
1.193. rhnlib .................................................................................................................. 218
1.193.1. RHBA-2009:1353: bug fix and enhancement update .................................... 218
1.194. rhnsd .................................................................................................................. 219
1.194.1. RHBA-2009:1356: bug fix update ............................................................... 219
1.195. rpm ..................................................................................................................... 219
1.195.1. RHBA-2009:1371: bug fix update ............................................................... 219
1.196. rsh ...................................................................................................................... 220
1.196.1. RHBA-2009:0423: bug fix update ............................................................... 220
1.197. rt61pci-firmware ................................................................................................... 221
1.197.1. RHEA-2009:1255: enhancement update ..................................................... 221
1.198. rt73usb-firmware .................................................................................................. 221
1.198.1. RHEA-2009:1254: enhancement update ..................................................... 221
1.199. ruby .................................................................................................................... 221
1.199.1. RHSA-2009:1140: Moderate security update ............................................... 221
1.200. s390utils .............................................................................................................. 222
1.200.1. RHBA-2009:1311: bug fix and enhancement update .................................... 222
1.201. samba ................................................................................................................. 223
1.201.1. RHBA-2009:1150: bug fix update ............................................................... 223
1.201.2. RHBA-2009:1416: bug fix update ................................................................ 223
1.202. sblim ................................................................................................................... 224
1.202.1. RHBA-2009:1267: bug fix update ............................................................... 224
1.203. scim-bridge .......................................................................................................... 225
1.203.1. RHBA-2009:0426: bug fix update ............................................................... 225
1.204. selinux-policy ....................................................................................................... 225
1.204.1. RHBA-2009:1242 ....................................................................................... 225
1.205. setroubleshoot ..................................................................................................... 227
1.205.1. RHBA-2009:1080: bug fix update ............................................................... 227
1.206. setup .................................................................................................................. 228
1.206.1. RHBA-2009:0484: bug fix and enhancement update .................................... 228
1.207. sg3_utils .............................................................................................................. 229
1.207.1. RHBA-2009:1357: bug fix and enhancement update .................................... 229
1.208. sos ..................................................................................................................... 230
1.208.1. RHBA-2009:0461: bug fix and enhancement update .................................... 230
1.208.2. RHBA-2009:1418: bugfix and enhancement update ...................................... 231
1.209. sqlite ................................................................................................................... 234
1.209.1. RHBA-2009:0441: bug fix update ............................................................... 234
1.210. squirrelmail .......................................................................................................... 234
1.210.1. RHSA-2009:1066: Important security update ............................................... 234
1.211. strace .................................................................................................................. 235
1.211.1. RHBA-2009:0309: bug fix update ............................................................... 235
1.211.2. RHBA-2009:0017: bug fix update ............................................................... 236
1.211.3. RHBA-2009:1317: bug fix update ............................................................... 236
1.212. subversion ........................................................................................................... 237
Page 13
xiii
1.212.1. RHSA-2009:1203: Important security update ............................................... 237
1.213. sudo ................................................................................................................... 237
1.213.1. RHSA-2009:0267: Moderate security update ............................................... 237
1.213.2. RHBA-2009:0438: bug fix update ............................................................... 238
1.214. system-config-cluster ........................................................................................... 238
1.214.1. RHBA-2009:1401: bug-fix and enhancement update .................................... 238
1.215. system-config-date ............................................................................................... 239
1.215.1. RHBA-2009:0279: bug fix update ............................................................... 239
1.216. system-config-language ........................................................................................ 239
1.216.1. RHBA-2009:1074: bug fix update ............................................................... 239
1.217. system-config-network .......................................................................................... 240
1.217.1. RHBA-2009:1352: bug fix and enhancement update .................................... 240
1.218. system-config-samba ........................................................................................... 240
1.218.1. RHBA-2009:1329: bug fix update ............................................................... 240
1.219. systemtap ............................................................................................................ 241
1.219.1. RHSA-2009:0373: Moderate security update ............................................... 241
1.219.2. RHBA-2009:1313: bug fix and enhancement update ..................................... 242
1.220. tcl ....................................................................................................................... 243
1.220.1. RHBA-2009:0414: bug fix update ............................................................... 243
1.221. tcp_wrappers ....................................................................................................... 244
1.221.1. RHBA-2009:0453: bug fix update ............................................................... 244
1.222. tetex ................................................................................................................... 244
1.222.1. RHBA-2009:1118: bug fix update ............................................................... 244
1.223. tftp ...................................................................................................................... 245
1.223.1. RHEA-2009:1274: enhancement update ..................................................... 245
1.224. thunderbird .......................................................................................................... 245
1.224.1. RHSA-2009:1126: Moderate security update ............................................... 245
1.224.2. RHSA-2009:0258: Moderate security update ............................................... 246
1.225. tog-pegasus ........................................................................................................ 247
1.225.1. RHBA-2009:1286: bug fix and enhancement update .................................... 247
1.226. tomcat ................................................................................................................. 248
1.226.1. RHSA-2009:1164: Important security update ............................................... 248
1.227. totem .................................................................................................................. 249
1.227.1. RHBA-2009:1288: bug fix update ............................................................... 249
1.228. tzdata .................................................................................................................. 249
1.228.1. RHEA-2009:1214: enhancement update ..................................................... 249
1.228.2. RHEA-2009:1105: enhancement update ..................................................... 250
1.228.3. RHEA-2009:0422: enhancement update ..................................................... 250
1.229. udev ................................................................................................................... 251
1.229.1. RHSA-2009:0427: Important security update ............................................... 251
1.229.2. RHBA-2009:1346: bug fix and enhancement update .................................... 251
1.230. unix2dos ............................................................................................................. 252
1.230.1. RHBA-2009:0294: bug fix update ............................................................... 252
1.231. util-linux .............................................................................................................. 252
1.231.1. RHBA-2009:1405: bug fix update ............................................................... 252
1.232. vim ..................................................................................................................... 253
1.232.1. RHBA-2009:1117: bug fix update ............................................................... 253
1.233. vino .................................................................................................................... 253
1.233.1. RHEA-2009:1121: enhancement update ..................................................... 253
1.234. virt-manager ........................................................................................................ 254
1.234.1. RHBA-2009:1285: enhancement and bug fix update .................................... 254
Page 14
Technical Notes
xiv
1.235. virt-viewer ............................................................................................................ 255
1.235.1. RHBA-2009:1299: bug fix update ............................................................... 255
1.236. vnc ..................................................................................................................... 256
1.236.1. RHSA-2009:0261: Moderate security update ............................................... 256
1.237. vsftpd .................................................................................................................. 256
1.237.1. RHBA-2009:1068: bug fix update ............................................................... 256
1.237.2. RHBA-2009:1282: bug fix update ............................................................... 257
1.238. watchdog ............................................................................................................ 258
1.238.1. RHEA-2009:1327: enhancement update ..................................................... 258
1.239. wdaemon ............................................................................................................ 258
1.239.1. RHBA-2009:1111: bug fix update ............................................................... 258
1.240. wget .................................................................................................................... 259
1.240.1. RHBA-2009:1280: bug fix update ............................................................... 259
1.241. wireshark ............................................................................................................ 259
1.241.1. RHSA-2009:1100: Moderate security update ............................................... 259
1.241.2. RHSA-2009:0313: Moderate security update ............................................... 260
1.242. xen ..................................................................................................................... 261
1.242.1. RHBA-2009:1092: bug fix update ............................................................... 261
1.242.2. RHBA-2009:0401: bug fix update ............................................................... 261
1.242.3. RHBA-2009:1328: bug fix and enhancement update .................................... 262
1.243. xkeyboard-config ................................................................................................. 264
1.243.1. RHEA-2009:1369: bug fix and enhancement update .................................... 264
1.244. xorg-x11-drv-ati ..................................................................................................... 264
1.244.1. RHBA-2009:1343: bug fix and enhancement update ..................................... 264
1.245. xorg-x11-drv-i810 ................................................................................................. 265
1.245.1. RHBA-2009:1391: bug fix and enhancement update .................................... 265
1.246. xorg-x11-drv-mga ................................................................................................. 266
1.246.1. RHBA-2009:1390: bug fix update ............................................................... 266
1.247. xorg-x11-drv-nv ................................................................................................... 267
1.247.1. RHEA-2009:1342: enhancement update ..................................................... 267
1.248. xorg-x11-proto-devel ............................................................................................ 267
1.248.1. RHEA-2009:1411: enhancement update ..................................................... 267
1.249. xorg-x11-server ..................................................................................................... 267
1.249.1. RHBA-2009:1373: bug fix and enhancement update ..................................... 267
1.250. yaboot ................................................................................................................. 268
1.250.1. RHBA-2009:1386: bug fix and enhancement update .................................... 268
1.251. ypbind ................................................................................................................. 269
1.251.1. RHBA-2009:0462: bug fix update ............................................................... 269
1.252. yum .................................................................................................................... 269
1.252.1. RHBA-2009:1142: bug fix update ............................................................... 269
1.252.2. RHBA-2009:1419: bug fix update ................................................................ 269
1.253. yum-metadata-parser ........................................................................................... 272
1.253.1. RHBA-2009:0440: bug fix update ............................................................... 272
1.254. yum-rhn-plugin ..................................................................................................... 273
1.254.1. RHBA-2009:1355: bug fix and enhancement update .................................... 273
1.255. zsh ..................................................................................................................... 274
1.255.1. RHBA-2009:0463: bug fix update ............................................................... 274
2. New Packages 275
2.1. RHEA-2009:1284: blktrace ....................................................................................... 275
2.2. RHEA-2009:1325: celt051 ........................................................................................ 275
2.3. RHEA-2009:1383: ctdb ............................................................................................ 275
Page 15
xv
2.4. RHEA-2009:1276: etherboot .................................................................................... 275
2.5. RHEA-2009:1318: fcoe-utils ..................................................................................... 276
2.6. RHEA-2009:1320: fuse ............................................................................................ 276
2.7. RHEA-2009:1297: gnupg2 ....................................................................................... 277
2.8. RHEA-2009:1281: hmaccalc .................................................................................... 277
2.9. RHEA-2009:1275: iasl ............................................................................................. 277
2.10. RHEA-2009:1272: kvm .......................................................................................... 277
2.11. RHEA-2009:1296: libassuan ................................................................................... 278
2.12. RHEA-2009:1314: libhbaapi ................................................................................... 278
2.13. RHEA-2009:1316: libhbalinux ................................................................................. 278
2.14. RHEA-2009:1295: libksba ...................................................................................... 279
2.15. RHEA-2009:1315: libpciaccess ............................................................................... 279
2.16. RHEA-2009:1326: log4cpp ..................................................................................... 279
2.17. RHEA-2009:1245: pdksh ........................................................................................ 279
2.18. RHEA-2009:1302: perl-Sys-Virt .............................................................................. 280
2.19. RHEA-2009:1293: pinentry ..................................................................................... 280
2.20. RHEA-2009:1294: pth ............................................................................................ 280
2.21. RHEA-2009:1309: qcairo ........................................................................................ 281
2.22. RHBA-2009:1323: qffmpeg ..................................................................................... 281
2.23. RHEA-2009:1305: qpixman .................................................................................... 281
2.24. RHEA-2009:1334: qspice ....................................................................................... 282
2.25. RHEA-2009:1399: samba3x ................................................................................... 282
2.26. RHEA-2009:1308: xorg-x11-drv-qxl ......................................................................... 282
2.27. RHEA-2009:1406: xorg-x11-xdm ............................................................................ 282
3. Technology Previews 283
4. Known Issues 289
4.1. anaconda ................................................................................................................. 289
4.2. cmirror ..................................................................................................................... 291
4.3. compiz ..................................................................................................................... 291
4.4. device-mapper-multipath ........................................................................................... 291
4.5. dmraid ..................................................................................................................... 292
4.6. dogtail ...................................................................................................................... 294
4.7. firstboot .................................................................................................................... 294
4.8. gfs2-utils .................................................................................................................. 294
4.9. gnome-volume-manager ............................................................................................ 295
4.10. initscripts ................................................................................................................ 295
4.11. iscsi-initiator-utils ..................................................................................................... 295
4.12. kernel-xen .............................................................................................................. 296
4.13. kernel ..................................................................................................................... 298
4.14. kexec-tools ............................................................................................................. 302
4.15. krb5 ....................................................................................................................... 303
4.16. kvm ........................................................................................................................ 303
4.17. less ........................................................................................................................ 306
4.18. libvirt-cim ................................................................................................................ 306
4.19. libvirt ...................................................................................................................... 307
4.20. lvm2 ....................................................................................................................... 307
4.21. mesa ...................................................................................................................... 307
4.22. mkinitrd .................................................................................................................. 307
4.23. openib .................................................................................................................... 308
4.24. openmpi ................................................................................................................. 308
Page 16
Technical Notes
xvi
4.25. pdksh ..................................................................................................................... 309
4.26. qspice .................................................................................................................... 309
4.27. rsyslog ................................................................................................................... 309
4.28. sblim ...................................................................................................................... 310
4.29. selinux-policy .......................................................................................................... 310
4.30. systemtap ............................................................................................................... 311
4.31. udev ....................................................................................................................... 312
4.32. virt-manager ........................................................................................................... 312
4.33. virtio-win ................................................................................................................. 312
4.34. xen ........................................................................................................................ 312
4.35. xorg-x11-drv-i810 .................................................................................................... 313
4.36. xorg-x11-drv-nv ....................................................................................................... 313
4.37. xorg-x11-drv-vesa ................................................................................................... 314
A. Package Manifest 315
A.1. Added Packages ..................................................................................................... 315
A.2. Dropped Packages .................................................................................................. 319
A.3. Updated Packages .................................................................................................. 319
B. Revision History 447
Page 17
xvii
Preface
The Red Hat Enterprise Linux 5.4 Technical Notes list and document the changes made to the Red Hat Enterprise Linux 5 operating system and its accompanying applications between minor release Red Hat Enterprise Linux 5.3 and minor release Red Hat Enterprise Linux 5.4.
For system administrators and others planning Red Hat Enterprise Linux 5.4 upgrades and deployments, the Technical Notes provide a single, organized record of the bugs fixed in, features added to, and Technology Previews included with this new release of Red Hat Enterprise Linux.
For auditors and compliance officers, the Red Hat Enterprise Linux 5.4 Technical Notes provide a single, organized source for change tracking and compliance testing.
For every user, the Red Hat Enterprise Linux 5.4 Technical Notes provide details of what has changed in this new release.
The Technical Notes also include, as an Appendix, the Red Hat Enterprise Linux Package Manifest: a listing of every changed package in this release.
Page 18
xviii
Page 19
Chapter 1.
1
Package Updates
1.1. NetworkManager
1.1.1. RHSA-2009:0361: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0361
1
Updated NetworkManager packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.
An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre­shared keys. (CVE-2009-03652)
A potential denial of service flaw was found in NetworkManager's D-Bus interface. A local user could leverage this flaw to modify local connection settings, preventing the system's network connection from functioning properly. (CVE-2009-05783)
Red Hat would like to thank Ludwig Nussel for reporting these flaws responsibly.
Users of NetworkManager should upgrade to these updated packages which contain backported patches to correct these issues.
1.1.2. RHBA-2009:1389: bug fix update
Updated NetworkManager packages that fix several bugs are now available.
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.
These updated NetworkManager packages provide the following fixes:
• NetworkManager allowed users to create completely insecure ad-hoc wireless networks and indeed, the default security setting for wifi sharing was "none". Because of this default setting and because NetworkManager did not warn users of the potential security risks, users could unwittingly compromise the security of their computers. Now, NetworkManager uses "WEP Passphrase" as the default security option for creating a new wifi network, and allows administrators to disable users'
2
https://www.redhat.com/security/data/cve/CVE-2009-0365.html
3
https://www.redhat.com/security/data/cve/CVE-2009-0578.html
Page 20
Chapter 1. Package Updates
2
ability to share wifi connections without security in place, or their ability to share wifi connections at all. These measures make it less likely that a user could inadvertently compromise a sensitive system. (BZ#4962474)
• accessing the context (right-click) menu of the NetworkManager GNOME applet could trigger the GNOME Keyring Unlock dialog to appear, after which no X11 applications could receive keyboard or mouse events. Now, NetworkManager closes the context menu before requesting keyring items, and therefore avoids this situation. (BZ#4760205)
• NetworkManager did not export VPN configurations. When a user selected this function, NetworkManager would present an error message: "VPN setting invalid", even for a connection with valid settings. Network manager now exports VPN connections correctly. (BZ#4853456)
• due to faulty logic in the code, nm-applet would choose the lowest signal strength of all APs of the same SSID in the area and display this strength in the menu to represent the signal strength for that SSID. NetworkManager now correctly calculates wireless signal strength when multiple access points with the same SSID are present. (BZ#4854777)
• when NetworkManager fails to connect to a wifi network, it re-prompts the user for the passphrase for that network. Previously, NetworkManager did not retain the original text of the passphrase entered by the user. Therefore, when users selected the "Show password" option so that they could see what they had typed after a failed connection attempt, NetworkManager displayed the passphrase in hexadecimal form. NetworkManager now retains the original text of the passphrase and displays the original passphrase instead of a hexadecimal string when the user selects the "Show password" option. (BZ#4665098)
• NetworkManager has its own internal method of starting loopback devices, and does not use the configuration settings stored in /etc/sysconfig/network-scripts/ifcfg-lo. Previously, NetworkManager would produce an error, alerting users that the configuration settings were ignored. This error message could mislead users to think that a problem had occurred. Now, NetworkManager does not present this error message to the user, and avoids the potential confusion. (BZ#4840609)
• the NetworkManager package requires wpa_supplicant, but previously omitted the Epoch term for the wpa_supplicant package. Consequently, installing NetworkManager did not ensure that a suitable version of wpa_supplicant was installed on the system. Now, the NetworkManager package specifies the epoch for the version of wpa_supplicant that it requires. (BZ#46868810)
• NetworkManager displayed configuration options for VPN even when no VPN software was installed on the system. This could mislead users to think that they could make VPN connections in situations when it was not possible to make these connections. Now, the VPN submenu is hidden if no VPN services are installed on the system, avoiding the potential confusion. (BZ#46460411)
Users are advised to upgrade to these updated NetworkManager packages, which provide these fixes.
1.2. OpenIPMI
1.2.1. RHEA-2009:1312: bug fix and enhancement update
Updated OpenIPMI packages that fix several bugs and add various enhancements are now available.
OpenIPMI (Intelligent Platform Management Interface) provides graphical and command line tools and utilities to access platform information, thus facilitating system management and monitoring for system administrators.
Page 21
RHEA-2009:1312: bug fix and enhancement update
3
These updated packages upgrade OpenIPMI to upstream version 2.0.16 and ipmitool to version
1.8.11. (BZ#47554212)
These updated OpenIPMI packages provide fixes for the following bugs:
• some IPMI-enabled hardware makes use of UDP ports 623 (ASF Remote Management and Control Protocol) and 664 (ASF Secure Remote Management and Control Protocol), which corrupts other traffic on these ports, causing symptoms such as autofs mounts hanging. The OpenIPMI package provides a configuration file for xinetd that prevents other services from using these ports, so that they do not interfere with IPMI. On affected systems, the fix has to be enabled manually by setting "disabled = no" for the appropriate port(s) in /etc/xinetd.d/rmcp and (re)starting the xinetd service. (BZ#42932913)
• on the S/390 architecture, running "ipmicmd" to access the internal hash table of open connections caused the utility to segmentation fault. With this update, "ipmicmd" correctly handles the hash table and thus no longer crashes. (BZ#437013 14)
• the "rmcp_ping" utility did not perform checks on the arguments provided to it on the command line, and would accept invalid port numbers and/or start tags. (BZ#43725615)
• the ipmitool utility is shipped in the OpenIPMI-tools packages, and it was not possible to have other packages depend on "ipmitool" directly. These updated packages explicitly provide the "ipmitool" feature so that other packages are now able to reference it. (BZ#44278416)
• several libraries in the OpenIPMI packages contained unnecessary RPATH values, which have not been compiled in to these updated packages. (BZ#46611917)
• the OpenIPMI-devel packages contained manual pages which were already provided by the OpenIPMI packages and have therefore been removed from the OpenIPMI-devel packages. (BZ#46648718)
• the ipmievd daemon listens for events sent by the BMC to the SEL and logs those events to syslog. Previously, the OpenIPMI-tools package did not contain the init script for the "ipmievd" service. This init script is included in these updated packages. (BZ#46997919)
• previously, it was not possible to query "ipmitool" to determine whether SOL payloads were enabled or disabled for specific users. These updated packages introduce a new "ipmitool sol payload status" query that implements the "Gets User Payload Access Command" from the IPMI specification, thus allowing users' SOL payload access privileges to be queried. (BZ#47003120)
• the "ipmitool sel list" command displayed event IDs as hexadecimal numbers. However, it was not possible to then provide these values as parameters to other "ipmitool sel" commands. These packages include an updated ipmitool whose various "ipmitool sel" commands accept both decimal and hexadecimal ID values as parameters. (BZ#47080521)
• it was not possible to specify a Kg key with non-printable characters on the ipmitool command line. With this update, a Kg key can now be specified as a hexadecimal value using the '-y' command line option. (BZ#47925222)
• the "sensor list" section of the ipmitool(1) man page now describes each columnar value of the command "ipmitool sensors list". (BZ#47970223)
In addition, these updated packages provide the following enhancements:
12
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=475542
Page 22
Chapter 1. Package Updates
4
• new in this OpenIPMI 2.0.16 release is the OpenIPMI-gui package, which contains a GUI that provides a tree-structured view of the IPMI domains it is connected to. (BZ#50478324)
• the "ipmitool sol set" command now checks the values of arguments provided on the command line. (BZ#31123125)
• the ipmitool(1) man page has been updated to include descriptions for these commands: spd, picmg, hpm, firewall, fwum and kontronoem. (BZ#43853926)
Users are advised to upgrade to these updated OpenIPMI packages, which resolve these issues and add these enhancements.
1.3. acpid
1.3.1. RHSA-2009:0474: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0474
27
An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux
2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs.
Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon's error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU resources and preventing acpid from communicating with legitimate processes. (CVE-2009-079828)
Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
1.3.2. RHBA-2009:1403: bug fix update
An updated acpid package that fixes a bug is now available.
acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs.
In some pre-release versions of Red Hat Enterprise Linux 5.4, the Hardware Abstraction Layer (HAL) daemon was initialized before the ACPI daemon. Consequently, this resulted in the HAL daemon preventing the ACPI daemon from accessing /proc/acpi/event. With this update, the acpid package
28
https://www.redhat.com/security/data/cve/CVE-2009-0798.html
Page 23
acroread
5
has been updated so the ACPI daemon now starts before the HAL daemon, which resolves this issue. (BZ#50317729)
Users should upgrade to this updated package, which resolves these issues.
1.4. acroread
1.4.1. RHSA-2009:1109: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1109
30
Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Adobe Reader allows users to view and print documents in Portable Document Format (PDF).
Multiple security flaws were discovered in Adobe Reader. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-019831, CVE-2009-050932, CVE-2009-051033, CVE-2009-051134,
CVE-2009-051235, CVE-2009-088836, CVE-2009-088937, CVE-2009-185538, CVE-2009-185639, CVE-2009-185740, CVE-2009-185841, CVE-2009-185942, CVE-2009-186143, CVE-2009-202844)
All Adobe Reader users should install these updated packages. They contain Adobe Reader version
8.1.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
29
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=503177
31
https://www.redhat.com/security/data/cve/CVE-2009-0198.html
32
https://www.redhat.com/security/data/cve/CVE-2009-0509.html
33
https://www.redhat.com/security/data/cve/CVE-2009-0510.html
34
https://www.redhat.com/security/data/cve/CVE-2009-0511.html
35
https://www.redhat.com/security/data/cve/CVE-2009-0512.html
36
https://www.redhat.com/security/data/cve/CVE-2009-0888.html
37
https://www.redhat.com/security/data/cve/CVE-2009-0889.html
38
https://www.redhat.com/security/data/cve/CVE-2009-1855.html
39
https://www.redhat.com/security/data/cve/CVE-2009-1856.html
40
https://www.redhat.com/security/data/cve/CVE-2009-1857.html
41
https://www.redhat.com/security/data/cve/CVE-2009-1858.html
42
https://www.redhat.com/security/data/cve/CVE-2009-1859.html
43
https://www.redhat.com/security/data/cve/CVE-2009-1861.html
44
https://www.redhat.com/security/data/cve/CVE-2009-2028.html
Page 24
Chapter 1. Package Updates
6
1.4.2. RHSA-2009:0478: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0478
45
Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Adobe Reader allows users to view and print documents in Portable Document Format (PDF).
Two flaws were discovered in Adobe Reader's JavaScript API. A PDF file containing malicious JavaScript instructions could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2009-149246, CVE-2009-149347)
All Adobe Reader users should install these updated packages. They contain Adobe Reader version
8.1.5, which is not vulnerable to these issues. All running instances of Adobe Reader must be
restarted for the update to take effect.
1.4.3. RHSA-2009:0376: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0376
48
Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Adobe Reader allows users to view and print documents in Portable Document Format (PDF).
Multiple input validation flaws were discovered in the JBIG2 compressed images decoder used by Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2009-019349, CVE-2009-065850,
CVE-2009-092851, CVE-2009-106152, CVE-2009-106253)
All Adobe Reader users should install these updated packages. They contain Adobe Reader version
8.1.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be
restarted for the update to take effect.
46
https://www.redhat.com/security/data/cve/CVE-2009-1492.html
47
https://www.redhat.com/security/data/cve/CVE-2009-1493.html
49
https://www.redhat.com/security/data/cve/CVE-2009-0193.html
50
https://www.redhat.com/security/data/cve/CVE-2009-0658.html
51
https://www.redhat.com/security/data/cve/CVE-2009-0928.html
52
https://www.redhat.com/security/data/cve/CVE-2009-1061.html
53
https://www.redhat.com/security/data/cve/CVE-2009-1062.html
Page 25
aide
7
1.5. aide
1.5.1. RHEA-2009:1073: enhancement update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHEA-2009:1073
54
An enhanced aide package that contains minor adjustments to the aide.conf configuration file to offer improved initial behavior is now available.
Advanced Intrusion Detection Environment (AIDE) is a program that creates a database of files on a system, and then uses that database to ensure file integrity and detect system intrusions.
This updated aide package adds the following enhancement:
• the /var/run/utmp configuration file is now correctly treated as a log file, and the hidden files (also known as "dot files") located in the root user's home directory are now checked for permission integrity only. These enhancements to AIDE should cause systems to produce fewer false alarms concerning files which have changed. (BZ#47654255)
Users of aide are advised to upgrade to this updated package, which adds this enhancement.
1.6. amanda
1.6.1. RHBA-2009:1300: bug fix update
Updated amanda packages that fix two bugs are now available.
Amanda is a network-capable tape backup solution.
These updated amanda packages resolve the following issues:
• the "amtapetype" command had a bug in memory management: an invalid pointer was passed to the free() function. In some circumstances this caused amrecover to fail with a "Extractor child exited with status 2" error. The invalid pointer is no longer passed to free() and amrecover extracts files from a tape backup as expected. (BZ#47697156)
• previously, amanda sub-packages (including amanda-devel, amanda-server and amanda-client) were only required to be the same version as amanda: they did not check that their release was in sync with the base amanda package. This could cause the packages to go out-of-sync and malfunction if an attempt was made to update either the base amanda package or any of amanda's sub-packages. With this update, both the version and release are checked, ensuring all dependent packages remain in sync if either the base package or any sub-packages are updated. (BZ#49711157)
Users of amanda should upgrade to these updated packages, which resolves these issues.
Page 26
Chapter 1. Package Updates
8
1.7. anaconda
1.7.1. RHBA-2009:1306: bug fix and enhancement update
Updated anaconda packages that fix several bugs and add various enhancements are now available.
Anaconda is the system installer.
These updated anaconda packages provide fixes for the following bugs:
Anaconda is the system installer.
These updated anaconda packages provide fixes for the following bugs:
• a write-protected SD card could cause an installation failure even when the mount point was de­selected in the Disk Druid. (BZ#47188358)
• Anaconda occasionally attempted to delete nonexistent snapshots, which caused installation to fail. (BZ#43382459)
• if a boot file was retrieved via DHCP, Anaconda now saves it so that it can later be used to construct the default Kickstart file if the user boots with "ks" as a boot parameter. (BZ#44800660)
• driver disk locations can now be specified using the "dd=[URL]" option, where [URL] is an FTP, HTTP or NFS location. (BZ#45447861)
• the bootloader can now be located in the MBR on a software RAID1 boot partition. (BZ#47597362)
• Anaconda now installs multipath packages so that multipath devices work as expected following first reboot. (BZ#46661463)
• Anaconda prompted for the time zone even when the time zone was correctly specified in the Kickstart file. (BZ#48161764)
• on Itanium systems, the time stamps of installed files and directories were in the future. (BZ#48520065)
• the iSCSI Boot Firmware Table (iBFT) now works with Challenge-Handshake Authentication Protocol (CHAP) and reverse-CHAP setups. (BZ#49743866)
• Anaconda now correctly sets the umask on device nodes. (BZ#38353167)
• following a manual installation during which IPv6 was configured, the /etc/sysconfig/network-scripts/ ifcfg-[interface] file (such as ifcfg-eth0) did not contain those IPv6 network details. (BZ#44539468)
• Anaconda now correctly handles LAN channel station (LCS) devices. (BZ#47110169)
• when using autostep mode with a Kickstart configuration file, Anaconda incorrectly prompted for a root password even when the root password was designated as encrypted. (BZ#47112270)
• empty repositories caused installation to fail. (BZ#47618271)
• large numbers of tape drives in the Kickstart file are now handled correctly. (BZ#47618672)
• hyphenated MAC address formats in the Kickstart file (e.g. "ksdevice=00-11-22-33-44-55") are now allowed. (BZ#48030973)
Page 27
RHBA-2009:1306: bug fix and enhancement update
9
• an unexpected exception during Logical Unit Number (LUN) selection caused installation to fail. (BZ#47527174)
• when installing on a low-memory system or virtual machine over HTTP or FTP, a non-present "lspci" binary caused installation to fail. (BZ#47647675)
• Anaconda now correctly adds the user to the default group, and groups specified by "--groups", when performing a Kickstart installation. (BZ#45441876)
• the "cmdline" option, which specifies a non-Ncurses installation, is now honored in the Kickstart file. (BZ#45632577)
• Kickstart file download from an anonymous FTP site is now possible. (BZ#47753678)
In addition, these updated packages provide the following enhancements:
• default configuration values are now suggested during System z installation. (BZ#47535079)
• hardware device descriptions have been enhanced to reflect expanded hardware support. (BZ#49851180)
• the Mellanox ConnectX mt26448 10Gb/E driver is now supported. (BZ#51497181)
• the mpt2sas driver is now supported. (BZ#47567182)
• the Emulex Tiger Shark converged network adatper is now supported. (BZ#49687583)
• the Marvell RAID bus controller MV64460/64461/64462 and Emulex OneConnect 10GbE NIC devices are now supported. (BZ#49317984)
• the IGB Virtual Function driver is now supported. (BZ#50287585)
• installation on RAID10 devices is now supported. (BZ#46799686)
• non-fatal errors and conditions are now ignored when installing from a Kickstart file. (BZ#45546587)
• stale LVM metadata can now be removed with the "--clearpart" option. (BZ#46261588)
• to aid in identifying the network card, an option to blink its LED for 5 minutes is now present. (BZ#47374789)
• IPv6 address validation on S/390 installations has been improved. (BZ#46057990)
Users are advised to upgrade to these updated anaconda packages, which resolve these issues and add these enhancements.
Users are advised to upgrade to these updated anaconda packages, which resolve these issues and add these enhancements.
Page 28
Chapter 1. Package Updates
10
1.8. apr
1.8.1. RHSA-2009:1204: Moderate and apr-util security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1204
91
Updated apr and apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-241292)
All apr and apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
1.9. apr-util
1.9.1. RHSA-2009:1107: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1107
93
Updated apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
apr-util is a utility library used with the Apache Portable Runtime (APR). It aims to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing, and more.
92
https://www.redhat.com/security/data/cve/CVE-2009-2412.html
Page 29
aspell
11
An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service (application crash). (CVE-2009-195694)
Note: The CVE-2009-1956 flaw only affects big-endian platforms, such as the IBM S/390 and PowerPC. It does not affect users using the apr-util package on little-endian platforms, due to their different organization of byte ordering used to represent particular data.
A denial of service flaw was found in the apr-util Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine. (CVE-2009-195595)
A heap-based underwrite flaw was found in the way apr-util created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine. (CVE-2009-002396)
All apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the Apache Portable Runtime library, such as httpd, must be restarted for this update to take effect.
1.10. aspell
1.10.1. RHBA-2009:1070: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1070
97
An updated aspell-nl package that fixes a bug is now available.
Aspel-nl provides the word list/dictionaries for Dutch language.
This updated aspell-nl package fixes the following bug:
• the previous aspell-nl update provided also an empty aspell-nl-debuginfo package. The dictionary packages for Aspell do not require debuginfo packages; this update therefore removes the extraneous aspell-nl-debuginfo package. (BZ#50054098)
All Dutch language Aspell users are advised to upgrade to this updated package, which resolves this issue.
94
https://www.redhat.com/security/data/cve/CVE-2009-1956.html
95
https://www.redhat.com/security/data/cve/CVE-2009-1955.html
96
https://www.redhat.com/security/data/cve/CVE-2009-0023.html
Page 30
Chapter 1. Package Updates
12
1.11. audit
1.11.1. RHBA-2009:0475: bug fix and enhancement update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0475
99
Updated audit packages that fix a bug and add an enhancement are now available.
The audit packages contain user-space utilities for storing and searching the audit records generated by the audit subsystem in the Linux 2.6 kernel.
These updated audit packages fix the following bug:
• ausearch was unable to interpret tty audit records. tty records are specially-encoded, and the ausearch program could not decode them, which resulted in their being displayed in encoded form. These updated packages enable ausearch to interpret (i.e. decode correctly) TTY records, thus resolving the issue. ( BZ#497518
101100
)
In addition, these updated audit packages provide the following enhancement:
• The aureport program was enhanced to add a '--tty' report option. This is a new report that was recently added to audit in order to aid in the review of TTY audit events. ( BZ#497518
103102
)
Users are advised to upgrade to these updated audit packages, which resolve this issue and add this enhancement.
1.11.2. RHBA-2009:0443: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0443
104
Updated audit packages that resolve several issues are now available.
The audit packages contain user-space utilities for storing and searching the audit records generated by the audit subsystem in the Linux 2.6 kernel.
These updated packages fix the following bugs in the auditd daemon and one of its utilities:
• when the log_format parameter was set to "NOLOG" in the auditd.conf configuration file, audit events which were queued in the internal message queue were not cleared after being written to dispatchers. This caused the internal message queue to grow over time, causing an auditd memory leak. With these updated packages the audit events in the internal message queue are properly cleared after being written, thus plugging the memory leak.
Page 31
RHEA-2009:1303: enhancement
13
• certain audit rules failed parser checks even though they were specified correctly, which prevented those rules from being loaded into the kernel. With this update, all correctly-specified audit rules pass parser checks and can be loaded into the kernel, thus resolving the problem.
All users of audit are advised to upgrade to these updated packages, which resolve these issues.
1.11.3. RHEA-2009:1303: enhancement
Updated audit packages, which includes TTY audit and remote log aggregation updates among other enhancements, are now available.
The audit packages contain user space utilities for storing and searching the audit records generated by the audit subsystem in the Linux 2.6 kernel.
These updated packages upgrade the auditd daemon and its utilities to the newer upstream version
1.7.13 (BZ#483608), which provides the following enhancements and bug fixes over the previous
version:
• the user-space audit tools use ausearch to search audit records. Ausearch does not contain logic to handle event-linked lists and previously, could not find records if they were out of chronological order. The logic to link these lists together and evaluate whether the list is complete is now available in the auparse library. Ausearch now uses auparse to handle these lists so that it can find records even when they are out of order. (BZ#235898
105
)
• the manual page for ausyscall did not document use of the "--exact" option. A description of "-­exact" is now included. (BZ#471383
106
)
• due to a logic error, the "local_port = any" option for the audisp-remote plugin did not work as described in the manual page. When executed with this option, the plugin would display the error "Value any should only be numbers" and terminate. With the error corrected, the plugin works as documented. (BZ#474466
107
)
• previously, audisp would read not only its configuration file (in /etc/audisp/plugins.d/) but any files with names simlar to its configuration file found in the same directory, for example, backups of the configuration file. As a result, if a plugin were listed in more than one configuration file, it would be activated multiple times. audisp now reads only its configuration file and therefore avoids activating multiple copies of plugins. (BZ#476189
108
)
• previously, TTY audit results were reported in ausearch in their raw hexadecimal form. This format was not easily readable by humans, so ausearch now converts the hexadecimal strings and presents them as their corresponding keystrokes. Note that the "--tty" option has now been added to aureport to provide a convenient way of accessing the TTY audit report. (BZ#483086
109
)
• previously, when setting the output log format to "NOLOG", audit events would be added to the internal message queue but not removed from the queue when written to the dispatchers. The queue would therefore grow to consume available memory. Audit events are now removed from the internal queue to avoid this memory leak. (BZ#487237
110
)
• due to a logic error, auditctl was not correctly parsing options that included non-numeric characters. For example, the "-F a0!=-1" option would result in an error saying "-F value should be number for a0!=-1". With the error corrected, auditctl parses this rule correctly. (BZ#497542
111
)
Other issues corrected in the rebase include:
Page 32
Chapter 1. Package Updates
14
• remote logging is a technology preview item and as such had some bugs. Robustness of this facility was improved.
• on busy systems, pam had problems communicating with the audit system, which resulted in a timeout and being denied access to the system. We now loop a few times when checking for the event ACK.
• On biarch system, a warning is emitted if audit rules don't cover both 64 & 32 bit syscalls of the same name.
• Fix regression where msgtype couldn't be used for a range of types.
• New aulast program helps analyse login session information.
• If log rotation fails, auditd now leaves the old log writable.
• A tcp_wrappers config option was added to auditd for remote logging.
• Fix problem where negative uids in audit rules on 32 bit systems resulted in the wrong uid and therefore incorrect event logging.
Users of audit are advised to upgrade to these updated packages, which add these enhancements and bug fixes.
1.12. authconfig
1.12.1. RHBA-2009:0482: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0482
112
Updated authconfig packages that fix a bug are now available.
The authconfig packages contain a program with both a command line and a GUI interface for configuring a system to use shadow passwords, or to function as a client for certain network user­information and authentication schemes.
• when disabling caching using the system-config-authentication graphical interface or with the "authconfig --update --disablecache" command, authconfig did not properly stop ncsd, the name service cache daemon, which could have caused timeouts and delays during authentication or when user information was requested by applications. (BZ#471642
113
)
Users are advised to upgrade to these updated authconfig packages, which resolve this issue.
Page 33
authd
15
1.13. authd
1.13.1. RHBA-2009:0442: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0442
114
An updated authd package that fixes various bugs is now available.
The authd package contains a small and fast RFC 1413 ident protocol daemon with both xinetd server and interactive modes that supports IPv6 and IPv4 as well as the more popular features of pidentd.
This updated authd package includes fixes for the following bugs:
• on 64-bit architectures, a size mismatch between data structures led to an endlessly repeating pattern of output, though no error. This size mismatch has been fixed in this updated package so that authd works as expected.
• attempting to connect to a Postgresql database using identd authentication resulted in error messages similar to the following in Postgresql's pg_log, where [user] is the username of the user attempting to connect:
CESTLOG: invalidly formatted response from Ident server: "49795 , 5432 : ERROR :[user]
This authd error has been corrected so that users are now able to log in successfully, thus resolving the issue.
• previously, installing the authd package resulted in the creation of a user named "ident" with a home directory of /home/ident. With this updated package, the "ident" user is still created, but, by convention, ident's home directory is the root ("/") directory.
All users of authd are advised to upgrade to this updated package, which resolves these issues.
1.14. autofs
1.14.1. RHBA-2009:1131: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1131
115
An updated autofs package that fixes a bug which caused autofs to fail occasionally when accessing an LDAP server while using SASL authentication is now available.
Page 34
Chapter 1. Package Updates
16
The autofs utility controls the operation of the automount daemon, which automatically mounts, and then unmounts file systems after a period of inactivity. File systems can include network file systems, CD-ROMs, diskettes, and other media.
This updated autofs package fixes the following bug:
• when connecting to an LDAP server while using SASL authentication, autofs occasionally failed with a segmentation fault, forcing users to restart the autofs service. This failure was caused by a double-free error in the cyrus-sasl module, which has been fixed in this updated package. Connecting to an LDAP server while using SASL authentication now works as expected. (BZ#504566
116
)
All users of autofs are advised to upgrade to this updated package, which resolves this issue.
1.14.2. RHBA-2009:1397: bug fix update
An updated autofs package that fixes various bugs and adds an enhancement is now available.
The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts file systems when you use them, and unmounts them when they are not busy.
• Previously, automount did not return its status to its parent while it waited for the autofs daemon to complete its startup. As a result, the init script did not always report success when the service started sucessfully. Automount now returns its status and accurately reports when the service has started. (BZ#244177
117
)
• Autofs uses "umount -l" to clear active mounts at restart. This method results in getcwd() failing because the point from which the path is constructed has been detached from the mount tree. To resolve this a miscellaneous device node for routing ioctl commands to these mount points has been implemented in the autofs4 kernel module and a library added to autofs. This provides the ability to re-construct a mount tree from existing mounts and then re-connect them. (BZ#452122
118
)
• Previously, the version of autofs shipped with Red Hat Enterprise Linux 5 used the "-hosts" method as its default way to handle /net mounts. Using this method, it was necessary to reboot the client to release processes if if the connection to the server was lost. Now, autofs uses the "intr" option as its default, which allows the mount to be unmounted forcibly if necessary. (BZ#466673
119
)
• By default, autofs waits 60 seconds for a server to respond while performing a YP lookup. Previously, repeated attempts to perform lookups for non-existent directories could result in all available ports becoming congested. Autofs now maintains a cache of failed lookups and avoids repeated failures occupying the available ports. (BZ#469387
120
)
• The %{dist?} tag that is used by rpm spec files is defined in ~/.rpmmacros for the user building the package. However, this is not a reliable method of providing the "Release:" tag in a package, because the {%dist?} tag might not be defined for the user building the package. Previously, autofs relied on the {%dist?} tag to define "Release:" in its spec file, which meant that building it correctly depended on the user's ~/.rpmmacros file being set up appropriately. "Release:" is now defined directly in the autofs file system, which makes it more likely to build correctly on a greater number of systems. (BZ#471385
121
)
• Previously, the LDAP module lacked the ability to lock the server list. When used in SASL authenticated environments, this could cause autofs to fail if the credential for the connection became stale. The LDAP module can now lock a server list, and autofs refreshes and retries
Page 35
RHBA-2009:1397: bug fix update
17
failed SASL connections. Autofs therefore performs more reliably when used in authenticated environments. (BZ#481139
122
)
• Submounts are detached threads that do not belong to the master map entry list. Previously, autofs did not release mount resources when a mount thread for a submount was terminated. With these resources not released, a segmentation fault during a shutdown or reboot of the system could result. Resources allocated to submounts are now explictly released in the code and the segmentation fault is therefore avoided. (BZ#482988
123
)
• Previously, autofs contained an an incorrect %token declaration in the master map parser. In some rare cases this could cause the timeout sent from the tokenizer to the parser to always be zero, which is interpreted as "never". As a result, indirect mounts would never expire, no matter how long they had been inactive. The %token declaration is now corrected, meaning that mounts expire as they should. (BZ#487151
124
)
• Previously, autofs used the select() function to process direct-mount maps and was therefore limited by the file descriptor limit (by default, 1024). As a consequence, autofs was not able to use direct­mount maps with numbers of entries larger than the limit, and would stop responding when it used up all available file descriptors. Now, autofs uses poll() instead of select() and is therefore no longer limited by the available file descriptors. Freed of this limitation, autofs can use large direct-mount maps. (BZ#487653
125
)
• Previously, autofs reported an incorrect buffer size internally when passing the startup status from the autofs daemon to the parent process. Although no specific consequences of this inaccuracy are known, the buffer size is now reported correctly to avoid any consequences arising in the future. (BZ#487656
126
)
• Previously, the additive hashing algorithm used by autofs to generate hash values would result in a clustering of values that favoured a small range of hash indexes and led to reduced performance in large maps. Autofs now uses a "one-at-a-time" hash function which gives a better distribution of hash values in large hash tables. Use of the "one-at-a-time" hash function safeguards lookup performance as maps increase to 8,000 entries and beyond. (BZ#487985
127
)
• Previously, autofs would not always read file maps. If a map had been loaded into cache, autofs would rely on checks to determine whether the map was up to date before reading the map. Because file maps require a linear search through the file, large maps consume significant resources to process. Now, autofs automatically loads file-based maps when it starts, and uses the map file mtime parameter to detemine whether the cache needs to be refresed. This avoids the processing overhead of checking a map before deciding whether to load it. (BZ#487986
128
)
• Previously, the autofs code contained a logic error that resulted in a crash under conditions of heavy load. When autofs was not able to create a new pthread, it would double free a value. Now, with the error corrected, when heavily loaded, autofs will fail to create a new pthread safely. It reports the failure, but does not crash. (BZ#489658
129
)
• Previously, autofs could use the LDAP server on a network only if the location of the LDAP server were specified manually. Now, if no LDAP server is specified, autofs can look up domain SRV server records to make LDAP connections. This functionality simplifies the use of autofs on networks where an LDAP server is available. (BZ#490476
130
)
• Previously, if a name lookup failed while creating a TCP or UDP client, automount would destroy the client, but would not set the rpc client to NULL. Therefore, subsequent lookup attempts would attempt to use the invalid rpc client, which would lead to a segmentation fault. Now, when a name
Page 36
Chapter 1. Package Updates
18
lookup fails, autofs sets the rpc client to NULL, and therefore avoids the segmentation fault on subsequent lookup attempts. (BZ#491351
131
)
• Previously, in LDAP environments were both Red Hat Enterprise Linux and Solaris were in use, autofs would not correctly interpret master map keys added by Solaris. The auto_master file would therefore contain duplicate entries, where '%' symbols were interspersed between the characters of the map key names. Autofs now correctly parses the Solaris key names and does not create duplicate entries. (BZ#493074
132
)
• Previously, a stack variable was not initialized on entry to the create_udp_client() or create_tcp_client() functions. During an error exit, the stack variable was checked, and the corresponding file descriptor was closed if the variable had a value other than -1. This could result in incorrectly closing a file descriptor still in use. The stack variable is now initialized and descriptors currently in use should not be closed. (BZ#493223
133
)
• Due to a number of logic errors in the code, autofs could not remount a direct-mount NFS if the mount had expired following a map reload. The mount request would never complete, and "can't find map entry" would appear in the log. The logic errors are now fixed, and autofs can successfully remount an expired direct-mount NFS after a map reload. (BZ#493791
134
)
• Previously, thread locking was missing from the st_remove_tasks() function, which meant in turn that its calling function could not get the locks that it required. This could result in a segmentation fault and a crash of autofs. Now, with the thread locking properly in place, the segmentation fault is avoided. (BZ#494319
135
)
• Previously, when autofs looked up a host name where when one NFS server name was associated with multiple IP adresses, autofs would repeat the query many times. As a consequence of these multiple queries, the mount would take a long time. Now, redundant queries have been removed, so that autofs performs the mount more quickly. (BZ#495895
136
)
• When connecting to an LDAP server while using SASL authentication, autofs occasionally failed with a segmentation fault, forcing users to restart the autofs service. This failure was caused by a double-free error in the cyrus-sasl module, which has been fixed in this updated package. Connecting to an LDAP server while using SASL authentication now works as expected. (BZ#501612
137
)
• Previously, the method used by autofs to clean up pthreads was not reliable and could result in a memory leak. If the memory leak occurred, autofs would gradually consume all available memory and then crash. A small semantic change in the code prevents this memory leak from occurring now. (BZ#510530
138
)
1.15. avahi
1.15.1. RHBA-2009:1119: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1119
139
Updated avahi packages that fix log output when invalid packets are received are now available.
Page 37
bind
19
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Networking. Avahi and Avahi-aware applications allow users to plug a computer into a network and automatically view other people to chat with, see printers to print to, and find shared files on other computers.
If Avahi receives an invalid mDNS packet, then it will write a message to syslog. The log message does not include the originating IP address of the packet, so it is not particularly useful to track down the source of the issue.
This update changes the log message to include the originating IP address of any invalid mDNS packets. This update also fixes some minor spelling errors in other log messages.
Users of avahi are advised to upgrade to these updated packages, which fix these issues.
1.16. bind
1.16.1. RHSA-2009:1179: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1179
140
Updated bind packages that fix a security issue are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
[Updated 29th July 2009] The packages in this erratum have been updated to also correct this issue in the bind-sdb package.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. (CVE-2009-0696
141
)
Note: even if named is not configured for dynamic updates, receiving such a specially-crafted dynamic update packet could still cause named to exit unexpectedly.
All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
141
https://www.redhat.com/security/data/cve/CVE-2009-0696.html
Page 38
Chapter 1. Package Updates
20
1.16.2. RHBA-2009:1137: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1137
142
Updated bind packages that resolve an issue are now available for Red Hat Enterprise Linux 5.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
These updated bind packages fix the following bug:
• DNSSEC, the Domain Name System Security Extensions, are a set of specifications used to secure information provided by the domain name system. One of the specifications, DNSSEC Lookaside Validation (DLV), failed to handle unknown algorithms, which caused the name resolution of "gov" and "org" top-level domains to fail. DLV in these updated packages is now able to handle unknown algorithms, and thus the validation and resolution of top-level domains (such as "org" and "gov") succeeds, thus resolving the issue. (BZ#504794
143
)
All users of bind are advised to upgrade to these updated packages, which resolve this issue.
1.16.3. RHBA-2009:1420: bug fix and enhancement update
Updated bind packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), a resolver library (routines for applications to use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly.
This update upgrades the bind packages to upstream version 9.3.6-P1, which contains bug fixes and enhancements over the previous version.
Notably, this updated BIND is able to handle a much larger number of requests simultaneously. (BZ#457036
144
)
These updated bind packages provide fixes for the following bugs:
• named occasionally crashed due to an assertion failure, and logged this error message to the system log:
named[PID]: socket.c:1649: INSIST(!sock->pending_recv) failed named[PID]: exiting
This crash was caused by sockets being closed too early. With these updated packages, this assertion failure no longer occurs. (BZ#455802
145
)
• when using the '-4' option with the "host" and "dig" utilities to force them to use an IPv4 transport, the order in which IPv4 and IPv6 nameservers were listed in the /etc/resolv.conf configuration file
144
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457036
Page 39
binutils
21
affected whether the command would fail or succeed. This has been fixed so that these utilities continue to look for an IPv4 address, even past listed IPv6 addresses, when the '-4' option is supplied. (BZ#469441
146
)
• the "named-checkconf" utility ignored the "check-names" option in the /etc/named.conf configuration file, which caused the named daemon to fail to start, even if the configuration was valid. With these updated packages, "named-checkconf" no longer ignores the "check-names" option, and named starts up as expected. (BZ#491400
147
)
• the named init script did not handle the named_write_master_zones SELinux boolean or the permissions on the /var/named/ directory as documented. (BZ#494370
148
)
In addition, these updated packages provide the following enhancements:
• a new configuration directive which informs secondary servers not to send DNS notify messages, "notify master-only", is now supported. (BZ#477651
149
)
• dynamic loading of database back-ends is now supported with these updated packages. (BZ#479273
150
)
• the "allow-query-cache" option, which allows control over access to non-authoritative data (such as cached data and root hints), is now supported. (BZ#483708
151
)
• the sample /etc/named.conf configuration file provided with these packages has been improved. (BZ#485393
152
)
Users are advised to upgrade to these updated bind packages, which resolve these issues and add these enhancements.
1.17. binutils
1.17.1. RHBA-2009:0465: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0465
153
Updated binutils packages that resolve several issues are now available.
binutils is a collection of utilities used for the creation of executable code.
These updated binutils packages provide fixes for the following bugs:
• the "objdump" and "size" utilities were not recognizing ELF64-i386 object files. Such files are not normally produced on 32-bit x86 architectures. However, the kdump utility does produce such files on Physical Address Extension (PAE)-enabled kernels. With these updated packages, it is now possible to use the objdump and size utilities on ELF64-i386 object files. (BZ#457189
154
)
• due to a rare linking error, producing certain executables caused multi-megabyte zero-filled gaps in the executables. This did not affect the running of excutables affected by this bug. This linker error
Page 40
Chapter 1. Package Updates
22
has been corrected in these updated packages so that executables do not contain spurious zero­filled gaps. (BZ#458301
155
)
• the error message for the "strings -n [non-number]" command were less clear than in the previous package release, and therefore has been reverted and clarified. (BZ#480009
156
)
• the c++filt(1) man page contained a typo when giving the syntax for the recognized '--strip­underscore' option. (BZ#485194
157
)
• the c++filt(1) man page incorrectly mentioned the '-j' and '--java' options, which are not available when running c++filt. These mentionings have been removed from the man page. (BZ#495196
158
)
All users of binutils are advised to upgrade to these updated packages, which resolve these issues.
1.18. busybox
1.18.1. RHBA-2009:1249: bug fix update
Updated busybox packages that resolve several issues are now available.
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. BusyBox provides a fairly complete environment for any small or embedded system. This package can also be useful for recovering from certain types of system failures.
These updated busybox packages provide fixes for the following bugs:
• busybox provides a diff utility that is used extensively during installation. When this diff utility was called using the '-q' option, which reports only whether the files differ and not the details of how they differ, it always exited with an exit status of 0, indicating success. With this busybox update, the command "diff -q" correctly returns an exit status that corresponds to the same exit status returned when calling "diff" without the '-q' option, thus resolving the issue. (BZ#385661
159
)
• invoking the "uname -p" command resulted in the processor type being listed as "unknown" when it should have been listed, for example, as "x86_64", or "i686". With these updated packages, "uname
-p" either prints the processor type if known, or, if it is unknown, then the command is silent. This behavior now corresponds to the behavior of the uname command in coreutils. (BZ#480105
160
)
• using BusyBox's rpm applet to install an rpm caused busybox to exit due to a segmentation fault caused by a memory corruption error. This has been fixed in these updated packages so that installing rpms using the "busybox rpm" command works as expected and does not fail with a segmentation fault. (BZ#466896
161
)
• the busybox packages also contained empty debuginfo packages. These have been removed from this update. (BZ#500547
162
)
All users of busybox are advised to upgrade to these updated packages, which resolve these issues.
Page 41
cman
23
1.19. cman
1.19.1. RHBA-2009:1192: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1192
163
Updated cman packages that fix various bugs are now available.
The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster.
This update applies the following bug fixes:
• Removing a node from the cluster using the 'cman_tool leave remove' command now properly reduces the expected_votes and quorum.
• Quickly starting and stopping the cman service no longer causes the cluster membership to become inconsistent across the cluster.
All cman users should upgrade to these updated packages, which resolve these issues.
1.19.2. RHBA-2009:1103: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1103
164
Updated cman packages that fix various bugs are now available.
The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster.
This update applies the following bug fixes:
• 'group_tool ls fence' no longer exits with return code '1' when the group exists but has an id of zero.
• Connections to openais are now allowed from an unprivileged CPG clients with the user 'ais' or an initial login group of 'ais'.
All cman users should upgrade to these updated packages, which resolve this issue.
1.19.3. RHBA-2009:0416: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0416
165
Page 42
Chapter 1. Package Updates
24
Updated cman packages that fix a bug are now available.
The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster.
This update applies the following bug fix:
• Nodes are no longer ejected from the cluster that were quorate on their own if they do not have a state.
All cman users should upgrade to these updated packages, which resolve this issue.
1.19.4. RHSA-2009:1341: Low security, bug fix, and enhancement
update
Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat Security Response Team.
The Cluster Manager (cman) utility provides services for managing a Linux cluster.
Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579
166
,
CVE-2008-6552
167
)
Bug fixes:
• a buffer could overflow if cluster.conf had more than 52 entries per block inside the <cman> block. The limit is now 1024.
• the output of the group_tool dump subcommands were NULL padded.
• using device="" instead of label="" no longer causes qdiskd to incorrectly exit.
• the IPMI fencing agent has been modified to time out after 10 seconds. It is also now possible to specify a different timeout value with the '-t' option.
• the IPMI fencing agent now allows punctuation in passwords.
• quickly starting and stopping the cman service no longer causes the cluster membership to become inconsistent across the cluster.
• an issue with lock syncing caused 'receive_own from' errors to be logged to '/var/log/messages'.
• an issue which caused gfs_controld to segfault when mounting hundreds of file systems has been fixed.
• the LPAR fencing agent now properly reports status when an LPAR is in Open Firmware mode.
• the LPAR fencing agent now works properly with systems using the Integrated Virtualization Manager (IVM).
166
https://www.redhat.com/security/data/cve/CVE-2008-4579.html
167
https://www.redhat.com/security/data/cve/CVE-2008-6552.html
Page 43
RHSA-2009:1341: Low security, bug fix, and enhancement update
25
• the APC SNMP fencing agent now properly recognizes outletStatusOn and outletStatusOff return codes from the SNMP agent.
• the WTI fencing agent can now connect to fencing devices with no password.
• the rps-10 fencing agent now properly performs a reboot when run with no options.
• the IPMI fencing agent now supports different cipher types with the '-C' option.
• qdisk now properly scans devices and partitions.
• cman now checks to see if a new node has state to prevent killing the first node during cluster setup.
• 'service qdiskd start' now works properly.
• the McData fence agent now works properly with the McData Sphereon 4500 Fabric Switch.
• the Egenera fence agent can now specify an SSH login name.
• the APC fence agent now works with non-admin accounts when using the 3.5.x firmware.
• fence_xvmd now tries two methods to reboot a virtual machine.
• connections to OpenAIS are now allowed from unprivileged CPG clients with the user and group of 'ais'.
• groupd no longer allows the default fence domain to be '0', which previously caused rgmanager to hang. Now, rgmanager no longer hangs.
• the RSA fence agent now supports SSH enabled RSA II devices.
• the DRAC fence agent now works with the Integrated Dell Remote Access Controller (iDRAC) on Dell PowerEdge M600 blade servers.
• fixed a memory leak in cman.
• qdisk now displays a warning if more than one label is found with the same name.
• the DRAC5 fencing agent now shows proper usage instructions for the '-D' option.
• cman no longer uses the wrong node name when getnameinfo() fails.
• the SCSI fence agent now verifies that sg_persist is installed.
• the DRAC5 fencing agent now properly handles modulename.
• QDisk now logs warning messages if it appears its I/O to shared storage is hung.
• fence_apc no longer fails with a pexpect exception.
• removing a node from the cluster using 'cman_tool leave remove' now properly reduces the expected_votes and quorum.
• a semaphore leak in cman has been fixed.
• 'cman_tool nodes -F name' no longer segfaults when a node is out of membership.
Page 44
Chapter 1. Package Updates
26
Enhancements:
• support for: ePowerSwitch 8+ and LPAR/HMC v3 devices, Cisco MDS 9124 and MDS 9134 SAN switches, the virsh fencing agent, and broadcast communication with cman.
• fence_scsi limitations added to fence_scsi man page.
Users of cman are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.
1.20. cmirror
1.20.1. RHEA-2009:1340: bug-fix update
Updated cmirror packages that fix several bugs are now available.
The cmirror packages provide user-level utilities for managing cluster mirroring.
This update applies the following bug fixes:
• Copy percentage of corelog mirror no longer hangs due to stale checkpoint data.
• A segfault in clogd was fixed; the segfault was caused by mirrors being suspended too quickly after being started.
• The large number of dm-log-clustered timeouts generated by a pvmove no longer causes a cluster deadlock.
• Remnants of a moved device no longer remain in a volume group.
• Device-mapper userspace logs now have a local unique identifier to prevent issues when two logs have the same UUID.
Users of cmirror are advised to upgrade to these updated packages, which resolve these issues.
1.21. cmirror-kmod
1.21.1. RHBA-2009:1367: bug fix update
Updated cmirror-kmod packages that fix a bug are now available.
The cmirror-kmod packages provide kernel-level interface for using cluster mirroring.
This update applies the following bug fix:
• kmod-cmirror packages now use symbols that are on the kernel ABI whitelist. (BZ#481689
168
)
All users requiring cmirror-kmod should install these newly released packages, which resolve this issue.
Page 45
conga
27
1.22. conga
1.22.1. RHBA-2009:0381: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0381
169
Updated conga packages that fix a bug are now available.
The conga packages contain a web-based administration tool for remote cluster and storage management.
These updated packages apply the following bug fix:
• A bug that prevented Microsoft Internet Explorer from working correctly with the Luci server has been fixed.
1.22.2. RHBA-2009:1381: bug-fix and enhancement update
Updated conga packages that fix several bugs and add enhancements are now available.
The conga packages contain a web-based administration tool for remote cluster and storage management.
This update applies the following bug fixes:
• A bug that caused some operations to fail when accessing Conga via Microsoft Internet Explorer was fixed.
• A bug that caused quorum disk heuristics to be lost after changing quorum disk main properties was fixed.
• A bug that made it impossible to set failover domains for virtual machine services was fixed.
• A bug that required that a fence device password be provided when a password script has been defined was fixed.
• A bug that caused the "run exclusive" cluster service attribute to always be shown as having been selected was fixed.
• A bug that caused adding existing Red Hat Enterprise Linux 4 clusters to the management interface to fail was fixed.
• A bug that caused updating existing fence devices to fail in some circumstances was fixed.
• A bug that caused the ricci storage module to fail to read mdadm device information was fixed.
This update adds the following enhancements:
• Support for configuration of LPAR fencing.
• Support for configuring NFS locking workarounds for cluster services.
Page 46
Chapter 1. Package Updates
28
• Support for choosing between the Xen and KVM hypervisors for virtual machine services.
Users of conga are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.
1.23. coreutils
1.23.1. RHBA-2009:1262: bug fix update
An updated coreutils package that fixes several bugs and adds various enhancements is now available.
The coreutils package contains the core GNU utilities. It is the combination of the old GNU fileutils, sh­utils, and textutils packages.
This updated package fixes the following bugs:
• previously, it was not possible to compile coreutils without SELinux support. This has been fixed so that removing the "--enable-selinux" option from the spec file allows coreutils to compile successfully. (BZ#488730
170
)
• the "join" utility, which joins two text files, or a file and standard input, on a line-by-line basis, could experience a segmentation fault when running under a multibyte locale. In addition, multibyte locales could cause "join" to produce unexpected results. With this updated package, these coding errors have been corrected so that "join" completes correctly and successfully when run under a multibyte locale. (BZ#497368
171
)
• the "df" utility reports the disk usage of a directory within a file system. Using "df" on a directory which contained autofs mount points under it did not cause autofs to mount those directories, which resulted in "df" not factoring in the disk usage of those automount directories. With this update, invoking the "df" command does trigger automount, which in turn results in a correct disk usage count. (BZ#497830
172
)
• several other utilities in the coreutils package possessed undocumented options, which could have led to user confusion. Those undocumented options have been removed from their respective utilities, thus reducing the possibility for confusion. (BZ#468030
173
)
• the "chmod", "chown" and "chgrp" commands all take the following options, which have the same effect: "-f", "--silent" and "--quiet". These flags cause the command to suppress most error messages. However, calling the command with one of these options on a non-existent file caued the command to output the following message: "No such file or directory". These options now suppress error messages when called on non-existent files. (BZ#474220
174
)
• the tail(1) man page contained a formatting error and a typo, both of which have been rectified. (BZ#470788
175
)
• the rm(1) man page stated that the "rm" command possessed a "--directory" ('-d') option, whose purpose was to allow the removal of directories, including non-empty directories. However, invoking "rm --directory [dir]" always resulted in the following error message: "rm: cannot remove `some_dir': Is a directory". The rm(1) man page has been corrected and no longer lists "--directory" as an option. The recommended switch for recursively removing a directory and its contents is "-­recursive" ('-r'). (BZ#473472
176
)
Page 47
cpio
29
• the coreutils package's locale directories were not owned by the coreutils package. This has been corrected by ensuring that all locale directories are owned by the package. (BZ#481804
177
)
In addition, this updated package provides the following enhancements:
• the '-v' option of the "ls" command sorts directory listings based upon version numbers. However, "ls -v" did not sort vmlinuz-[version] files from the /boot/ directory in the correct order. This updated coreutils package enhances both "ls -v" and "sort -V" so that they are now able to sort /boot/vmlinuz­[version] files correctly. (BZ#253817
178
)
• the "install" command now supports the "--compare" ('-c') flag, which causes "install" to compare each pair of source and destination files and, if the destination file's content is identical to the source (and disregarding any discrepancy between the owner, group, permissions and possibly SELinux context) then the destination file is not modified and the modification time is left unchanged. (BZ#453447
179
)
• the "cp" and "mv" utilities now support the preservation of extended attributes on files and directories. In addition, Access Control Lists (ACLs) are now preserved when copying or moving files (with "cp" or "mv") to or from NFSv4-mounted file systems. (BZ#454072
180
)
All coreutils users are advised to upgrade to this updated package, which resolves these issues.
1.24. cpio
1.24.1. RHBA-2009:0379: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0379
181
An updated cpio package that fixes various bugs is now available.
GNU cpio copies files into or out of a cpio or Tar archive.
This updated cpio package includes fixes for the following bugs:
• when called with the "--pass-through" ('-p') option, which enables copy-pass mode, cpio did not always set the permissions of copied directories correctly. In certain circumstances, cpio always created directories with a permissions mode of 700 and did not respect the system umask. With this updated package, cpio copies directories while honoring the umask setting when using copy-pass mode, which resolves the issue.
• cpio was unable to write to a file on a remote system when using the "-O [archive]" option along with "--rsh-command". With this update, cpio is once again able to write files to remote systems. Note that the default remote shell is defined as /usr/bin/rsh.
All users of cpio are advised to upgrade to this updated package, which resolves these issues.
Page 48
Chapter 1. Package Updates
30
1.25. cpuspeed
1.25.1. RHBA-2009:0424: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0424
182
An updated cpuspeed package that fixes various bugs is now available.
The cpuspeed package provides CPU frequency scaling support.
This updated package fixes the following bugs:
• the cpuspeed init script loaded the speedstep-centrino driver on Intel systems, even when the acpi­cpufreq driver had already loaded successfully. With both these drivers loaded, the system would not handle P-states correctly. The cpuspeed init script now attempts to load the speedstep-centrino driver only as a fallback for situations where it has not been able to load the acpi-cpufreq driver. Intel systems that can use the acpi-cpufreq driver no longer load the speedstep-centrino driver, and now handle P-states correctly. (BZ#485480
183
)
• a development version of this package attempted to make cpuspeed run reliably on Xen kernels by only allowing cpuspeed to start on Xen kernels if the number of virtual CPUs in dom0 equalled the number of physical CPUs in the system. However, this condition can never be true until xend starts, and xend starts after cpuspeed. Therefore, cpuspeed would only run properly on Xen kernels if cpuspeed were restarted after the system completed the boot process. The restriction that cpuspeed can only start if the number of virtual and physical kernels are equal has therefore been removed, allowing cpuspeed to start on Xen kernels even when xend has not yet started. (BZ#488924
184
, BZ#498406
185
, BZ#492139
186
)
1.26. crash
1.26.1. RHBA-2009:0049: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0049
187
Updated crash packages are now available.
Crash is a self-contained tool that can be used to investigate live systems, kernel core dumps created from the netdump, diskdump and kdump packages from Red Hat Linux, the mcore kernel patch offered by Mission Critical Linux, or the LKCD kernel patch.
This updated package includes the following bug fix:
Page 49
RHBA-2009:1283: bug fix update
31
• The bt command displays a task's kernel-stack backtrace. When running this command against an x86 Xen kernel vmcore, crash did not correctly handle the transition from the IRQ stack back to the process stack, leading to a segmentation fault. The version of crash provided with this advisory contains a patch that corrects this issue, allowing users to analyze a vmcore file from a system with an x86 Xen kernel.
All users of crash should upgrade to this updated package.
1.26.2. RHBA-2009:1283: bug fix update
Updated crash packages that resolve several issues are now available.
The crash packages are used to investigate live systems and kernel core dumps created from the netdump, diskdump and kdump facilities.
These updated crash packages are rebased to upstream version 4.0-8.9 (BZ#494028
188
) and provide
fixes for the following bugs:
• if entered alone on the command line, the "set" command would cause a segmentation violation, because there is no concept of a "context" in the Xen hypervisor. Crash now prompts the user to provide an option with "set", and provides more meaningful error messages if the option selected is not applicable. (BZ#462819
189
)
• crash would indicate "irq: invalid structure size: gate_struct" and dump a stack trace leading to x86_64_display_idt_table() when the "irq -d" option was run on AMD64 and Intel 64 Xen kernels. Now it will indicate that the -d option is not applicable. (BZ#464116
190
)
• the "bt" command did not work correctly when running against the Xen hypervisor binary. The "bt -o" option, and setting it to run by default with "bt -O", would fail with the vmlinux-specific error message "bt: invalid structure size: desc_struct" with a stack trace leading to read_idt_table(). Now, it will display the generic error message "bt: -o option not supported or applicable on this architecture or kernel". The "bt -e" or "bt -E" will also display the same error message, as opposed to the command usage message. Lastly, the "bt -R" option would cause a segmentation violation; it has been fixed to work as it was designed. (BZ#464288
191
)
• when run on a Xen hypervisor in which the backtrace leads to either "process_softirqs" or "page_fault", the "bt" command backtrace would indicate: "bt: cannot resolve stack trace". The recovery code would then terminate the command with the nonsensical error message: "bt: invalid structure size: task_struct". The command now properly terminates the backtrace. (BZ#474712
192
,
BZ#466724
193
)
• when run against the Xen hypervisor where the number of physical cpus outnumber the MAX_VIRT_CPUS value for the processor type, the "bt -a" command would fail after displaying backtraces for the first 32 (MAX_VIRT_CPUS) pcpus with the the error message: "bt: invalid vcpu". The command now shows backtraces for all pcpus. (BZ#471790
194
)
• the "mod -[sS]" command would fail with the error message: "mod: cannot find or load object file for <name> module" if the target module object filename contains both underscore and dash characters. Crash now parses these filenames correctly. (BZ#480136
195
)
• an existing Itanium INIT and MCA handler bug incorrectly writes the pseudo task's command name in its comm[] name string such that the CPU number may not be part of the string. The "bt"
188
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494028
Page 50
Chapter 1. Package Updates
32
command could not link back to a PID 0 swapper task that was interrupted by an Itanium INIT or MCA exception, and displayed the error message: "bt: unwind: failed to locate return link (ip=0x0)!" Crash now uses a different method to obtain the CPU number for the interrupted task, and the backtrace correctly transitions back to the interrupted task. (BZ#487429
196
)
• the starting backtrace location of active, non-crashing, xen dom0 tasks are not available in kdump dumpfiles, nor is there anything that can be searched for in their respective stacks. Therefore, for these tasks, the "bt" command would show either an empty backtrace or an invalid backtrace starting at the last location where schedule() had been called. Instead, the "bt" command now provides an error message for these tasks that indicated "bt: starting backtrace locations of the active (non-crashing) xen tasks cannot be determined: try -t or -T options". (BZ#495586
197
)
• Running the "bt" command against an x86 Xen kernel vmcore, the transition from the IRQ stack back to the process stack led to a segmentation fault. (BZ#478904
198
)
The upstream changelog referenced below details additional bug fixes and enhancements provided by the rebase of this package.
All users of crash are advised to upgrade to these updated packages, which resolve these issues.
1.27. cryptsetup-luks
1.27.1. RHBA-2009:1349: bug fix update
Updated cryptsetup-luks packages that fix various bugs are now available.
The cryptsetup-luks packages provide a utility for setting up encrypted devices using Device Mapper and the dm-crypt target.
This update provides the following bug fixes:
• the cryptsetup luksFormat command now properly wipes old filesystem signatures. (BZ#468910
199
)
• the exit code for cryptsetup status command is no longer incorrect. (BZ#439191
200
)
• the cryptsetup password entry message now includes the device name for which the user is being prompted. (BZ#437261
201
)
All users of cryptsetup-luks should upgrade to these updated packages, which resolve these issues.
1.28. cscope
1.28.1. RHSA-2009:1102: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1102
202
An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5.
Page 51
cups
33
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
cscope is a mature, ncurses-based, C source-code tree browsing tool.
Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541
203
, CVE-2009-0148
204
)
All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect.
1.29. cups
1.29.1. RHBA-2009:1360: bug fix update
Updated cups packages that fix several bugs are now available.
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX and Unix-like operating systems.
These updated packages address the following bugs:
• the libcups library's HTTP state machine could get into a busy loop when a connection was closed at an unexpected point. (BZ#474323)
• web interface template files and translated template files were not marked as configuration files so local modifications to them would be lost when applying updates. This update will also cause local modifications to those files to be lost, but will prevent the same situation occurring with future updates. (BZ#474769)
• the "compression" job option was encoded with the wrong IPP tag, preventing the "document­format" job option from overriding automatic MIME type detection of compressed job files . (BZ#474814)
• the "mailto" CUPS notifier used the wrong line ending when transferring messages to an SMTP server, causing it not to send any notifications. (BZ#474920)
• automatic MIME type detection would fail when the document name was required by the relevant rule but only one file was present in the job. MIME detection would also fail with some rules using "+" (e.g. application/x-shell). (BZ#479635)
• incorrect web interface URLs would be given when the server's domain name resolved to a local loopback address on the server. (BZ#479809)
• the CUPS configuration file directive "Satisfy Any" was not correctly implemented, causing access to be restricted in situations where it should not have been. (BZ#481303)
• an optimization in the libcups library for fetching details of a print queue when its name is known caused problems with obtaining the name of the default printer when "lpoptions" files listed a non­existent queue as the default. (BZ#481481)
203
https://www.redhat.com/security/data/cve/CVE-2004-2541.html
204
https://www.redhat.com/security/data/cve/CVE-2009-0148.html
Page 52
Chapter 1. Package Updates
34
• RPM verification would fail on configuration files even though content changes were expected. (BZ#487161)
• the CUPS scheduler requires an updated version of the krb5 package in order to function correctly but this was not an RPM dependency. (BZ#489714)
• the text-only filter would not send form-feed characters correctly. (BZ#491190)
• incorrect IPP-Get-Jobs requests, accepted by CUPS in current versions of Red Hat Enterprise Linux but rejected in newer versions of the upstream package, were generated by the cupsGetJobs2() API function and by the lpstat and lpq commands. (BZ#497529)
All cups users should upgrade to these updated packages, which resolve these issues.
1.29.2. RHSA-2009:1082: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1082
205
Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network.
A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially-crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949
206
)
Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue.
Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
1.29.3. RHSA-2009:0429: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0429
207
Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.
206
https://www.redhat.com/security/data/cve/CVE-2009-0949.html
Page 53
RHSA-2009:0429: Important security update
35
This update has been rated as having important security impact by the Red Hat Security Response Team.
The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems.
Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0147
208
, CVE-2009-1179
209
)
Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0146
210
, CVE-2009-1182
211
)
Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0166
212
, CVE-2009-1180
213
)
Multiple input validation flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0800
214
)
An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious TIFF file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0163
215
)
Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash when printed. (CVE-2009-0799
216
,
CVE-2009-1181
217
, CVE-2009-1183
218
)
Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws.
Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
208
https://www.redhat.com/security/data/cve/CVE-2009-0147.html
209
https://www.redhat.com/security/data/cve/CVE-2009-1179.html
210
https://www.redhat.com/security/data/cve/CVE-2009-0146.html
211
https://www.redhat.com/security/data/cve/CVE-2009-1182.html
212
https://www.redhat.com/security/data/cve/CVE-2009-0166.html
213
https://www.redhat.com/security/data/cve/CVE-2009-1180.html
214
https://www.redhat.com/security/data/cve/CVE-2009-0800.html
215
https://www.redhat.com/security/data/cve/CVE-2009-0163.html
216
https://www.redhat.com/security/data/cve/CVE-2009-0799.html
217
https://www.redhat.com/security/data/cve/CVE-2009-1181.html
218
https://www.redhat.com/security/data/cve/CVE-2009-1183.html
Page 54
Chapter 1. Package Updates
36
1.30. curl
1.30.1. RHSA-2009:1209: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1209
219
Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity.
Scott Cantor reported that cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully­crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. (CVE-2009-2417
220
)
cURL users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications using libcurl must be restarted for the update to take effect.
1.30.2. RHSA-2009:0341: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0341
221
Updated curl packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity.
David Kierznowski discovered a flaw in libcurl where it would not differentiate between different target URLs when handling automatic redirects. This caused libcurl to follow any new URL that it understood, including the "file://" URL type. This could allow a remote server to force a local libcurl­using application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2009-0037
222
)
220
https://www.redhat.com/security/data/cve/CVE-2009-2417.html
222
https://www.redhat.com/security/data/cve/CVE-2009-0037.html
Page 55
cvs
37
Note: Applications using libcurl that are expected to follow redirects to "file://" protocol must now explicitly call curl_easy_setopt(3) and set the newly introduced CURLOPT_REDIR_PROTOCOLS option as required.
cURL users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libcurl must be restarted for the update to take effect.
1.31. cvs
1.31.1. RHBA-2009:1370: bug fix update
An updated CVS package that fixes two bugs is now available.
Concurrent Version System (CVS) is a version control system that can record the history of your files.
This updated package fixes the following two bugs:
• mismatches between hosts sometimes caused the CVS client to present incorrect credentials to servers with gserver authentication. This update ensures the correct credentials are supplied by confirming the IP address of the currently-connected server so that host mismatch does not occur. (BZ#473245
223
)
• attempting to process large numbers of files with long names caused problems with some scripts due to lengthy command line arguments. This problem has been resolved by adding the possibility of passing arguments through standard input. (BZ#462062
224
)
All users of cvs are advised to upgrade to this updated package, which resolves these issues.
1.32. cyrus-imapd
1.32.1. RHSA-2009:1116: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1116
225
Updated cyrus-imapd packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support.
It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-
Page 56
Chapter 1. Package Updates
38
imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688
226
)
Users of cyrus-imapd are advised to upgrade to these updated packages, which resolve this issue. After installing the update, cyrus-imapd will be restarted automatically.
1.32.2. RHBA-2009:1120: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1120
227
Updated cyrus-imapd packages that fix several bugs are now available.
The cyrus-imapd package contains a high-performance mail server with IMAP, POP3, NNTP and SIEVE support.
These updated cyrus-imapd packages provide fixes for the following bugs:
• attempting to connect to the update server failed and resulted in the following error messages being logged to /var/log/maillog:
connect(192.168.11.110) failed: Invalid argument couldn't connect to MUPDATE server [IP address]: no connection to server FATAL: error connecting with MUPDATE server
These updated packages correct this problem so that connecting to the update server now works as expected. (BZ#326511
228
)
• on systems with 64-bit architectures, cyrus-imapd experienced a segmentation fault when replication was enabled. (BZ#484377
229
)
In addition, these updated cyrus-imapd packages provide the following enhancement:
• more detailed information has been added to the ctl_cyrusdb(8) man page, which explains how to perform operations common to Cyrus databases. (BZ#463230
230
)
Users are advised to upgrade to these updated cyrus-imapd packages, which resolve these issues and add this enhancement.
1.33. cyrus-sasl
1.33.1. RHBA-2009:1330: bug fix update
Updated cyrus-sasl packages that fix various bugs are now available.
226
https://www.redhat.com/security/data/cve/CVE-2009-0688.html
Page 57
db4
39
The cyrus-sasl packages contain the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.
This errata fixes the following bugs:
• the shadow authentication method was not working properly on 64 bit architectures. The saslauthd might randomly crash if it was configured to authenticate against the shadow file. (BZ#433583
231
)
• the rimap authentication method was not working properly when user passwords contain double quote characters. The saslauthd process would hang when it was configured to authenticate with the rimap method and user password contained such characters. (BZ#438533
232
)
• the saslauthd init script did not support a reload command although it was mentioned in the init script usage instructions. The reload is now implemented as a conditional restart of the saslauthd daemon. (BZ#448154
233
)
• the pluginviewer command did not display plugins which were not statically linked into it. The pluginviewer command is now linked dynamically so it can display any cyrus-sasl plugins which are installed on the system. (BZ#473197
234
)
• the ldap authentication method had very long timeout for network failure detection. The saslauthd now sets a network failure timeout based on the ldap_timeout configuration option. (BZ#475726
235
)
All Cyrus users are advised to install this updated package, which addresses these issues.
1.34. db4
1.34.1. RHBA-2009:0390: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0390
236
Updated db4 packages that resolve an issue are now available.
The Berkeley Database (Berkeley DB) is a programmatic toolkit that provides embedded database support for both traditional and client/server applications.
• These updated db4 packages fix a bug which, in certain circumstances, could have caused database environment recovery to fail.
All users of db4 are advised to upgrade to these updated packages, which resolve this issue.
1.35. device-mapper
1.35.1. RHBA-2009:1392: bug-fix and enhancement update
Updated device-mapper packages that include various bug fixes and enhancements are now available.
Page 58
Chapter 1. Package Updates
40
The device-mapper packages provide a library required by logical volume management utilities such as LVM2 and dmraid.
This update applies the following bug fixes:
• Fixes crash when dmsetup -U, -G, and -M options are used.
• Enforces device name length and character limitations.
This update adds the following enhancements:
• Adds "all" field to "-o fields" option, expanding to all fields of report type. That is, you can add -o <field_name> to specify which fields to print in certain commands; "-o all" expands to all possible fields known to report.
• Library now exports dm_tree_node_size_changed function and correctly propagates table size change up the device tree.
• Prints warning message if application releases the library and a memory pool is still in use (indicating a possible memory leak).
• Library is now compiled from merged device-mapper LVM2 tree (device-mapper library is now part of LVM2 source code tree).
All users of device-mapper should upgrade to these updated packages, which resolve these issues and include these enhancements.
1.36. device-mapper-multipath
1.36.1. RHBA-2009:0432: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0432
237
Updated device-mapper-multipath packages that resolve an issue are now available.
The device-mapper multipath packages provide tools to manage multipath devices by issuing instructions to the device-mapper multipath kernel module, and by managing the creation and removal of partitions for device-mapper devices.
These updated device-mapper-multipath packages fix the following bug:
• there was a race condition in the shutdown code for multipathd wherein a lock could be destroyed before all threads were finished using it. This could cause the machine to become unresponsive on multipathd shutdown. The multipathd daemon now waits for all threads to finish using the lock before destroying it, thus removing the race and resolving the issue.
• when adding a new multipath-capable block device, a race condition existed between the multipathd daemon and udev to multipath the new device. If udev--through multipath--updated the multipath devices first, then the multipathd daemon would not use the device-specific configurations for the
Page 59
RHSA-2009:0411: Moderate security update
41
device when it started monitoring the path. With this update, multipathd now correctly configures the device, even when udev notices it first, thus resolving the issue.
All users of device-mapper-multipath are advised to upgrade to these updated packages, which resolve this issue.
1.36.2. RHSA-2009:0411: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0411
238
Updated device-mapper-multipath packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The device-mapper multipath packages provide tools to manage multipath devices by issuing instructions to the device-mapper multipath kernel module, and by managing the creation and removal of partitions for device-mapper devices.
It was discovered that the multipathd daemon set incorrect permissions on the socket used to communicate with command line clients. An unprivileged, local user could use this flaw to send commands to multipathd, resulting in access disruptions to storage devices accessible via multiple paths and, possibly, file system corruption on these devices. (CVE-2009-0115
239
)
Users of device-mapper-multipath are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. The multipathd service must be restarted for the changes to take effect.
Important: the version of the multipathd daemon in Red Hat Enterprise Linux 5 has a known issue which may cause a machine to become unresponsive when the multipathd service is stopped. This issue is tracked in the Bugzilla bug #494582; a link is provided in the References section of this erratum. Until this issue is resolved, we recommend restarting the multipathd service by issuing the following commands in sequence:
# killall -KILL multipathd
# service multipathd restart
1.36.3. RHBA-2009:0283: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0283
240
239
https://www.redhat.com/security/data/cve/CVE-2009-0115.html
Page 60
Chapter 1. Package Updates
42
Updated device-mapper-multipath packages that fix a bug are now available.
The device-mapper-multipath packages provide tools to manage multipath devices by giving the device-mapper multipath kernel module instructions on what to do, as well as by managing the creation and removal of partitions for device-mapper devices.
• multipath must be able to open a file descriptor for each path that it monitors, plus 32 other file descriptors. By default, multipath can open 1024 file descriptors, which is sufficient for it to monitor 992 paths. If multipath is not able to open all the file descriptors that it needs, the multipath daemon will not function correctly, and in Red Hat Enterprise Linux 5.3, this situation exposes a kernel memory leak that can cause a system to stop responding. Previously, multipath would not warn users that it could not open enough file descriptors. Now, when multipath runs out of file descriptors, it prints an error message. System administrators can allow multipath to open more file descriptors by setting "max_fds" in the multipath.conf file to a sufficiently high number, or by setting "max_fds" to "max" to allow multipath to open as many file descriptors as the system allows.
Users are advised to upgrade to these updated device-mapper-multipath packages, which resolve this issue.
1.36.4. RHEA-2009:1377: bug-fix and enhancement update
Updated device-mapper-multipath packages that fix several bugs and add various enhancements are now available.
The device-mapper-multipath packages provide tools to manage multipath devices using the device­mapper multipath kernel module.
This update applies the following bug fixes:
• Occasionally multipathd was ignoring a device's hardware type when configuring it after a path was added.
• Multiple documentation errors were fixed.
• Multipathd would occasionally hang or crash while shutting down.
• Multipath would always return a failure exit code when removing a device with multipath -f/-F.
• Multipathd wouldn't free its resources when it failed to execute a callout.
• Multipathd would always return a success exit code for interactive commands, even if the command failed or was invalid.
• The mpath_prio_alua pritority callout was failing on some setups because a buffer was too small.
• Multipathd was holding mount points in the /etc directory busy, even after they were unmounted.
• Multipath and multipathd were racing to create the mulitpath devices for newly added block devices. This was causing device creation to take a long time on some systems, and could even cause devices to have incorrect configurations.
This update adds the following enhancements:
• Default configurations were added for the Compellent Storage Center and the IBM DS3200, DS3300, DS4700, and DS5000.
Page 61
dhcp
43
• It is now possible to set the verbosity level for the multipath and multipathd commands in /etc/ multipath.conf.
• The TUR path checker retries on more transient errors, so that multipathd will not fail a path due to a transient error.
• There is a new priority callout mpath_prio_intel to support the Intel Modular Server.
• There is now a multipath.conf.5 man page that explains the /etc/multipath.conf configuration file.
All users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.
1.37. dhcp
1.37.1. RHBA-2009:1331: bug fix update
A dhcp update that fixes several bugs is now available.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp package provides a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
This update applies the following updates:
• Supplying an interface name (on the command line) that was longer than the size declared by the IFNAMSIZ macro caused an unexpected segmentation fault. This update contains an added process that properly checks the validity of interface names, which resolves this issue. (BZ#441524
241
)
• This update corrects a bug in the way the dhclient-script file processed the $localClockFudge variable. In previous releases, this bug caused the NTPD daemon to restart unexpectedly at times. (BZ#450301
242
)
• dhclient now retains relay agent options when it enters the INIT and REBIND states. (BZ#450545
243
)
• A bug in the network shutdown code prevented dhclient from correctly honoring the PEERNTP and PEERDNS variables in /etc/sysconfig/network-scripts/ifcfg-* files. This caused dhcp to replace a modified /etc/ntp.conf file with a default version during a network service restart. This update fixes the bug, ensuring that dhclient-script no longer replaces the /etc/ntp.conf file upon network service restart if PEERNTP and PEERDNS are both set to 'yes'. (BZ#471543
244
)
• The dhcpd and dhcrelay init scripts do not support the 'try-restart' and 'reload' arguments. In previous releases, however, using these arguments did not output any error messages to inform the user that the restart/reload attempt failed. With this release, using the unsupported 'try-restart' or 'reload' arguments with the dhcpd or dhcrelay init scripts will correctly display the usage screen and exit the script with a status code 3. (BZ#491868
245
)
Users of dhcp are advised to apply this update.
Page 62
Chapter 1. Package Updates
44
1.38. dhcpv6
1.38.1. RHBA-2009:1409: bug fix update
Updated dhcpv6 packages that resolve an issue are now available.
The dhcpv6 packages implement the Dynamic Host Configuration Protocol (DHCP) for Internet Protocol version 6 (IPv6) networks, in accordance with RFC 3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6). DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information. It consists of: dhcp6c(8), the DHCPv6 client daemon; dhcp6s(8), the DHCPv6 server daemon; and dhcp6r(8), the DHCPv6 relay agent.
Previously, DHCPv6 was not able to be chosen as the IPv6 configuration method in anaconda. Choosing DHCPv6 instead of the default 'Automatic neighbor discovery' may have caused the installer to crash, returning a stack trace to the terminal. With this update, the libdhcp6client library code has been updated, and DHCPv6 can now be chosen as the IPv6 configuration method in the installer, which resolves this issue. (BZ#506722
246
)
All users of dhcpv6 are advised to upgrade to these updated packages, which resolve this issue.
1.39. dmidecode
1.39.1. RHBA-2009:1324: enhancement update
An updated dmidecode package that fixes a bug and adds enhancements is now available.
The dmidecode package provides utilities for extracting x86 and ia64 hardware information from the system BIOS or EFI, according to the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer.
This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).
This updated package adds the following enhancement:
• the previous version of the dmidecode package was based on upstream version 2.7 and lacked support for a variety of newer hardware. The package now provides version 2.9, which:
• updates support for SMBIOS specification version 2.5
• decodes slot IDs of AGP 8x and PCIE slots
• decodes newer processor characteristics (multi-core, multi-thread, 64-bit)
• supports newer types of chassis, processor, socket, connector and memory device
• supports x86 EFI
( BZ#459048
248247
)
This updated package fixes the following bug:
246
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=506722
Page 63
dmraid
45
• the default method used by dmidecode to retrieve entries from the DMI table produces unaligned access errors when used on Itanium systems. When built for the Itanium architecture, this version of the package includes a workaround that avoids these errors. ( BZ#459048
250249
).
Users of dmidecode are advised to upgrade to this updated package, which adds this enhancements and fixes this bug.
1.40. dmraid
1.40.1. RHBA-2009:1347: bug-fix and enhancement update
Updated dmraid packages that fix several bugs and add enhancements are now available.
The dmraid packages contain the ATARAID/DDF1 activation tool that supports RAID device discovery, RAID set activation, and displays properties for ATARAID/DDF1 formatted RAID sets on Linux kernels using device-mapper.
This update applies the following bug fixes:
• The dmraid logwatch-based email reporting feature has been moved from the dmraid-events package into the new dmraid-events-logwatch package. Consequently, systems that use this dmraid feature need to complete the following manual procedure: 1. Ensure the new 'dmraid-events­logwatch' package is installed. 2. Un-comment the functional portion of the "/etc/cron.d/dmeventd­logwatch" crontab file.
• The sgpio and dmevent_tool applications get installed with the dmraid package now.
• The drive order for isw RAID01 sets is now identical with the OROM order.
• Various issues with wrong LED rebuild and metadata states have been fixed.
This update adds the following enhancements:
• Device Failure Monitoring, using the tools dmraid and dmevent_tool, is now included in Red Hat Enterprise Linux 5.4 as a Technology Preview. Device Failure Monitoring provides the ability to watch and report device failures on component devices of RAID sets.
• dmraid now automatically activates device event monitoring for the isw metadata format (Intel IMSM). The dmevent_tool is still available to allow for manual (de)registration.
• dmraid now supports an "--rm_partitions" option to allow for removing partition devices for RAID set component devices.
• Activation of isw RAID sets on disks with long serial numbers is now supported.
All dmraid users should upgrade to these updated packages, which resolve these issues and add these enhancements.
Page 64
Chapter 1. Package Updates
46
1.41. dos2unix
1.41.1. RHBA-2009:0276: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0276
251
Updated dos2unix packages that resolve two bugs are now available.
The dos2unix utility converts DOS or MAC format text files to UNIX format.
This updated package provides fixes for the following bugs:
• dos2unix did not allow for instances where a user specified the -c option without a conversion mode name following it. An input in this format would therefore result in a segmentation fault. Dos2unix now exits safely with a message to the user that option -c requires an argument.
• when dos2unix created a new file as the output of its conversion (when run with the -n option), the new file would always have its permission mode set as 600, regardless of the permission mode of the original file. Dos2unix now sets the permission mode for the new file to be the same as the mode of the old file, filtered through the user's umask.
Users of dos2unix should upgrade to this updated package, which resolves these issues.
1.42. dump
1.42.1. RHBA-2009:0425: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0425
252
Updated dump packages that resolve several issues are now available.
The dump package contains both dump and restore commands. The dump command examines files in a file system, determines which ones need to be backed up, and copies those files to a specified disk, tape, or other storage medium. The restore command performs the inverse function of dump; it can restore a full backup of a file system. Subsequent incremental backups can then be layered on top of the full backup. Single files and directory subtrees may also be restored from full or partial backups.
These updated dump packages provide fixes for the following bugs:
• when running the dump command without specifying a dump level, then neither did dump's output indicate the dump level, as in the following example output:
Page 65
dvd+rw-tools
47
DUMP: Date of this level dump: Thu Apr 2 09:05:09 2009 DUMP: Date of this level dump: Thu Apr 2 09:05:09 2009
This has been corrected in these updated packages so that the dump level is no longer missing in output in which it is shown.
• When the dump command was called without a default dump level specified on the command line, then the dump level defaulted to 0, while the dump(8) man page stated that the default level was 9. The actual default dump level that is used when this is not specified in arguments to dump is 0, and the man page has been changed to reflect this.
• the restore(8) man page, as well as the program's help information, incorrectly implied that the '-P [file]' option could be used in conjunction with the '-A [archive_file]', which is not the case. Attempting to use both options results in the following error message: "restore: A option is not valid for P command". The restore(8) man page and restore's help has been corrected so that it is clear that the '-A' and '-P' options cannot be used together.
• several typos in the dump(8) man page were corrected.
All users of dump are advised to upgrade to these updated packages, which resolve these issues.
1.43. dvd+rw-tools
1.43.1. RHBA-2009:1072: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1072
253
An updated dvd+rw-tools package that addresses a bug and corrects a typo is now available for Red Hat Enterprise Linux 5.
The dvd+rw-tools package is a collection of tools to master DVD+RW/+R media.
• on some systems with manually-operated DVD drive trays (ie drives that cannot be closed mechanically, such as most slim-line drive trays), burning data to DVD media would produce an erroneous "Error writing to disk" alert. The data was, in fact, successfully burnt to the DVD and the newly burnt DVD was then ejected. The inability of the drive tray to close mechanically, however, caused dvd+rw-tools to return an "unable to reload tray" message which, in turn, caused the 'writing to disk' error to present. With this update, dvd+rw-tools treats the underlying "START_STOP_UNIT" message properly and, consequently, the misleading alert does not present. (BZ#390961
254
)
• a typo in the dvd+rw-tools.spec file was corrected. The "%{dist}" tag on the "Release" line was corrected to "%{?dist}". The correction ensures an rpm can be built from the dvd+rw-tools source even if a distribution is not defined in either the Makefile or your local ~/.rpmmacros file. (BZ#440621
255
)
All dvd+rw-tools users should upgrade to this updated package, which resolves these issues.
Page 66
Chapter 1. Package Updates
48
1.44. e2fsprogs
1.44.1. RHBA-2009:1291: bug fix and enhancement update
An updated e2fsprogs package that fixes various bugs and adds an enhancement is now available.
The e2fsprogs package contains a number of utilities that create, check, modify, and correct inconsistencies in second extended (ext2) file systems. e2fsprogs contains e2fsck (which repairs file system inconsistencies after an unclean shutdown), mke2fs (which initializes a partition to contain an empty ext2 file system), tune2fs (which modifies file system parameters), and most of the other core ext2fs file system utilities.
This updated version of e2fsprogs addresses the following issues:
• when mke2fs or resize2fs was run on a device of exactly 2^32 file system blocks (16 terabytes for 4 kilobit blocks), these commands would fail with a "File too large" error, because the maximum file system size was 2^32-1 blocks. mke2fs and resize2fs now round down by one block to allow the commands to succeed for devices of exactly 2^32 blocks, and the error no longer presents. (
BZ#241285
257256
)
• the German localization of an e2fsprogs process contained a typographical error. This has been corrected and the correct line now displays. (BZ#488960
258
)
• the e2fsck method, pass3, would use a pointer regardless of whether it contained a null value. This would result in a segfault. The method has been corrected and the problem no longer presents. (
BZ#505110
261260259
)
• the ismounted method was set to use two arguments when it required three. This has been corrected, and the method now works as expected. ( BZ#505110
264263262
)
• the debugfs method, logdump, performed a call to fclose without checking that the value being passed was not null. This would result in segfault. The method now checks for a null before attempting to pass the value, and does not call fclose if a null is present. (BZ#505110
265
)
• a typographical error in the uuidd initscript that caused an incorrect status to me set has been corrected. (BZ#506080
266
)
The updated package also includes the following enhancement:
• running mke2fs on devices larger than 8 terabytes required the "-F" (force) option to succeed. This update removes that requirement. (BZ#241285
267
)
All users should upgrade to this updated package, which resolves the listed issues and adds the noted enhancement.
1.45. e4fsprogs
1.45.1. RHBA-2009:1413: bug fix update
An updated e4fsprogs package that fixes a bug is now available.
The e4fsprogs package contains a number of utilities for creating, checking, modifying, and correcting inconsistencies in ext4 and ext4dev file systems. e4fsprogs contains e4fsck (used to repair file system
Page 67
ecryptfs-utils
49
inconsistencies after an unclean shutdown), mke4fs (used to initialize a partition to contain an empty ext4 file system), tune4fs (used to modify file system parameters), and most other core ext4fs file system utilities.
Important
this package is now designed and intended to be installed alongside the original e2fsprogs package in Red Hat Enterprise Linux. As such, certain binaries in the e4fsprogs package have been given new names. For example, the utility that checks ext4 file systems for consistency has been renamed to "e4fsck", thus allowing the original "e2fsck" program from the e2fsprogs package to coexist on the same system. (BZ#485316
268
)
Notably, this updated e4fsprogs package includes a fix for the following bug:
• invoking the "stats" command while at the "debuge4fs" prompt could cause "debuge4fs" to segmentation fault due to a missing check to see whether the file system was currently open. This has been fixed in this updated package so that calling "stats" is now safe. (BZ#482894
269
)
All users of e4fsprogs are advised to upgrade to this updated package, which resolves this issue.
1.46. ecryptfs-utils
1.46.1. RHSA-2009:1307: Low security, bug fix, and enhancement
update
Updated ecryptfs-utils packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat Security Response Team.
eCryptfs is a stacked, cryptographic file system, transparent to the underlying file system and provides per-file granularity.
eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5.4. These updated ecryptfs-utils packages have been upgraded to upstream version 75, which provides a number of bug fixes and enhancements over the previous version. In addition, these packages provide a graphical program to help configure and use eCryptfs. To start this program, run the command:
ecryptfs-mount-helper-gui
Important: the syntax of certain eCryptfs mount options has changed. Users who were previously using the initial Technology Preview release of ecryptfs-utils are advised to refer to the ecryptfs(7) man page, and to update any affected mount scripts and /etc/fstab entries for eCryptfs file systems.
A disclosure flaw was found in the way the "ecryptfs-setup-private" script passed passphrases to the "ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" commands as command line arguments. A local user could obtain the passphrases of other users who were running the script from the process listing. (CVE-2008-5188
270
)
270
https://www.redhat.com/security/data/cve/CVE-2008-5188.html
Page 68
Chapter 1. Package Updates
50
These updated packages provide various enhancements, including a mount helper and supporting libraries to perform key management and mounting functions.
Notable enhancements include:
• a new package, ecryptfs-utils-gui, has been added to this update. This package depends on the pygtk2 and pygtk2-libglade packages and provides the eCryptfs Mount Helper GUI program. To install the GUI, first install encryptfs-utils and then issue the following command:
yum install ecryptfs-utils-gui
(BZ#500997
271
)
• the "ecryptfs-rewrite-file" utility is now more intelligent when dealing with non-existent files and with filtering special files such as the "." directory. In addition, the progress output from "ecryptfs­rewrite-file" has been improved and is now more explicit about the success status of each target. (BZ#500813
272
)
• descriptions of the "verbose" flag and the "verbosity=[x]" option, where [x] is either 0 or 1, were missing from a number of eCryptfs manual pages, and have been added. Refer to the eCryptfs man pages for important information regarding using the verbose and/or verbosity options. (BZ#470444
273
)
These updated packages also fix the following bugs:
• mounting a directory using the eCryptfs mount helper with an RSA key that was too small did not allow the eCryptfs mount helper to encrypt the entire key. When this situation occurred, the mount helper did not display an error message alerting the user to the fact that the key size was too small, possibly leading to corrupted files. The eCryptfs mount helper now refuses RSA keys which are to small to encrypt the eCryptfs key. (BZ#499175
274
)
• when standard input was redirected from /dev/null or was unavailable, attempting to mount a directory with the eCryptfs mount helper caused it to become unresponsive and eventually crash, or an "invalid value" error message, depending on if the "--verbosity=[value]" option was provided as an argument, and, if so, its value. With these updated packages, attempting to mount a directory using "mount.ecryptfs" under the same conditions results in either the mount helper attempting to use default values (if "verbosity=0" is supplied), or an "invalid value" error message (instead of the mount helper hanging) if standard input is redirected and "--verbosity=1" is supplied, or that option is omitted entirely. (BZ#499367
275
)
• attempting to use the eCryptfs mount helper with an OpenSSL key when the keyring did not contain enough space for the key resulted in an unhelpful error message. The user is now alerted when this situation occurs. (BZ#501460
276
)
• the eCryptfs mount helper no longer fails upon receiving an incorrect or empty answer to "yes/no" questions. (BZ#466210
277
)
Users are advised to upgrade to these updated ecryptfs-utils packages, which resolve these issues and add these enhancements.
Page 69
efax
51
1.47. efax
1.47.1. RHBA-2009:1113: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1113
278
An updated efax package that fixes a bug is now available.
The efax program is a small ANSI C/POSIX utility that sends and receives faxes using any Class 1, 2 or 2.0 fax modem.
This updated efax package fixes a bug which caused a segmentation fault when attempting to send a fax due to the incorrect use of an internal efax function.
All users of efax are advised to upgrade to this updated package, which resolves this issue.
1.48. esc
1.48.1. RHBA-2009:1310: bug fix update
An updated esc package that fixes various bugs is now available.
The esc package contains the "Smart Card Manager" GUI tool, which allows the user to manage security smart cards. The primary function of the tool is to enroll smart cards, so that they can be used for common cryptographic operations, such as secure email and website access.
This updated package fixes the following bugs:
• If a smart card were inserted when the esc daemon was already running then there could be odd behaviors when the ESC GUI was opened. For example, if the smart card was blank, then the Phone Home configuration dialog would not open. When the smart card was removed, then esc could crash. (BZ#496410
279
)
• If a user attempted to re-enroll a formatted token when the RE_ENROLL value was set to NO, then the ESC wrongly gave an error that the token was suspended, not that re-enrollment wasn't allowed. This message has been corrected. (BZ#494981
280
)
This update also includes enhancements for smart card management:
• Certificate System previously supported re-enrollment for tokens, which allows a formatted token to be re-formatted with new certificates. This enhancement also allows smart cards to have renewal operations, so existing certificates can have renewed.
• This release includes enhancements to streamline the security officer mode for ESC. Security officer mode allows designated users to perform in-person token enrollments, as added security. This simplifies launching the ESC GUI in security officer mode.
Page 70
Chapter 1. Package Updates
52
Users of esc are advised to upgrade to this updated package, which resolves these issues.
1.49. ethtool
1.49.1. RHEA-2009:1408: enhancement update
An enhanced ethtool package that adds support for GRO options is now available.
Ethtool allows querying and changing of ethernet card settings, such as speed, port, autonegotiation, and PCI locations.
This updated package adds the following enhancement:
• generic receive offload (GRO) has been added to some network drivers in Red Hat Enterprise Linux 5.4. GRO aggregates packets before they're processed by the rest of the stack. This allows TCP performance to be greatly enhanced at high speeds. In particular, it's crucial for good 10GbE performance. With GRO enabled, you should observe higher throughput, lower CPU utilization of network traffic, or both; especially with smaller message sizes.
The kernel in Red Hat Enterprise Linux 5.4 allows users to manually control whether GRO is enabled for supported ethernet adapters. This updated ethtool provides a command-line interface -­"ethtool -k" -- for setting and querying that flag. (BZ#509398
281
)
All ethtool users should upgrade to this updated package which adds this capability.
1.50. evince
1.50.1. RHBA-2009:1404: bug fix update
An updated evince package that fixes a printing bug is now available.
evince is a GNOME-based document viewer.
This update fixes a flaw in evince versions prior to 0.6.0-8 discovered by Jonathan Peatfield:
• when printing "n" copies of a non-postscript document, "n times n" copies were printed instead. (That is, if two copies were requested, four copies -- 2 x 2 -- were printed.) This flaw has been corrected. Note: the underlying cause of this problem also influenced collated printing, reversed printing and printing of sets of pages. (BZ#439937
282
)
All Evince users are advised to upgrade to this updated package, which resolves these issues.
1.51. evolution
1.51.1. RHBA-2009:1260: bug fix update
Updated evolution packages that fix several bugs and add various enhancements are now available.
Evolution is the GNOME collection of personal information management (PIM) tools.
Page 71
RHBA-2009:1260: bug fix update
53
These updated evolution packages provide fixes for the following bugs:
• when adding a new Exchange account, a Mailbox name separate from the user name can now be specified. (BZ#205787
283
)
• pasting text into an event summary by issuing the Ctrl+V control code did not work as expected. (BZ#208356
284
)
• running Evolution in a different language caused it to not display certain translations such as "On This Computer", "Personal" and specific calendar and address book names. (BZ#210858
285
)
• when attempting to import a certificate from the Edit Preferences -> Certificates menu, the subsequent Trust dialog box appeared below the file selector window, forcing users to manually move both windows in order to accomplish the task. (BZ#212206
286
)
• Evolution crashed due to a segmentation fault when reading certain email messages when accessibility was enabled. (BZ#212481
287
)
• attempting to import a vCard File containing contacts into a new address book created during the import process failed, and no contacts were imported. All contacts imported in this way are now present in the new address book. (BZ#215470
288
)
• selecting the "On This Computer" folder and then clicking Folder -> Properties produced no result. The "Properties" menu item is now correctly grayed-out. (BZ#215479
289
)
• Evolution did not honor the selected day when adding a memo while in calendar view: the user had to manually alter the memo's date afterward. (BZ#217541
290
)
• searching an address book using the "any field" option when no results were found caused Evolution to display all contacts instead of none. This behavior is now more intuitive: no contacts are displayed when none are found. (BZ#217714
291
)
• while in Mail view, deselecting a previously-selected group of messages by clicking on one of those selected did not result in that message being shown in the preview pane. (BZ#227710
292
)
• when accessibility was enabled, specific combinations of calender-viewing actions caused Evolution to crash. (BZ#428817
293
)
• when starting Evolution for the first time with a German (de_DE) locale, the setup wizard window was too large for some monitors to display. (BZ#432322
294
)
• dragging-and-dropping messages into the "Personal Folders" caused those messages to be irretrievably lost. Dropping messages into "Personal Folders" is now disallowed. (BZ#437768
295
)
• Evolution's account editor did not strip whitespace characters in hostnames, which caused a failure to connect when attempting to retrieve email. (BZ#446945
296
)
• sorting email by subject did not always result in the expected alphabetical sorting. (BZ#449797
297
)
• the Contact Quick-Add window allowed users to click "OK" without selecting an address book, which did not result in the contact being added to any address book. (BZ#449983
298
)
• attempting to download Exchange messages for offline use caused Evolution to segmentation fault. Evolution no longer crashes, and downloading Exchange messages works as expected, allowing for offline use. (BZ#472872
299
)
Page 72
Chapter 1. Package Updates
54
• it was not possible to create a new folder from the New Search Folder dialog box and related menus. Also, attempting to name a new folder and then clicking the "Create" button caused Evolution to crash under certain circumstances. (BZ#473024
300
)
• moving an Exchange folder containing subfolders to a different location resulted in the loss of all subfolders and their emails. With this update, all subfolders and their contents are copied or moved correctly and without any loss of data. (BZ#480849
301
)
In addition, these updated packages provide the following enhancements:
• improved support for CalDAV. (BZ#484252
302
)
• the cursor now conveniently moves to the new rule when it is created in the "Add Rule" dialog box. (BZ#218539
303
)
Users are advised to upgrade to these updated evolution packages, which resolve these issues and add these enhancements.
1.52. evolution-connector
1.52.1. RHBA-2009:1261: bug fix update
An updated evolution-connector package that fixes various bugs is now available.
The evolution-connector package is an add-on to Evolution, an e-mail, calendar and information management client, that gives it the ability to interact with a Microsoft® Exchange Server.
This updated evolution-connector package includes fixes for the following bugs:
• when adding a new Exchange account, a Mailbox name separate from the user name can now be specified. (BZ#205787
304
)
• a memory leak related to using Exchange accounts has been plugged. (BZ#393761
305
)
• dragging-and-dropping messages into the "Personal Folders" caused those messages to be irretrievably lost. Dropping messages into "Personal Folders" is now disallowed. (BZ#437768
306
)
• incoming mail filters had no effect on messages received by Exchange-based email accounts. This has been fixed in this updated package so that incoming mail filters work as expected with Exchange accounts. (BZ#446095
307
)
• in certain situations, notifications were not shown for calendar events stored on an Exchange Server. With this updated package, notifications work correctly as long as Evolution is configured to remember Exchange Server passwords. Otherwise, notifications fail to be shown. (BZ#480164
308
)
• moving an Exchange folder containing subfolders to a different location resulted in the loss of all subfolders and their emails. With this update, all subfolders and their contents are copied or moved correctly and without any loss of data. (BZ#480849
309
)
All users of evolution-connector are advised to upgrade to this updated package, which resolves these issues.
Page 73
evolution-data-server
55
1.53. evolution-data-server
1.53.1. RHSA-2009:0354: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0354
310
Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications.
Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/ MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547
311
)
It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582
312
)
Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587
313
)
All users of evolution-data-server and evolution28-evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution Data Server and applications using it (such as Evolution) must be restarted for the update to take effect.
1.53.2. RHBA-2009:1259: bug fix update
Updated evolution-data-server packages that resolve several issues are now available.
The evolution-data-server package provides a unified back end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back end for Evolution, but is now used by multiple other applications.
These updated evolution-data-server packages provide fixes for the following bugs:
311
https://www.redhat.com/security/data/cve/CVE-2009-0547.html
312
https://www.redhat.com/security/data/cve/CVE-2009-0582.html
313
https://www.redhat.com/security/data/cve/CVE-2009-0587.html
Page 74
Chapter 1. Package Updates
56
• occasionally, a "?" appeared as the last result of the list obtained when viewing the "Select Contacts from Address Book" dialog. With these updated packages, this incorrect entry no longer occurs in the dialog window when selecting contacts. (BZ#220431
314
)
• The IMAP mail protocol distinguishes between messages which are "new" on the server and messages which are "new" for a mail client. This dichotomy led Evolution Data Server to only apply filters to one of the "new" groups and not to the other, which meant that email filters were not applied to certain messages. With these updated packages, filters now apply to all IMAP messages which are new for the client, with the result that all messages can now be successfully filtered. (BZ#247779
315
)
• when attempting to connect to an Exchange 2007 server, the server's response sometimes caused Evolution to segmentation fault. Although the possibility of an Exchange 2007 server's response causing Evolution to crash has been fixed with these updated packages, it is still not possible for Evolution to communicate successfully with an Exchange 2007 server. (BZ#433648
316
)
• when Evolution was configured with two IMAP accounts, deleting one of those accounts could have caused Evolution to segmentation fault. These updated packages fix a variable referencing error with the result that disabling a mail account no longer causes Evolution to crash. (BZ#437758
317
)
• Evolution Data Server could segmentation fault when provided a malformed CalDAV calendar URL. With these updated packages, Evolution performs better error-checking on calendar URLs, which prevents this issue from occurring. (BZ#440232
318
)
• the Exchange connector for Evolution Data Server contained several memory leaks which have been plugged in these updated packages. (BZ#460669
319
)
• when adding a new Exchange account, a Mailbox name separate from the user name can now be specified. (BZ#460671
320
)
• when reading a calendar via the CalDAV protocol, Evolution failed to correctly adjust the time of events based on timezone information. (BZ#462007
321
)
• improved support for CalDAV. (BZ#484232
322
)
• attempting to download Exchange messages for offline use caused Evolution to segmentation fault. Evolution no longer crashes, and downloading Exchange messages works as expected, allowing for offline use. (BZ#489869
323
)
• Evolution incorrectly switched to Daylight Saving Time (DST) one week later than the time when DST should have started. With these updated packages, DST now takes effect at the correct time. (BZ#490218
324
)
• Evolution did not provide notifications for events located on a foreign Exchange calendar. This update ensures that Evolution is able to notify based on foreign Exchange calendar events in the same way as for local calendars. (BZ#494847
325
)
All users of evolution-data-server are advised to upgrade to these updated packages, which resolve these issues.
Page 75
file
57
1.54. file
1.54.1. RHBA-2009:0456: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0456
326
An updated file package that fixes a bug is now available.
The file command is used to identify a particular file according to the type of data contained in the file.
This updated file package provides fixes for the following bug:
• A core file, which is created when a program crashes, contains the name of the crashed program. The file command did not report the correct program name on some core files. The file command reports the correct name with this updated package.
Users are advised to upgrade to this updated file package, which resolves this issue.
1.55. findutils
1.55.1. RHEA-2009:1410: enhancement update
An enhanced findutils package is now available.
The findutils package contains programs for locating files. The find utility searches for files matching a certain set of criteria. The xargs utility builds and executes command lines from standard input arguments.
This updated findutils package adds the following enhancement:
• when using the "find" utility to search a directory hierarchy which contained autofs mounts, it dutifully triggered the aufofs mounts so that they could be searched, even when "find" had been directed to exclude NFS shares. With these updated packages, "find" possesses an additional exclusionary flag, "-xautofs", that prevents "find" from searching all autofs direct mounts in the searched directory hierarchy. (BZ#485672
327
)
Users of findutils are advised to upgrade to this updated package, which adds this enhancement.
1.56. fipscheck
1.56.1. RHEA-2009:1266: enhancement update
An updated fipscheck package which contains enhancements necessary for FIPS validation is now available.
FIPSCheck is a library used to verify the integrity of modules validated under FIPS-140-2. The fipscheck package provides helper binaries for creating and verifying HMAC-SHA256 checksum files.
Page 76
Chapter 1. Package Updates
58
These updated fipscheck packages add the following enhancements:
• previously, the fipscheck libraries and binaries were installed in / (root). However, because they are not required by anything in /, they are now relocated to /usr. (BZ#475800
328
)
• previously, the fipscheck libraries were packaged in the main fipscheck package. This would lead to a file conflict when installing fipscheck on architectures with multilib support. The fipscheck libraries are now shipped in fipscheck-lib subpackages for each architecture, therefore avoiding the file conflict. (BZ#502676
329
)
• fipscheck now includes a runtime integrity self-test which is necessary for FIPS 140-2 level 1 validation of Red Hat Enterprise Linux 5 cryptography modules.
• the FIPSCHECK_DEBUG environment variable adds improved debugging. Error messages can be saved to the syslog or sent to stderr.
• fipscheck can now compute HMACs on multiple files at the same time.
Users of fipscheck are advised to upgrade to these updated packages, which add these enhancements.
1.57. firefox
1.57.1. RHSA-2009:1162: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1162
330
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462
331
, CVE-2009-2463
332
, CVE-2009-2464
333
, CVE-2009-2465
334
,
CVE-2009-2466
335
, CVE-2009-2467
336
, CVE-2009-2469
337
, CVE-2009-2471
338
)
331
https://www.redhat.com/security/data/cve/CVE-2009-2462.html
332
https://www.redhat.com/security/data/cve/CVE-2009-2463.html
333
https://www.redhat.com/security/data/cve/CVE-2009-2464.html
334
https://www.redhat.com/security/data/cve/CVE-2009-2465.html
335
https://www.redhat.com/security/data/cve/CVE-2009-2466.html
336
https://www.redhat.com/security/data/cve/CVE-2009-2467.html
337
https://www.redhat.com/security/data/cve/CVE-2009-2469.html
338
https://www.redhat.com/security/data/cve/CVE-2009-2471.html
Page 77
RHSA-2009:1095: Critical security update
59
Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472
339
)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.12. You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
1.57.2. RHSA-2009:1095: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1095
340
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1392
341
, CVE-2009-1832
342
, CVE-2009-1833
343
, CVE-2009-1837
344
,
CVE-2009-1838
345
, CVE-2009-1841
346
)
Multiple flaws were found in the processing of malformed, local file content. If a user loaded malicious, local content via the file:// URL, it was possible for that content to access other local data. (CVE-2009-1835
347
, CVE-2009-1839
348
)
A script, privilege elevation flaw was found in the way Firefox loaded XML User Interface Language (XUL) scripts. Firefox and certain add-ons could load malicious content when certain policy checks did not happen. (CVE-2009-1840
349
)
A flaw was found in the way Firefox displayed certain Unicode characters in International Domain Names (IDN). If an IDN contained invalid characters, they may have been displayed as spaces, making it appear to the user that they were visiting a trusted site. (CVE-2009-1834
350
)
339
https://www.redhat.com/security/data/cve/CVE-2009-2472.html
341
https://www.redhat.com/security/data/cve/CVE-2009-1392.html
342
https://www.redhat.com/security/data/cve/CVE-2009-1832.html
343
https://www.redhat.com/security/data/cve/CVE-2009-1833.html
344
https://www.redhat.com/security/data/cve/CVE-2009-1837.html
345
https://www.redhat.com/security/data/cve/CVE-2009-1838.html
346
https://www.redhat.com/security/data/cve/CVE-2009-1841.html
347
https://www.redhat.com/security/data/cve/CVE-2009-1835.html
348
https://www.redhat.com/security/data/cve/CVE-2009-1839.html
349
https://www.redhat.com/security/data/cve/CVE-2009-1840.html
350
https://www.redhat.com/security/data/cve/CVE-2009-1834.html
Page 78
Chapter 1. Package Updates
60
A flaw was found in the way Firefox handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Firefox instance that is using a proxy server, they may be able to steal sensitive information from the site the user is visiting. (CVE-2009-1836
351
)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.11. You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.11, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
1.57.3. RHSA-2009:0449: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0449
352
Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313
353
)
For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect.
1.57.4. RHSA-2009:0436: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0436
354
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.
351
https://www.redhat.com/security/data/cve/CVE-2009-1836.html
353
https://www.redhat.com/security/data/cve/CVE-2009-1313.html
Page 79
RHSA-2009:0397: Critical security update
61
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302
355
, CVE-2009-1303
356
, CVE-2009-1304
357
, CVE-2009-1305
358
)
Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652
359
, CVE-2009-1306
360
, CVE-2009-1307
361
, CVE-2009-1308
362
, CVE-2009-1309
363
,
CVE-2009-1310
364
, CVE-2009-1312
365
)
A flaw was found in the way Firefox saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311
366
)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
1.57.5. RHSA-2009:0397: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0397
367
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
355
https://www.redhat.com/security/data/cve/CVE-2009-1302.html
356
https://www.redhat.com/security/data/cve/CVE-2009-1303.html
357
https://www.redhat.com/security/data/cve/CVE-2009-1304.html
358
https://www.redhat.com/security/data/cve/CVE-2009-1305.html
359
https://www.redhat.com/security/data/cve/CVE-2009-0652.html
360
https://www.redhat.com/security/data/cve/CVE-2009-1306.html
361
https://www.redhat.com/security/data/cve/CVE-2009-1307.html
362
https://www.redhat.com/security/data/cve/CVE-2009-1308.html
363
https://www.redhat.com/security/data/cve/CVE-2009-1309.html
364
https://www.redhat.com/security/data/cve/CVE-2009-1310.html
365
https://www.redhat.com/security/data/cve/CVE-2009-1312.html
366
https://www.redhat.com/security/data/cve/CVE-2009-1311.html
Page 80
Chapter 1. Package Updates
62
A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169
368
)
A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044
369
)
For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata.
Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.
1.57.6. RHSA-2009:0315: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0315
370
An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040
371
, CVE-2009-0771
372
, CVE-2009-0772
373
, CVE-2009-0773
374
,
CVE-2009-0774
375
, CVE-2009-0775
376
)
Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776
377
, CVE-2009-0777
378
)
For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata.
368
https://www.redhat.com/security/data/cve/CVE-2009-1169.html
369
https://www.redhat.com/security/data/cve/CVE-2009-1044.html
371
https://www.redhat.com/security/data/cve/CVE-2009-0040.html
372
https://www.redhat.com/security/data/cve/CVE-2009-0771.html
373
https://www.redhat.com/security/data/cve/CVE-2009-0772.html
374
https://www.redhat.com/security/data/cve/CVE-2009-0773.html
375
https://www.redhat.com/security/data/cve/CVE-2009-0774.html
376
https://www.redhat.com/security/data/cve/CVE-2009-0775.html
377
https://www.redhat.com/security/data/cve/CVE-2009-0776.html
378
https://www.redhat.com/security/data/cve/CVE-2009-0777.html
Page 81
RHSA-2009:0256: Critical security update
63
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect.
1.57.7. RHSA-2009:0256: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0256
379
An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0352
380
, CVE-2009-0353
381
, CVE-2009-0356
382
)
Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0354
383
, CVE-2009-0355
384
)
A flaw was found in the way Firefox treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357
385
)
A flaw was found in the way Firefox treated certain HTTP page caching directives. A local attacker could steal the contents of sensitive pages which the page author did not intend to be cached. (CVE-2009-0358
386
)
For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.6. You can find a link to the Mozilla advisories in the References section.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.6, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
380
https://www.redhat.com/security/data/cve/CVE-2009-0352.html
381
https://www.redhat.com/security/data/cve/CVE-2009-0353.html
382
https://www.redhat.com/security/data/cve/CVE-2009-0356.html
383
https://www.redhat.com/security/data/cve/CVE-2009-0354.html
384
https://www.redhat.com/security/data/cve/CVE-2009-0355.html
385
https://www.redhat.com/security/data/cve/CVE-2009-0357.html
386
https://www.redhat.com/security/data/cve/CVE-2009-0358.html
Page 82
Chapter 1. Package Updates
64
1.58. flash-plugin
1.58.1. RHSA-2009:1188: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1188
387
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug­in.
Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-1862
388
, CVE-2009-1863
389
, CVE-2009-1864
390
, CVE-2009-1865
391
,
CVE-2009-1866
392
, CVE-2009-1868
393
, CVE-2009-1869
394
)
A clickjacking flaw was discovered in Flash Player. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. (CVE-2009-1867
395
)
A flaw was found in the Flash Player local sandbox. A specially-crafted SWF file could cause information disclosure when it was saved to the hard drive. (CVE-2009-1870
396
)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.32.18.
1.58.2. RHSA-2009:0332: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0332
397
An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary.
388
https://www.redhat.com/security/data/cve/CVE-2009-1862.html
389
https://www.redhat.com/security/data/cve/CVE-2009-1863.html
390
https://www.redhat.com/security/data/cve/CVE-2009-1864.html
391
https://www.redhat.com/security/data/cve/CVE-2009-1865.html
392
https://www.redhat.com/security/data/cve/CVE-2009-1866.html
393
https://www.redhat.com/security/data/cve/CVE-2009-1868.html
394
https://www.redhat.com/security/data/cve/CVE-2009-1869.html
395
https://www.redhat.com/security/data/cve/CVE-2009-1867.html
396
https://www.redhat.com/security/data/cve/CVE-2009-1870.html
Page 83
foomatic
65
This update has been rated as having critical security impact by the Red Hat Security Response Team.
The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in.
Multiple input validation flaws were found in the way Flash Player displayed certain SWF (Shockwave Flash) content. An attacker could use these flaws to create a specially-crafted SWF file that could cause flash-plugin to crash, or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-0520
398
, CVE-2009-0519
399
)
It was discovered that Adobe Flash Player had an insecure RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user with write access to the directory pointed to by RPATH could use this flaw to execute arbitrary code with the privileges of the user running Adobe Flash Player. (CVE-2009-0521
400
)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.22.87.
1.59. foomatic
1.59.1. RHBA-2009:1240: bug fix update
An updated foomatic package that fixes two bugs is now available.
Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. An interactive version of this database is available at http://www.linuxfoundation.org/en/ OpenPrinting/Database/DatabaseIntro
Foomatic provides utilities to generate driver description files and printer queues for CUPS, LPD, LPRng, and PDQ from the database. As well, foomatic makes it possible to read PJL-options out of PJL-capable laser printers and take them into account when driver description files are generated.
The package also includes spooler-independent command line interfaces to manipulate queues (foomatic-configure) and to print files and manipulate print jobs (foomatic printjob).
This updated package addresses the following issues:
• previously, PostScript Printer Descriptions (PPDs) created for printers for which no page margin information was available used ImageableArea settings that equated to zero-width margins (ie, foomatic over-optimistically assumed edge-to-edge printing capability in the absence of specific information to the contrary). With this update, PPDs created for printers with no included margin information are set to 127mm (36 points or 0.5") by default. This avoids problems with print jobs being cropped at the edges of the page. (BZ#244348
401
)
• spooler auto-detection is not part of foomatic and, previously, foomatic did not set a default spooler. Consequently, the foomatic-configure command failed to detect that CUPS was present if a default spooler was not set in /etc/foomatic/defaultspooler (which was not created by default during foomatic installation). With this update, /etc/foomatic/defaultspooler is created during installation and the default spooler is set to CUPS, ensuring foomatic-configure is aware of CUPS. (BZ#454684
402
)
All foomatic users should upgrade to this updated package, which resolves these issues.
398
https://www.redhat.com/security/data/cve/CVE-2009-0520.html
399
https://www.redhat.com/security/data/cve/CVE-2009-0519.html
400
https://www.redhat.com/security/data/cve/CVE-2009-0521.html
Page 84
Chapter 1. Package Updates
66
1.60. freetype
1.60.1. RHSA-2009:1061: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1061
403
Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine.
Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946
404
)
Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.
1.61. gcc
1.61.1. RHBA-2009:1376: bug fix update
A gcc update that resolves several GFortran compiler bugs (along with several other bugs) is now available.
The gcc packages include C, C++, Java, Fortran, Objective C, and Ada 95 GNU compilers, along with related support libraries.
This update applies the following bug fixes:
• 64-bit multiplication by constant on the x86 platform caused unexpected aborts when compiling code that used 'unsigned long long' variables. This was because the compiler did not check whether CONST_DOUBLE_LOW was positive when multiplying constants. With this update, the compiler now check if CONST_DOUBLE_LOW is positive, ensuring that 'unsigned long long' variables are processed correctly during compiles. (BZ#465807
405
)
• A bug in the way the GFortran compiler processed unique symtrees could have prevented some valid GFortran code from compiling if the code contained symbols defined by USE and ONLY clauses. Whenever this occurred, the compile attempt would fail with a segmentation fault. This update adds a special function that correctly reconciles symbols with unique symtrees, which resolves this bug. (BZ#483845
406
)
404
https://www.redhat.com/security/data/cve/CVE-2009-0946.html
Page 85
gcc44
67
• Using the -fabi-version=1 option prevented some valid C++ code from compiling. This was because Version 1 of the C++ ABI did not properly substitute template parameters. This release corrects this behavior, adding a function that correctly sets the processing_template_decl to 0 when performing substitutions. (BZ#492011
407
)
• A bug in the way gcc optimized code could have prevented some samples of valid C code from compiling (resulting in an internal compiler error) whenever the -O1 option was used. This was because during optimized compiles, the C compiler did not properly process bounds; this resulted in incorrect computations for loop iterations. With this update, the compiler now processes bounds correctly, ensuring that valid C code compiles correctly with the -O1 option set. (BZ#490513
408
)
• The GFortran compiler did not handle FMT= character array arguments properly. This prevented some samples of valid GFortran code from compiling; whenever this occurred, the compile attempt would fail with a segmentation fault. This update adds new functions to correct how FMT= character array arguments are handled, thereby resolving this bug. (BZ#492209
409
)
• The expand_expr_real_1() function of the C compiler did not handle TRUTH_ANDIF_EXPR and TRUTH_ORIF_EXPR cases correctly. As a result, a compile attempt could fail with an internal compiler error on the PowerPC platform. This update applies an upstream fix for this issue. (BZ#495469
410
)
Users are advised to upgrade to this gcc update, which applies these fixes.
1.62. gcc44
1.62.1. RHBA-2009:1375: bug fix and enhancement update
The GNU Compiler Collection (GCC) version 4.4.0 is now available as Technology Preview.
The gcc44 packages provide the GNU Compiler Collection (GCC), which includes GNU compilers and related support libraries for C, C++, and Fortran programming languages. These packages also include libgomp, the GNU implementation of the OpenMP Application Programming Interface for multi­platform shared-memory parallel programming.
These new gcc43 packages provide a snapshot release of GCC version 4.4.0 as a Technology Preview. The libgomp version included in this release supports OpenMP version 3.0, a backward­compatible update to the OpenMP 2-series. (BZ#494563
411
)
This release also features the following bug fixes:
• GFortran provided improper DWARF definitions for array parameters (i.e. missing upper bounds). This was caused by a bug in gcc/fortran/trans-decl.c that provided incorrect debugging information for variable-length, non-desc Fortran arrays. With this release, Gfortran now provides proper DWARF definitions for arrays parameters. (BZ#459374
412
)
• A bug in GFortran made it possible for an internal compiler error to incorrectly escalate to a segmentation fault (instead of terminating the compilation gracefully). An upstream fix for this bug is now included with this release. (BZ#466928
413
)
• Whenever gcc is used with the option -march=z9-ec or -march=z10, hardware decimal floating point (DFP) support is used by default. (BZ#474367
414
)
411
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=494563
Page 86
Chapter 1. Package Updates
68
• An improper option (i.e. %global _use_internal_dependency_generator 0) used during the build of libgomp in previous releases disabled "file coloring". This caused RPM to erroneously detect a file conflict on /usr/lib/libgomp.so.1.0.0 when installing libgomp from the Itanium compatibility layer. This release includes a properly-built libgomp, which resolves this issue. (BZ#503725
415
)
Note
the -fgnu89-inline option instructs GCC to use traditional GNU semantics for inline functions when in C99 mode. In this Technology Preview, -fgnu89-inline is used by default. This is necessary because the Red Hat Enterprise Linux 5 header files expect GNU inline semantics instead of ISO C99 semantics. Further, these header files have not been adjusted to request inline settings through attributes. (BZ#493929
416
)
All users interested in testing gcc44 as a Technology Preview are advised to install these packages. Note that this release replaces the gcc43 Technology Preview packages provided in previous releases.
1.63. gdb
1.63.1. RHBA-2009:1361: bug fix update
A gdb update that fixes several bugs and improves gfortran debugging is now available.
The GNU Project debugger (normally referred to as GDB) debugs programs written in C, C++, and other languages by executing them in a controlled fashion, and then printing out their data.
This update applies the following bug fixes:
• Normally, static variables always have the same debugging information for each possible constructor/destructor implementation kind, which allows the compiler to keep their DIE (debugging information entry) only in the single abstract instance of the constructor. However, GDB did not automatically inherit whole DIEs from the abstract instances to the concrete instances. As such, the static variables in C++ constructors were not visible from GDB. With this update, GDB now inherits whole DIEs to ensure that static variables do not become inaccessible. (BZ#445912
417
)
• GDB now supports the use of 64-bit ELF files for 32-bit platforms (i.e. elf64-i386). (BZ#457187
418
)
• It was possible for GDB to print an error when trying to access an allocatable or otherwise dynamic array or string variable in Fortran. This was because GDB did not account for the fact that the lower bound for Fortran arrays was 1 (rather than 0). This made it possible for array size calculations to result in invalid values (i.e. too high) when allocating unbound or dynamically-bound Fortran arrays. This release corrects the way GDB processes Fortran arrays; it also adds functions to verify the validity of a calculated array size first before attempting to allocate it. (BZ#459380
419
)
• Variables imported from Fortran modules can be now accessed from GDB with the same scope as the program being debugged. (BZ#466118
420
, BZ #457793)
• Variables shared by Fortran "common blocks" can be now accessed from GDB with the same scope as the program being debugged. Further, common blocks valid in the current program scope can be printed using the GDB command 'info common'. (BZ#459762
421
)
Page 87
gdm
69
• Allocatable arrays, objects with assumed size, and pointers to objects can be now accessed from GDB in the same manner that they are accessed from the program being debugged. (BZ#460250
422
, BZ#459952
423
, BZ#465301
424
, BZ#505333
425
)
• Variables of type 'logical (kind=8)' can be now accessed from GDB. (BZ#465310
426
)
• For external references, GCC does not produce DWARF debug information. As a result, GDB could not access Thread Local Storage (TLS) variables from a local source file if those variables were defined in a different source file. This made it possible for certain memory addresses to become unaccessible to GDB. With this release, GDB can now process TLS variables using ELF structures instead of DWARF; as such, GDB can now access TLS variables regardless of where those variables were defined. (BZ#494412
427
)
• Running gcore (or any 'attach' or 'detach' command sequence) on a multi-threaded process that was halted with 'kill -STOP' could unexpectedly resume some of that process's threads. This behavior was caused by a kernel bug (present in upstream version 2.6.29) that remained unfixed in Red Hat Enterprise Linux 5 kernels to maintain backward compatibility. While this update does not fix the kernel bug, it applies a GDB workaround that ensures threads from a halted multi-threaded process do not unexpectedly resume. (BZ#498595
428
)
This update also implements various parts of Fortran language support. With this implementation, gfortran44 (not gfortran) is now used to compile Fortran programs. The gfortran44 compiler is provided by the gcc44 update (included in this release as a Technology Preview).
GDB users are advised to apply this update.
1.64. gdm
1.64.1. RHSA-2009:1364: Low security and bug fix update
Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat Security Response Team.
The GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time.
A flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697
429
)
This update also fixes the following bugs:
• the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in "/usr/share/doc/". (BZ#196054
430
)
• GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931
431
)
429
https://www.redhat.com/security/data/cve/CVE-2009-2697.html
Page 88
Chapter 1. Package Updates
70
• the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process. This was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process. This update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971
432
)
• the "gdm" user is now part of the "audio" group by default. This enables audio support at the login screen. (BZ#458331
433
)
• the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262
434
)
• a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in "/etc/X11/xorg.conf" was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in "/etc/X11/xorg.conf" are not plugged in. (BZ#474588
435
)
All users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.
1.65. gfs-kmod
1.65.1. RHBA-2009:1212: bug-fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1212
436
Updated gfs-kmod packages that fix a bug are now available for Red Hat Enterprise Linux 5.
The gfs-kmod packages contain modules that provide the ability to mount and use GFS file systems.
This update applies the following bug fix:
• A bug which did not flush the journal after a fsync to a stuffed inode has been fixed.
All gfs-kmod users should upgrade to these updated packages, which resolve this issue.
1.65.2. RHBA-2009:1338: bug-fix update
Updated gfs-kmod packages which fix several bugs are now available.
The gfs-kmod packages contain kernel modules that provide the functionality to mount and use GFS file systems.
These updated packages apply the following bug fixes:
Page 89
gfs-utils
71
• A potential deadlock causing gfs to hang in 'wait_for_completion' was fixed by prefaulting buffer pages.
• Applications using sendfile on files with the inherit_jdata flag are now notified that sendfile will not work on those files instead of failing.
• A bug that could potentially cause a page allocation failure has been fixed.
• A bug that caused fsyncs to stuffed inodes fail to flush the journal has been fixed.
Users are advised to upgrade to these latest gfs-kmod packages, which resolve these issues.
1.66. gfs-utils
1.66.1. RHBA-2009:1336: bug fix update
Updated gfs-utils packages that fix various bugs are now available.
The gfs-utils packages provide the user-level tools necessary to mount and use GFS file systems.
These updated gfs-utils packages apply the following bug fixes:
• An issue was fixed which caused gfs_fsck to attempt to fix the wrong bitmap.
• gfs_fsck's ability to fix damaged resource groups has been improved.
• A human readable option has been added to to gfs_tool df.
• Fixed an issue which could potentially cause gfs_fsck to remove everything in a corrupt filesystem.
• gfs_grow performance has been improved on 1k block size filesystems.
• Fix a segfault in gfs_fsck when fixing a 'EA leaf block type' problem.
• The gfs service is no longer disabled after an upgrade.
All users of gfs-utils should upgrade to these updated packages, which resolve these issues.
1.67. gfs2-utils
1.67.1. RHBA-2009:0477: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0477
437
Updated gfs2-utils packages that fix a bug are now available.
The gfs2-utils packages provide the user-space tools necessary to mount, create, maintain, and test GFS2 file systems.
Page 90
Chapter 1. Package Updates
72
The updated gfs2-utils packages apply the following bug fix:
• A segfault was fixed in gfs2_fsck which can be triggered by a stuffed directory inode block also being listed as a data block.
All users of gfs2-utils should upgrade to these updated packages, which resolve this issue.
1.67.2. RHBA-2009:0418: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0418
438
Updated gfs2-utils packages that fix a bug are now available.
The gfs2-utils packages provide the user-space tools necessary to mount, create, maintain, and test GFS2 file systems.
The updated gfs2-utils packages apply the following bug fix:
• In certain cases a conversion between gfs1 and gfs2 filesystem could cause corruption; this bug has been fixed.
All users of gfs2-utils should upgrade to these updated packages, which resolve these issues.
1.67.3. RHBA-2009:0280: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:0280
439
Updated gfs2-utils packages that fix various bugs are now available.
The gfs2-utils packages provide the user-space tools necessary to mount, create, maintain and test GFS2 file systems.
The updated gfs2-utils packages apply the following bug fixes:
• Other mount options will now be properly recognized when using 'noatime' or 'nodiratime'.
• gfs2_grow now works with block sizes other than 4k.
All users of gfs2-utils should upgrade to these updated packages, which resolve these issues.
1.67.4. RHSA-2009:1337: Low security and bug fix update
An updated gfs2-utils package that fixes multiple security issues and various bugs is now available for Red Hat Enterprise Linux 5.
Page 91
RHSA-2009:1337: Low security and bug fix update
73
This update has been rated as having low security impact by the Red Hat Security Response Team.
The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems.
Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-6552
440
)
This update also fixes the following bugs:
• gfs2_fsck now properly detects and repairs problems with sequence numbers on GFS2 file systems.
• GFS2 user utilities now use the file system UUID.
• gfs2_grow now properly updates the file system size during operation.
• gfs2_fsck now returns the proper exit codes.
• gfs2_convert now properly frees blocks when removing free blocks up to height 2.
• the gfs2_fsck manual page has been renamed to fsck.gfs2 to match current standards.
• the 'gfs2_tool df' command now provides human-readable output.
• mounting GFS2 file systems with the noatime or noquota option now works properly.
• new capabilities have been added to the gfs2_edit tool to help in testing and debugging GFS and GFS2 issues.
• the 'gfs2_tool df' command no longer segfaults on file systems with a block size other than 4k.
• the gfs2_grow manual page no longer references the '-r' option, which has been removed.
• the 'gfs2_tool unfreeze' command no longer hangs during use.
• gfs2_convert no longer corrupts file systems when converting from GFS to GFS2.
• gfs2_fsck no longer segfaults when encountering a block which is listed as both a data and stuffed directory inode.
• gfs2_fsck can now fix file systems even if the journal is already locked for use.
• a GFS2 file system's metadata is now properly copied with 'gfs2_edit savemeta' and 'gfs2_edit restoremeta'.
• the gfs2_edit savemeta function now properly saves blocks of type 2.
• 'gfs2_convert -vy' now works properly on the PowerPC architecture.
• when mounting a GFS2 file system as '/', mount_gfs2 no longer fails after being unable to find the file system in '/proc/mounts'.
• gfs2_fsck no longer segfaults when fixing 'EA leaf block type' problems.
All gfs2-utils users should upgrade to this updated package, which resolves these issues.
440
https://www.redhat.com/security/data/cve/CVE-2008-6552.html
Page 92
Chapter 1. Package Updates
74
1.68. ghostscript
1.68.1. RHSA-2009:0421: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0421
441
Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files.
It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0792
442
)
A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2008-6679
443
, CVE-2007-6725
444
,
CVE-2009-0196
445
)
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly reporting the CVE-2009-0196 flaw.
Users of ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
1.68.2. RHSA-2009:0345: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0345
446
Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.
442
https://www.redhat.com/security/data/cve/CVE-2009-0792.html
443
https://www.redhat.com/security/data/cve/CVE-2008-6679.html
444
https://www.redhat.com/security/data/cve/CVE-2007-6725.html
445
https://www.redhat.com/security/data/cve/CVE-2009-0196.html
Page 93
RHBA-2009:1257: bug fix update
75
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files.
Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. (CVE-2009-0583
447
, CVE-2009-0584
448
)
All users of ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
1.68.3. RHBA-2009:1257: bug fix update
A ghostscript update that fixes several bugs is now available.
The Ghostscript suite provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language), and an interpreter for PDF files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by most printers and displays. This enables users to display PostScript files and print them on non-PostScript printers.
This update applies the following fixes:
• an incorrect offset computation that occurred when handling subglyphs made it possible for ghostscript to read uninitialized data. When this occurred, ghostscript would crash with a segmentation fault. This update corrects the offset computation, preventing ghostscript from reading uninitialized data. (BZ#450717
449
)
• the way that the Ghostscript source code used pointer aliasing could produce unexpected results when strict aliasing optimizations are in use. To avoid problems, this ghostscript update was built using the -fno-strict-aliasing option, which disables strict aliasing optimization. (BZ#465960
450
)
• a typographical error in the gsiparam.h header file made it possible for some PDF files to cause ghostscript to fall into an infinite loop. This update fixes the error. (BZ#473889
451
)
• the gdevpsu.c source file incorrectly defined the point size of A3 pages, which sometimes resulted in incorrect document page sizes. This update fixes the point size definition error , ensuring that A3 pages are always printed with the correct size. (BZ#480978
452
)
• this update corrects how the cvrs PostScript operator performs sign extensions. This fix prevents range errors from occurring on 64-bit platforms. (BZ#488127
453
)
• this update also fixes ColorSpace initialization in the InkJet Server (IJS) driver, which is used by hpijs and gimp-print drivers in some configurations. In previous releases, print jobs that did not initialize ColorSpace failed whenever they used Ghostscript to render and print PDFs on devices that used the ijs driver. (BZ#504254
454
)
447
https://www.redhat.com/security/data/cve/CVE-2009-0583.html
448
https://www.redhat.com/security/data/cve/CVE-2009-0584.html
Page 94
Chapter 1. Package Updates
76
Users of ghostscript are advised to apply this update.
1.69. giflib
1.69.1. RHSA-2009:0444: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0444
455
Updated giflib packages that fix several security issues are now available for Red Hat Enterprise Linux
5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect.
Several flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974
456
, CVE-2005-3350
457
)
All users of giflib are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications using giflib must be restarted for the update to take effect.
1.70. glib2
1.70.1. RHSA-2009:0336: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0336
458
Updated glib2 packages that fix several security issues are now available for Red Hat Enterprise Linux
5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
456
https://www.redhat.com/security/data/cve/CVE-2005-2974.html
457
https://www.redhat.com/security/data/cve/CVE-2005-3350.html
Page 95
glibc
77
GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.
Diego Pettenò discovered multiple integer overflows causing heap-based buffer overflows in GLib's Base64 encoding and decoding functions. An attacker could use these flaws to crash an application using GLib's Base64 functions to encode or decode large, untrusted inputs, or, possibly, execute arbitrary code as the user running the application. (CVE-2008-4316
459
)
Note: No application shipped with Red Hat Enterprise Linux 5 uses the affected functions. Third-party applications may, however, be affected.
All users of glib2 should upgrade to these updated packages, which contain backported patches to resolve these issues.
1.71. glibc
1.71.1. RHBA-2009:1415: bug fix and enhancement update
Updated glibc packages that fix various bugs and implement a technology preview of per-thread memory pooling are now available.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contains the standard C and the standard math libraries. Without these two libraries, the Linux system cannot function properly.
This update applies the following bug fixes:
• A strcmp() call in the setlocale() function could cause a segmentation fault (SIGSEGV) to occur in multi-threaded applications. This was caused by an improper free() call, which freed _nl_global_locale.__names[category] around the same time strcmp() tried to access it. As such, it was possible for strcmp() to access _nl_global_locale.__names[category] after it was freed (i.e. no longer available), resulting in a segmentation fault. To fix this, this update adds a return() call to make _nl_global_locale.__names[category] available when strcmp() accesses it. (BZ#455580
460
)
• The getifaddrs() function listed invalid IPv6 interface names for Infiniband devices. This was because Infiniband names are 20 bytes long, while glibc only prepares an 8-byte string array (i.e. sll_addr) for interface names. When getifaddrs() copied the 20-byte string into sll_addr, the result was a corrupted, invalid interface name. To prevent this, this update expands the field size from 8 bytes to 24 bytes, allowing getifaddrs() to copy 20-byte Infiniband names to the sll_addr string array. (BZ#463252
461
)
• A previous update to glibc resulted in a performance regression with mutex() calls. This was caused by the addition of mutual exclusion (mutex) types tested by pthread_mutex_lock() and pthread_mutex_unlock(). To alleviate the problem, this update optimizes the pthread_mutex_lock() and pthread_mutex_unlock() for the most common mutex types, which improves the performance of mutex() calls in most common user scenarios. (BZ#467316
462
)
dl_runtime_profile on the IBM System Z incorrectly used the instruction lr to remove stack frames, which could result in corrupted stacks in rare cases. With this update,
459
https://www.redhat.com/security/data/cve/CVE-2008-4316.html
Page 96
Chapter 1. Package Updates
78
dl_runtime_profile uses the correct instruction (lgr) to remove stack frames instead. (BZ#470300
463
)
• An improper break statement in the getgrouplist() function caused searches to abort prematurely. This resulted in a bug that prevented getgrouplist() from retrieving group definitions from LDAP. As such, applications that used getgrouplist() to authenticate group details could not honor supplementary group credentials defined in LDAP. This update removes the improper break statement in getgrouplist(), enabling proper retrieval of group definitions from LDAP. (BZ#470768
464
)
• The /var/run/utmp file keeps track of all log-ins and log-outs to the system. All attempts to open it with read-write permission are denied and audited. The setutent_file() function call always attempted to open the /var/run/utmp with read-write permissions, resulting in the audit system logging a large volume of denial records. With this update, setutent_file() now only attempts to open /var/run/utmp with read-only permissions, thereby reducing the volume of audited records. (BZ#475332
465
)
• The elf/dl-load.c source file did not properly free allocated memory before dlclose() function calls. This made it possible for some dlopen() and dlclose() calls to result in a memory leak. This update corrects the elf/dl-load.c source file by instructing it to free all allocated memory, thereby preventing a memory leak whenever dlopen() or dlclose() are used. (BZ#476725
466
) .
• The getent command no longer incorrectly uses a comma to delimit aliases when displaying network map entries. As such, running getent networks now only displays network map entries using spaces or tabs as delimiters. (BZ#484082
467
)
• This update now includes the RUSAGE_THREAD definition in the glibc headers. This allows the getrusage() function call to retrieve information about the resource usage of a thread. (BZ#484214
468
).
• The inet6_opt_init() function incorrectly counted the first octet when computing the length of extension headers (i.e. extlen). This was contrary to the definition of extension header lengths as per RFC 2460. With this update, inet6_opt_init() now subtracts 1 octet unit when computing for extlen. (BZ#488748
469
)
• As per RFC3493, getnameinfo() should return EAI_NONAME when both nodename and servname variables are set to NULL while the NI_NAMEREQD flag is set. However,
getnameinfo() returned 0 in this situation. This update adds an if statement to getnameinfo() to correct its behavior as per RHC3493. (BZ#489419
470
).
• The nscd paranoia mode instructs nscd to restart periodically. However, whenever nscd attempted to restart itself in this mode, it incorrectly used the system call execv("/proc/self/ exe", argv). As a result, nscd would restart with an process name of exe instead of nscd. To correct this, the nscd paranoia mode now instructs nscd to restart using readlink("/proc/ self/exe", target, 255), which allows nscd to preserve its process name upon restart. Note that nscd will still use execv("/proc/self/exe", argv) if the attempt to use readlink() fails. (BZ#490010
471
)
• The sysconf() function call used an obsolete const attribute. This caused the gcc compiler to incorrectly return errno when it attempted to compile code while using some optimization options. With this update, sysconf() no longer uses the obsolete const, ensuring that optimization works as expected at compile time. (BZ#490821
472
)
Page 97
RHBA-2009:1415: bug fix and enhancement update
79
• The inet6_rth_reverse() function produced an incorrect return order of addresses in the routing header. This was caused by an incorrect identifier (ip6r0_segleft instead of ip6r0_len) in the inet/inet6_rth.c source code. This update corrects the identifier, ensuring that inet6_rth_reverse() returns the correct output. (BZ#494849
473
)
• The inet6_rth_add() function incorrectly returned 0 even when the routing header did not have enough space to store an address. This was caused by a lack of error checking routines to verify routing header size. This update applies an additional if statement to verify the routing header size. (BZ#494850
474
).
• Previous versions of glibc coded malloc() in a way that was not thread-safe. This could have led to unexpected program crashes in some cases. This release revises the malloc() code to ensure better thread safety, as well as to adhere to C standards. (BZ#502901
475
)
• This update removes an extra comma at the end of the dlfcn.h header file's enumerator list. This typographical error caused dlfcn.h to fail g++ pedantic tests in previous releases. (BZ#504704
476
)
• A bug in the nptl/pthread_mutex_lock.c code prevented pthread_mutex calls from honoring some types of private futex attributes. This update applies a patch that corrects this behavior, ensuring that pthread_mutex calls honor all types of private futex attributes for PI mutexes.(BZ#495955
477
).
• Applications that performed a large number of directory reads ran much slower on 64-bit Red Hat Enterprise Linux 5 compared to 64-bit Red Hat Enterprise Linux 4. This was partly because while Red Hat Enterprise Linux 5 uses the system call getdents() to retrieve directory entries for both 32-bit and 64-bit platforms, Red Hat Enterprise Linux 4 used getdents64() for 64-bit platforms. Because of this, the opendir() function did not allocate more memory for directory reads on 64-bit platforms, resulting in much slower reads on Red Hat Enterprise Linux 5. To resolve this, opendir() now has an increased default buffer size; if memory allocation fails (as it would on 32-bit applications), it retries the memory allocation with a smaller buffer size. This improves the performance of directory reads on 64-bit platforms, while ensuring that opendir() still works on 32-bit platforms. (BZ#484440
478
)
• An incorrect parameter in the MALLOC_COPY() function of the libc/malloc/malloc.c source file could supply an incorrect size_t value for realloc(). With this update, MALLOC_COPY() is now fixed, ensuring that it always supplies the correct size_t information for realloc(). (BZ#478499
479
)
• With this update, users can now run fork() safely in one thread while a pthread stack cache updates in another thread. Doing so no longer causes the process created by fork() to crash. (BZ#477705
480
)
• This update also applies several upstream fixes to nscd. These fixes prevent nscd from crashing due to segmentation faults in some cases. (BZ#464918
481
and 483636
482
)
• This update also includes the ability to enable (and configure) per-thread memory pools. This capability enables higher scalability accross many sockets and cores, and is included in this release as a technology preview. The environmental variable MALLOC_PER_THREAD=1 enables per­thread memory pools, while MALLOC_ARENA_MAX and MALLOC_ARENA_TEST control the amount of additional memory used for the memory pools (if any). MALLOC_ARENA_MAX sets a maximum number of memory pools used, regardless of the number of cores; MALLOC_ARENA_TEST specifies that the number of cores should be tested once it reaches a set value. Note that once per-thread
Page 98
Chapter 1. Package Updates
80
memory pooling becomes fully supported, it will also become the default behavior; this will render the MALLOC_PER_THREAD option obsolete then. (BZ#494758
483
)
Users are advised to upgrade to this version of glibc.
1.71.2. RHBA-2009:1202: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1202
484
Updated glibc packages that fix a bug are now available.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contains the standard C and the standard math libraries. Without these two libraries, the Linux system cannot function properly.
These updated glibc packages fix the following bug:
• previous versions of glibc coded the malloc() function in a way that was not thread-safe, which could have led to unexpected program crashes in some cases. With these updated packages, the malloc() code has been revised to ensure better thread safety, as well as to adhere to C standards. (BZ#502901
485
)
All users of glibc are advised to upgrade to these updated packages, which resolve this issue.
1.72. gnome-python2-desktop
1.72.1. RHBA-2009:0405: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0405
486
An updated gnome-python2-desktop package that fixes a bug in the GNOME Keyring bindings is now available.
The gnome-python2-desktop package contains additional Python bindings for GNOME. It should be used together with gnome-python2.
This update fixes the following bug:
• The gnomekeyring.find_items_sync() function was returning a list of long integers representing the addresses of GnomeKeyringFound instances. These addresses are not useful in Python, however, and this update adds Python bindings for GnomeKeyringFound. IT also changes find_items_sync() to return a list of GnomeKeyringFound instances. (BZ#479280
487
)
All gnome-python2-desktop users should install this update which addresses this issue.
Page 99
gnome-session
81
1.73. gnome-session
1.73.1. RHBA-2009:1079: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1079
488
An updated gnome-session package that fixes a bug is now available.
gnome-session manages a GNOME desktop session. It starts up the other core GNOME components and handles logout and saving the session.
This updated gnome-session package fixes the following bug:
• gnome-session, also referred to as the GNOME Session Manager, remembers information such as which applications were open at the time of logout (among other session details), and restores these applications upon logging in again. A bug prevented gnome-session from restoring two applications when both of them were named the same, such as could happen with GKrellM system monitors, multiple instances of the KDE Konsole, and potentially other applications with multiple instances. With this updated package, gnome-session is able to restore all same-named application instances which were saved in the previous session, thus resolving the problem. (BZ#484431
489
)
All users of gnome-session are advised to upgrade to this updated package, which resolves this issue.
1.74. grep
1.74.1. RHBA-2009:0481: bug fix update
Note
This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:0481
490
An updated grep package that fixes various bugs is now available.
Grep searches through textual input for lines matching a regular expression.
This updated grep package includes fixes for the following bugs:
• while searching certain immense binary files in which the newline character did not appear for large expanses (for hundreds of megabytes of text, for instance), grep may have missed a subsequent match. Because the grep utility is not intended to process arbitrarily-long files in this manner, this updated version now exits with a "line too long" error message and an appropriate error code under these conditions. (BZ#483073
491
)
• when operating on particular multi-byte character sets (but not, notably, UTF-8), grep could enter an infinite loop and become unresponsive. This has been fixed in this updated package so that grep is once again able to process these multi-byte character sets without hanging. (BZ#479151
492
)
Page 100
Chapter 1. Package Updates
82
• certain output control option combinations could cause the grep tool to segmentation fault. With this updated package, these combinations work as expected and no longer cause a segmentation fault. (BZ#452127
493
)
• the example attached to the "--label" option description was not illustrative enough: as documented, the option actually had no effect. The updated package contains an improved example that shows the "--label" option's utility, both in the manual and info pages. (BZ#484366
494
)
All users of grep are advised to upgrade to this updated package, which resolves these issues.
1.75. grub
1.75.1. RHBA-2009:1388: bug fix and enhancement update
An updated grub package that fixes a bug and adds an enhancement is now available.
The GRUB utility is responsible for booting the operating system kernel.
This update addresses the following bug:
• current GCC defaults mean grub is compiled without writable string support. On systems with an XFS file system present on the same controller as the boot disk, this could cause the grub shell to segfault and crash. With this update grub no longer assumes constant strings in the XFS file system driver are writable, obviating the error. (BZ#496949
495
)
And adds the following enhancement:
• previously, grub-install did not support installing on virtio_blk devices. When attempted it printed the error message "[device path] does not have any corresponding BIOS drive." With this update, support has been added for installing to virtio devices. (BZ#498388
496
)
All grup users are advised to install this updated package, which resolves this issue and adds this enhancement.
1.76. gstreamer-plugins-base
1.76.1. RHSA-2009:0352: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0352
497
Updated gstreamer-plugins-base packages that fix a security issue are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins.
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use