| Revision Date: | 2011-07-21 | Version: | 653 | | Title: | RHSA-2011:1000: rgmanager security, bug fix, and enhancement update (Low) | | Description: | The rgmanager package contains the Red Hat Resource Group Manager, which provides the ability to create and manage high-availability server applications in the event of system downtime.
It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389)
Red Hat would like to thank Raphael Geissert for reporting this issue.
This update also fixes the following bugs:
The failover domain "nofailback" option was not honored if a service was in the "starting" state. This bug has been fixed. (BZ#669440)
PID files with white spaces in the file name are now handled correctly. (BZ#632704)
The /usr/sbin/rhev-check.sh script can now be used from within Cron. (BZ#634225)
The clustat utility now reports the correct version. (BZ#654160)
The oracledb.sh agent now attempts to try the "shutdown immediate" command instead of using the "shutdown abort" command. (BZ#633992)
The SAPInstance and SAPDatabase scripts now use proper directory name quoting so they no longer collide with directory names like "/u". (BZ#637154)
The clufindhostname utility now returns the correct value in all cases. (BZ#592613)
The nfsclient resource agent now handles paths with trailing slashes correctly. (BZ#592624)
The last owner of a service is now reported correctly after a failover. (BZ#610483)
The /usr/share/cluster/fs.sh script no longer runs the "quotaoff" command if quotas were not configured. (BZ#637678)
The "listen" line in the /etc/httpd/conf/httpd.conf file generated by the Apache resource agent is now correct. (BZ#675739)
The tomcat-5 resource agent no longer generates incorrect configurations. (BZ#637802)
The time required to stop an NFS resource when the server is unavailable has been reduced. (BZ#678494)
When using exclusive prioritization, a higher priority service now preempts a lower priority service after status check failures. (BZ#680256)
The postgres-8 resource agent now correctly detects failed start operations. (BZ#663827)
The handling of reference counts passed by rgmanager to resource agents now works properly, as expected. (BZ#692771)
As well, this update adds the following enhancements:
It is now possible to disable updates to static routes by the IP resource agent. (BZ#620700)
It is now possible to use XFS as a file system within a cluster service. (BZ#661893)
It is now possible to use the "clustat" command as a non-root user, so long as that user is in the "root" group. (BZ#510300)
It is now possible to migrate virtual machines when central processing is enabled. (BZ#525271)
The rgmanager init script will now delay after stopping services in order to allow time for other nodes to restart them. (BZ#619468)
The handling of failed independent subtrees has been corrected. (BZ#711521)
All users of Red Hat Resource Group Manager are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
| | Family: | unix | Class: | patch | | Status: | | Reference(s): | CVE-2010-3389
RHSA-2011:1000
RHSA-2011:1000-01
RHSA-2011:1000-01
| | Platform(s): | Red Hat Enterprise Linux 5
| Product(s): | | | Definition Synopsis | | Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 5 is installed
AND rgmanager is earlier than 0:2.0.52-21.el5
AND rgmanager is signed with Red Hat redhatrelease2 key
|
|