The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-476-1] redhat-cluster-suite vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Fri, 22 Jun 2007 11:22:56 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-476-1] redhat-cluster-suite vulnerability
Message-ID: <20070622182255.GD24388@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="lo/yIdJSCXpBJBdU"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.280 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--lo/yIdJSCXpBJBdU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-476-1              June 22, 2007
redhat-cluster-suite vulnerability
https://launchpad.net/bugs/121780
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  cman                                     2.20070315-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Fabio Massimo Di Nitto discovered that cman did not correctly validate
the size of client messages.  A local user could send a specially crafted
message and execute arbitrary code with cluster manager privileges or
crash the manager, leading to a denial of service.


Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh=
at-cluster-suite_2.20070315-0ubuntu2.1.diff.gz
      Size/MD5:    45853 19f98d316de0c556527debd3c9debfce
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh=
at-cluster-suite_2.20070315-0ubuntu2.1.dsc
      Size/MD5:     1801 d293aca82c5f0a594166c403ae91a822
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh=
at-cluster-suite_2.20070315.orig.tar.gz
      Size/MD5:  2223989 bcc1dc59d93dcd44b4761136966eafa3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redh=
at-cluster-suite_2.20070315-0ubuntu2.1_all.deb
      Size/MD5:    10176 7bc5fe7dd3a6893f8583fbdac3c7a968

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman=
_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   415208 4c551747a663596040d371bca4cd084e
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-=
tools_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   240568 b46c4de93e83e0254014daffebf07f5b
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2=
-tools_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   297918 8eab6723141282cee91a5d8721e63dcb
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-client_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    76768 5178696fc64e2719c7e2e0086749650a
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-server_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    73310 39e444ec8d0ca268635f27b9bb337ede
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
cs-dev_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    13902 af5554548568dc59720d8c51636bdd85
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man-dev_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    21024 c89711a3509d3f977de9142f5d1887cf
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man2_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    16906 55e246480f5f311db7d571cc5a96a77c
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm-dev_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    22038 7690f350aca8dc420179f57063a20824
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm2_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    21488 41ab17c0730714ce4734c790c1dd9e1d
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma=
nager_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   261920 f953801ff7497e87ba5f8907508f5ede

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman=
_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   377390 1625cc91013baf83251a987034905dcb
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-=
tools_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   229178 bdb45bb72f9fb91ad1233fbe9cac73f1
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2=
-tools_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   279360 09e261043612e103dc82707b4e571c34
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-client_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    67276 bb9c1d8f9d4a7a4d899ec99430457426
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-server_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    64776 b6ce07ed92f408b9c5b682d29e179b46
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
cs-dev_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    13604 580dfab67fca3556ee1c02e46a10cd69
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man-dev_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    20384 9cf0b995f21aa8cfe788a9ebea832716
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man2_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    16174 62c1750799861eaf760cbfe7d923b1aa
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm-dev_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    20166 0e35c8888d8e09e050afd3ce6e2defea
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm2_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    20058 feed82660d7359bda71c91c2dbd387ca
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma=
nager_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   239930 9d9adc1d748e972c4980692f5becacd3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman=
_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   419560 4bdb68335d002b08139adca6d97ef153
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-=
tools_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   263978 120061076541d8e6ceebbad7a2c084f2
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2=
-tools_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   312540 833badec158c007784b16192d8a82dec
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-client_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    74210 5af82765c81da3995b728795ce607fda
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-server_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    72108 73c90d5ab4508c4e46733e74201b7aa6
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
cs-dev_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    13802 1d100e556f3fc8dc7fe118063b0457e4
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man-dev_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    20728 c72f874de47bda7a5d81febf26d66be6
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man2_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    18664 f89f8407f24f553f085bff6b80f26437
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm-dev_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    21698 0c81d4399a442f32034e1d3211805b37
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm2_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    24464 716fa192eea0673416df7b47c897f552
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma=
nager_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   256816 7e2822a5cfdb28e5449c2a0eb155f538

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman=
_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   394606 715a39dc89e2db8da1e9ce39c85082d9
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-=
tools_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   232972 a0b6368599d874faaeb3e65bcb1847ff
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2=
-tools_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   281594 a8f1e115be62cd85ab9dd87c49c81687
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-client_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    69246 9d73b0ba4b63ff4288fefe2cb998866a
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd=
-server_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    66522 40ce22fc135c618a1d7ac95e6d56cf4b
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
cs-dev_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    13630 93386544aa585af6766cac0a58b3763a
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man-dev_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    20646 b98f6d46348288ef73fd1de7aa3e97ad
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libc=
man2_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    16314 c937ad6996a1605838ded0563d964bc5
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm-dev_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    20486 70b031a4b0f5d45069d9e48df87a08e7
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libd=
lm2_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    19344 aabbb34fd52960f5002a2094532b6fff
    http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgma=
nager_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   251046 ed57b55016db3e6c6186aedce42deb3c


--lo/yIdJSCXpBJBdU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGfBN/H/9LqRcGPm0RAoy6AJ9v6rHMsZlEazdYw0yJSglpgkS2mACeJCZT
YLeDuHoYZzMcD+Df+0QfP/o=
=b4bj
-----END PGP SIGNATURE-----

--lo/yIdJSCXpBJBdU--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру