[RHSA-2012:0152-03] Moderate: kexec-tools security, bug fix, and enhancement update

[news 28]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: kexec-tools security, bug fix, and enhancement update

Advisory ID: RHSA-2012:0152-03

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0152.html

Issue date: 2012-02-21

CVE Names: CVE-2011-3588 CVE-2011-3589 CVE-2011-3590

=====================================================================

 

1. Summary:

 

An updated kexec-tools package that resolves three security issues,

fixes several bugs and adds various enhancements is now available for

Red Hat Enterprise Linux 5.

 

The Red Hat Security Response Team has rated this update as having moderate

security impact. Common Vulnerability Scoring System (CVSS) base scores,

which give detailed severity ratings, are available for each vulnerability

from the CVE links in the References section.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

 

3. Description:

 

The kexec-tools package contains the /sbin/kexec binary and utilities that

together form the user-space component of the kernel's kexec feature. The

/sbin/kexec binary facilitates a new kernel to boot using the kernel's

kexec feature either on a normal or a panic reboot. The kexec fastboot

mechanism allows booting a Linux kernel from the context of an already

running kernel.

 

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when

dumping to SSH targets, causing the target kdump server's SSH host key not

to be checked. This could make it easier for a man-in-the-middle attacker

on the local network to impersonate the kdump SSH target server and

possibly gain access to sensitive information in the vmcore dumps.

(CVE-2011-3588)

 

The mkdumprd utility created initrd files with world-readable permissions.

A local user could possibly use this flaw to gain access to sensitive

information, such as the private SSH key used to authenticate to a remote

server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

 

The mkdumprd utility included unneeded sensitive files (such as all files

from the "/root/.ssh/" directory and the host's private SSH keys) in the

resulting initrd. This could lead to an information leak when initrd

files were previously created with world-readable permissions. Note: With

this update, only the SSH client configuration, known hosts files, and the

SSH key configured via the newly introduced sshkey option in

"/etc/kdump.conf" are included in the initrd. The default is the key

generated when running the "service kdump propagate" command,

"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

 

Red Hat would like to thank Kevan Carstensen for reporting these issues.

 

This updated kexec-tools package also includes numerous bug fixes and

enhancements. Space precludes documenting all of these changes in this

advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical

Notes, linked to in the References, for information on the most significant

of these changes.

 

All users of kexec-tools are advised to upgrade to this updated package,

which resolves these security issues, fixes these bugs and adds these

enhancements.

 

4. Solution:

 

Before applying this update, make sure all previously-released errata

relevant to your system have been applied.

 

This update is available via the Red Hat Network. Details on how to

use the Red Hat Network to apply this update are available at

https://access.redhat.com/kb/docs/DOC-11259

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

662530 - ln: creating symbolic link `/tmp/initrd.ta4308/lib/libc.so.6' to `/lib/power6/libc.so.6': File exists

678308 - kexec kernel crashes due to use of reserved memory range

709622 - Non-portable "while" loop form used

716439 - CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images

748319 - fsck: WARNING: couldn't open /etc/fstab: No such file or directory

 

6. Package List:

 

Red Hat Enterprise Linux Desktop (v. 5 client):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kexec-tools-1.102pre-154.el5.src.rpm

 

i386:

kexec-tools-1.102pre-154.el5.i386.rpm

kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm

 

x86_64:

kexec-tools-1.102pre-154.el5.x86_64.rpm

kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm

 

Red Hat Enterprise Linux (v. 5 server):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kexec-tools-1.102pre-154.el5.src.rpm

 

i386:

kexec-tools-1.102pre-154.el5.i386.rpm

kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm

 

ia64:

kexec-tools-1.102pre-154.el5.ia64.rpm

kexec-tools-debuginfo-1.102pre-154.el5.ia64.rpm

 

ppc:

kexec-tools-1.102pre-154.el5.ppc64.rpm

kexec-tools-debuginfo-1.102pre-154.el5.ppc64.rpm

 

s390x:

kexec-tools-1.102pre-154.el5.s390x.rpm

kexec-tools-debuginfo-1.102pre-154.el5.s390x.rpm

 

x86_64:

kexec-tools-1.102pre-154.el5.x86_64.rpm

kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/#package

 

7. References:

 

https://www.redhat.com/security/data/cve/CVE-2011-3588.html

https://www.redhat.com/security/data/cve/CVE-2011-3589.html

https://www.redhat.com/security/data/cve/CVE-2011-3590.html

https://access.redhat.com/security/updates/classification/#moderate

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kexec-tools.html#RHSA-2012-0152

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2012 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFPQyQMXlSAg2UNWIIRApq/AJ0ZwqFYHbah41BGXco+XPVy8jG9RQCfbf1A

ktTcdfCXzt+fLDHf6wyNNWQ=

=Seoe

-----END PGP SIGNATURE-----

 

 

--