Skip to navigation

Security Advisory Important: Red Hat Storage 2.0 security, bug fix, and enhancement update #4

Advisory: RHSA-2013:0691-1
Type: Security Advisory
Severity: Important
Issued on: 2013-03-28
Last updated on: 2013-03-28
Affected Products: Red Hat Storage Management Console 2.0
Red Hat Storage Native Client
Red Hat Storage Server 2.0
CVEs (cve.mitre.org): CVE-2012-4406
CVE-2012-5635
CVE-2012-5638

Details

Updated Red Hat Storage 2.0 packages that fix multiple security issues,
several bugs, and add enhancements are now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat Storage is a software only, scale-out storage solution that
provides flexible and agile unstructured data storage for the enterprise.

A flaw was found in the way the Swift component used Python pickle. This
could lead to arbitrary code execution. With this update, the JSON
(JavaScript Object Notation) format is used. (CVE-2012-4406)

Multiple insecure temporary file creation flaws were found in Red Hat
Storage. A local user on the Red Hat Storage server could use these flaws
to cause arbitrary files to be overwritten as the root user via a symbolic
link attack. (CVE-2012-5635)

It was found that sanlock created "/var/run/sanlock/sanlock.pid" with
world-writable permissions. A local user could use this flaw to make the
sanlock init script kill an arbitrary process when the sanlock daemon is
stopped or restarted. Additionally, "/var/log/sanlock.log" was also
world-writable, allowing local users to modify the contents of the log
file, or store data within it (bypassing any quotas applied to their
account). (CVE-2012-5638)

Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting CVE-2012-4406. The CVE-2012-5635 issues were discovered by Kurt
Seifried of the Red Hat Security Response Team and Michael Scherer of the
Red Hat Regional IT team, and CVE-2012-5638 was discovered by David
Teigland of Red Hat.

Bug fixes and enhancements:

* Options to provide POSIX behavior when the O_DIRECT flag is used with
the open() system call across many translators. (BZ#856156)

* A mount time option provided to make the FUSE module's request queue
length configurable. (BZ#856206)

* Various fixes in the FUSE module to ensure the 'read-only' (-o ro) mount
option works. (BZ#858499)

* Various fixes in GlusterFS's rebalance code to handle failures while
replica pairs are getting connected and disconnected in quick succession.
(BZ#859387)

* NFS code fixed to ensure proper inode transformation logic when the
'enable-ino32' option is set. (BZ#864222)

* Fixed the behavior of the posix-locks module per POSIX locking
semantics. As a result, smb-torture's ping-pong tests now run smoothly on
top of GlusterFS mounts. (BZ#869724)

* FUSE module enhanced with the enable-ino32 mount option, required by any
32-bit applications running on top of a GlusterFS mount. (BZ#876679)

* Corrections were made to fd table behavior when both NFS and
geo-replication are in progress. (BZ#880193)

* With this update, disconnections are now handled better in the
geo-replication 'gsyncd' process. (BZ#880308)

* With this update, the 'gluster volume geo-replication config checkpoint'
command returns the output value properly. (BZ#881736)

* With this enhancement, it is possible to set the 'root-squash' volume
option with Gluster CLI. Red Hat Storage volumes now support NFS's
root-squashing behavior. (BZ#883590)

* NFS POSIX lock issue fixed when 'root-squash' option is enabled on the
volume. (BZ#906884)

* Fixed an issue in tracking the changes of Geo-replication when an
unprivileged user accesses the file system. (BZ#883827)

* Fixed NFS locking manager (NLM) code to handle IP failover successfully.
(BZ#888286)

* Fixed issue in rebalance code to handle proper pointer dereference.
(BZ#894237)

* POSIX module made more robust to handle backend brick failures better.
(BZ#895841)

* Fixed the 'gluster volume geo-replication' command to provide a
meaningful message when a wrong hostname is entered. (BZ#902213)

* Fixed Console Configuration Script where it added invalid 'security'
configuration for ENGINEDataSource in JBoss. (BZ#922572)

* Fixed rhsc-setup failure where it does not check for SELinux before
running setsebool. (BZ#923674)

* Provided an update to the rhn-client-tools package to ensure setup
defaults to the correct base Red Hat Enterprise Linux (6.2 Extended Update
Support). (BZ#911777)

Refer to the Release Notes, available shortly from the link in the
References section, for further information.


Solution

All users of Red Hat Storage are advised to upgrade to these updated
packages.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Storage Management Console 2.0

SRPMS:
rhsc-2.0.techpreview1-4.el6rhs.src.rpm
File outdated by:  RHBA-2013:1064
    MD5: ce34ab5a7c36b7c603a4127ab7db7d37
SHA-256: 1a5e47d234cd4291469d5c0eaf74f5eadc2aa76ab4e552250d20c071c101cb1e
vdsm-4.9.6-20.el6rhs.src.rpm
File outdated by:  RHBA-2013:1064
    MD5: 5545411ac3a2d1a041e8eb63add59bbc
SHA-256: d627e68f4f9b579ca6f50c9fc12a0662d57d15a9d1dcef196bf19f00ad55f8ee
 
x86_64:
rhsc-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: cfff540fbedf36216192bfdc29c2508d
SHA-256: 2b9ea37eaa055c4928e573f3e5ba27cbcff2bab646abeb55aa299ec71f887730
rhsc-backend-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 0ee02d846a9f2873d62f0b29712b3e41
SHA-256: ec49896ca91cc43cf6addfc0a0c51408f4d4210e7f6c189cbaf8ef745d620855
rhsc-config-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 28478be546f3702fb2852a632df1cfcf
SHA-256: a5f20285ca2c49bc78e9972c37ee545fdbaedcf3b5c3104a5dfd2c430b2ca826
rhsc-dbscripts-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 14f72c78e435648b6024052c9a41e4c7
SHA-256: 3a2d27b8e6383b1b39e7eace0ae5077f802ede17c16525d454d4710a4d809cc5
rhsc-genericapi-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 899bffc104502a5ed31c919dc8341cfa
SHA-256: 796f0b554bfdc2a59167f1e91486e98237f6b1ec9dde7a7a37c37ea306478646
rhsc-jboss-deps-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 9d7bf9b9f9e09369a51952cb48f3469d
SHA-256: ef02a7bcf1420c8992b64bd83f775d37e4ecf1d6b97b9a820e0a0c91d508586c
rhsc-notification-service-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 1f6091cd5ec57bfdd423366df12cfeaf
SHA-256: c9557bc4c1f159f7721cd0948e750733b260590eb881feaf4fcdc293925a84f2
rhsc-restapi-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: b77e85260a328e4fa3ca98556027ccdf
SHA-256: fd3adbcc8d1f4ef807925daadec092ee862b3c377c17cbf52a5cfe54e744e3b9
rhsc-setup-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 8f811f380b812dea130fa2dbc1d1524f
SHA-256: 41c73dfdbc49f41f0dbc2a1e9a97ab421db710e4c32619ee873d5380d3db6c0a
rhsc-tools-common-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 2ad566a84c333adb91cac63f45f4f781
SHA-256: 734f3a98511b6b410b750da65f73dcc4da27da24f9074885e8d965d737fa8983
rhsc-userportal-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: d4e68646a5f399d592e5727ac9153542
SHA-256: a59f620ab08c53f5e238ad0555cb5a290aeafcf69d974256f4e0a885c531fc80
rhsc-webadmin-portal-2.0.techpreview1-4.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 53592d230ecd2b4e76ec2cfa0ef89a26
SHA-256: 27df295e6104eeb67debc8a5c172d9fb558158f85d1ee1529b73b6169dfa32af
vdsm-bootstrap-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 80d50a34a101a4ba5eced1904b0ff861
SHA-256: 06c72d5ad16dd5d0c3e9ba2edc6a26efc3a18deffe0e7bcf8c2d597791b35f37
 
Red Hat Storage Native Client

SRPMS:
glusterfs-3.3.0.7rhs-1.el5.src.rpm
File outdated by:  RHEA-2014:0208
    MD5: 4f8609a1cbfa679b49eb7b6d9b837ff6
SHA-256: cfb882eacba57226c2b5d12be354602f93cc85952620ace301326ad52d6b8f85
glusterfs-3.3.0.7rhs-1.el6.src.rpm
File outdated by:  RHEA-2014:0208
    MD5: 32159eab7da9b730cd5e90f80ac58fc4
SHA-256: d0a27d58e4da36c71cd3ad80160b391666a69307b642f32e62be559cfaca6230
 
x86_64:
glusterfs-3.3.0.7rhs-1.el5.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: 34fb79f2ae32f92e370bda1686348c26
SHA-256: 1b3d99655e33af7541ca9281e7536a8923862fd3fcf73f529c0c5e02acc686df
glusterfs-3.3.0.7rhs-1.el6.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: 055bd6d12595f42ae541b211829e98f8
SHA-256: c23e0ba246e04a398d1e2f99cb4e6962ba7195bbd329699c0c918eb46fef2c44
glusterfs-debuginfo-3.3.0.7rhs-1.el5.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: 388cde2246e6dd8b51383873649eb345
SHA-256: 1f0dd03abe7d709d01b758ebf27c35ebbd60a895d4664a23ab31a14cae757298
glusterfs-debuginfo-3.3.0.7rhs-1.el6.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: 908223662b5b908752bb792a2ec8a51a
SHA-256: 2b75149960245b5beccc386f0a05e7167ab6da84cbff7f660aa9bcf6300e69aa
glusterfs-devel-3.3.0.7rhs-1.el5.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: 1e1b4cd51e0b1ad393cfbfe4e80974fb
SHA-256: d0f6763e06122afa97d5bdd943e0718fd5844fc18c3e36bd9409589fc6a36aa5
glusterfs-devel-3.3.0.7rhs-1.el6.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: b042957f314ec49f997f8d14a9546a46
SHA-256: fc33150638ac2e0abcc2ae1619f66ceae5b6bcf25609b33f31b9933023950cfe
glusterfs-fuse-3.3.0.7rhs-1.el5.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: 14044a9f0e25b5b2295293cbc7fa9eb3
SHA-256: 57ee887b06473dd71eabd340237ea44a8697bb0f36bb7c56280ec34391eb39c0
glusterfs-fuse-3.3.0.7rhs-1.el6.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: 0ecb4aff6389a349ff86668c2c6bcd1d
SHA-256: c8f7d15060a76a52efbaedfeef17f8d50e1f6b9c22188cf504f0b14d961c89ec
glusterfs-rdma-3.3.0.7rhs-1.el5.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: a53741e1134d9b60f75f7813264408c9
SHA-256: 8c4fe084267ec029bff4a60a7b4153cc2ff146d2fe3ae4de9bff9add0805066f
glusterfs-rdma-3.3.0.7rhs-1.el6.x86_64.rpm
File outdated by:  RHEA-2014:0208
    MD5: b37d370316051ac266984a1cd5e2aebe
SHA-256: 254a5117bf0e5585ad9522f5e657074871bb26b200f3b96fe372c52dda4f933b
 
Red Hat Storage Server 2.0

SRPMS:
appliance-1.7.1-1.el6rhs.src.rpm
File outdated by:  RHSA-2013:1205
    MD5: 527ef240f204a03eab97636c29fa960f
SHA-256: e0a38ba4f7c3418cf02402dd2e224a4b30d3dbec7f1deda8edf5545db834fbf3
augeas-0.9.0-1.el6.src.rpm     MD5: 30d420f4423c476be88838754bb24d3b
SHA-256: 1b5421b296431da58f2b790910f5169a235b14756849747f74e53f5a27914df6
gluster-swift-1.4.8-5.el6rhs.src.rpm     MD5: c06199cdf11f0c477baa66dfdc5ff5e2
SHA-256: cadb13b3a8fbb819d321f4dc6a51f12057028ed29a0335d33a7416a12b999281
glusterfs-3.3.0.7rhs-1.el6rhs.src.rpm
File outdated by:  RHSA-2013:1205
    MD5: a74f5d33382c99c16898b2f61fcb1b7a
SHA-256: 8bf3a4527afef093e516c02305ab9a50a6da347fa75552fcccc065662e6f49b6
libvirt-0.9.10-21.el6_3.8.src.rpm     MD5: 10debcdd8fba2e5b6816f52cfb777555
SHA-256: e155d5cc3a9f293fceb5b870c4fb14d1c8e7844462a20d4d27fb514a050adeb7
rhn-client-tools-1.0.0-73.el6rhs.src.rpm     MD5: f72c5d491ae91fdd15bcdd5fe3cfc7a7
SHA-256: 49af5173ba325e96167f2840cbe4a2027b8feac3aed5265582a0240ac5d483b7
sanlock-2.3-4.el6_3.src.rpm     MD5: 9e142c3872917d47419eeba1ab74cebb
SHA-256: 21d05318a5531648d4e0d1d915078a1bb999be805f741f70701dd3f64c4808bd
sos-2.2-17.2.el6rhs.src.rpm     MD5: b3510c7bdefde6e36a5325f2ed22492d
SHA-256: 6a23deb05964b165f748990a9500edd00a38be55d74c9c459f96b0b3a2b923ab
vdsm-4.9.6-20.el6rhs.src.rpm
File outdated by:  RHBA-2013:1064
    MD5: 5545411ac3a2d1a041e8eb63add59bbc
SHA-256: d627e68f4f9b579ca6f50c9fc12a0662d57d15a9d1dcef196bf19f00ad55f8ee
 
x86_64:
appliance-base-1.7.1-1.el6rhs.noarch.rpm
File outdated by:  RHSA-2013:1205
    MD5: b63b65b8b0fbe87d1ede90dd16510135
SHA-256: ea57dd95770f19a74609a3aee85093cc27e0dfabb41c4560f6c95723886ce16d
augeas-0.9.0-1.el6.x86_64.rpm     MD5: ac2b734f4ace58ab03cb81f6922ad693
SHA-256: c030957406d68777e2689b3d9f5c328bc42ae20c9b934132f573daffe23e9a91
augeas-debuginfo-0.9.0-1.el6.x86_64.rpm     MD5: 0fdcb4ce4d18c2701cdfd483d5a41ff4
SHA-256: 08fe9b413554414625e1b9f98998b0ffdfd4d4949b33fd0bc9522176a54e1e44
augeas-devel-0.9.0-1.el6.x86_64.rpm     MD5: 634e45d16624ef9d6413237312bffff4
SHA-256: 943a38315a864c1ebf991b1d23827c3dcc32b136d7592245b97304f59218e531
augeas-libs-0.9.0-1.el6.x86_64.rpm     MD5: 8ced122d2ca4ae6ba552c19ea17b1ce2
SHA-256: fabc3aa845df1498f8530c58aea9b57458293983998508fc5c7c92cb25879022
gluster-swift-1.4.8-5.el6rhs.noarch.rpm     MD5: 5a642f22726c2480c6372453b1317272
SHA-256: 52a09ab908c46322883dddcb5a0b7309d367b727dc6529ad3227c8ee2094aa86
gluster-swift-account-1.4.8-5.el6rhs.noarch.rpm     MD5: e6e36fce044c57212aa10c9a9121ee3a
SHA-256: e708b24ba3136e8e9ba3f29bddc3acfeb156a02c91b79c0f8a607e7b46d702f0
gluster-swift-container-1.4.8-5.el6rhs.noarch.rpm     MD5: 8e1d72bb0de38e88589790fa8cfd812d
SHA-256: 866080325f0ba7a5a85060746cc553ddaa91d479708fb57db8fb53c82ae0475f
gluster-swift-doc-1.4.8-5.el6rhs.noarch.rpm     MD5: 618e775b47e03c100b9e247e708bfc91
SHA-256: 9e6340fe734096c267e0d6b84c3a6277da4c166b01458e8e3df0d3be0c270eef
gluster-swift-object-1.4.8-5.el6rhs.noarch.rpm     MD5: 3c454f2ff23dab3b5210beef72228ebb
SHA-256: 5385be67b8cd427f1941b30321cca0c5f4b0947f389bf1e5d312d1d4131c0223
gluster-swift-proxy-1.4.8-5.el6rhs.noarch.rpm     MD5: 6282d8f4a05a1ad9110fb101ab9f5196
SHA-256: 90fdb5bf8dd3a56a13f8b2e0b3d22cc8de33f88fcdfa3565c1a21201146d061f
glusterfs-3.3.0.7rhs-1.el6rhs.x86_64.rpm
File outdated by:  RHSA-2013:1205
    MD5: d4382b6e81cfa90002b5060281890740
SHA-256: e104e3c9dab522ac92dcb07043ef399c40dfe2f05d49a73cdc5b0294bf590656
glusterfs-debuginfo-3.3.0.7rhs-1.el6rhs.x86_64.rpm
File outdated by:  RHSA-2013:1205
    MD5: b4eb9d63a6b0205cbd39396185b1ca3e
SHA-256: 40645f5711b377439ede11e26ac0f2838626a5dbce5709f7a1c5b79a28dedbb9
glusterfs-devel-3.3.0.7rhs-1.el6rhs.x86_64.rpm
File outdated by:  RHSA-2013:1205
    MD5: e16b9abfe5f68c73613fa43479a23eae
SHA-256: 3c4e49c11170d3c4f15250360ad51e2900c537696b7062bf494002bf6544bfd5
glusterfs-fuse-3.3.0.7rhs-1.el6rhs.x86_64.rpm
File outdated by:  RHSA-2013:1205
    MD5: 10baf88f8b0392818090881b3fe90201
SHA-256: 51fbbe33306bb8fe367f0a38c9f9eeafe66ce687defb3cdffe9926e7a10d5998
glusterfs-geo-replication-3.3.0.7rhs-1.el6rhs.x86_64.rpm
File outdated by:  RHSA-2013:1205
    MD5: 57d07ed9dcce1f07dffcf32f0d9239b5
SHA-256: 040afedde362b0a6c53fea7489ede1b43102b8339408fbd4f96fa069002fe16a
glusterfs-rdma-3.3.0.7rhs-1.el6rhs.x86_64.rpm
File outdated by:  RHSA-2013:1205
    MD5: c746413db2ba52f8484dfe66279ab82b
SHA-256: cbc59b94376a079733b3e6319bc5375f462e905f52fbc8b81b67ccf57d26bb48
glusterfs-server-3.3.0.7rhs-1.el6rhs.x86_64.rpm
File outdated by:  RHSA-2013:1205
    MD5: 5ac6121c95401bfc0339f67034062a70
SHA-256: 2c24e864ad0200c61ee93c90053ded8f7ffcd200526823d70fab2fbc164fd8a0
libvirt-0.9.10-21.el6_3.8.x86_64.rpm     MD5: 1790df735f6137483d7b378b1d13075d
SHA-256: a5611361f885f6fbd5187a11d8b9f81d46b7597f9624e01cb90383949bec78d8
libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm     MD5: 5ce3d8668c3835006797d56406ba2b17
SHA-256: 710486cfa01bca0f53a6fe7d43e52d29527de287543cd883f07062bbf333083a
libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm     MD5: 1b3b3d39fd48d34c722d29363257826b
SHA-256: 6052ecde27f261a6f6e13b985d3bad716d63616bef8ff999aff2ac311caaebbd
libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm     MD5: c326c7f4c4161c1d6ac878aa41e4d6d0
SHA-256: 76892e4e550ed788b1b2b311abaf99a18c533d97c0d3612c065b3ad62976db59
libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm     MD5: 3a97b1eee8a001513f34a4a7f2457a63
SHA-256: a461ae7e24593cd28bf50335366727871338f3bd7184c04ffba735e97a3dc9c2
libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm     MD5: aa94aa286d464168076e3651e314fbdf
SHA-256: 9aa952c6c007af092bc49a5f2f2a5af3ecb0f820c3f95bcb9e06a23f44434274
rhn-check-1.0.0-73.el6rhs.noarch.rpm     MD5: 52fb3afa305e4bac3ecfbec20bb11707
SHA-256: a1e00904de11a463036d3d2dd21ada50d5dc1daf84021958eec27efb92decd65
rhn-client-tools-1.0.0-73.el6rhs.noarch.rpm     MD5: 6a1417847d06d3910e664c20e1f5065a
SHA-256: ba2cc0882c01e6ad5e53be4e450705f5a0206ffe359cbf87c41732f84a0eee5c
rhn-setup-1.0.0-73.el6rhs.noarch.rpm     MD5: 3ff641553c54097f4b0fb6630f8889b7
SHA-256: 2c99b9eab12424c17711fb90ecab5ac89930c465299c8ec84a744d53dcc88cbd
rhn-setup-gnome-1.0.0-73.el6rhs.noarch.rpm     MD5: be1fb90319290200faff5b26e6088114
SHA-256: 5e3ebdb1fcdbb206e4f2d88418a2f252725276fdd2b3de3d20e7e1405439fb9f
sanlock-2.3-4.el6_3.x86_64.rpm     MD5: 038633a57aaa760e218c75af6f483e3b
SHA-256: 6e6c091d0e4788ad0e8c1b25e1bb0adadaf35ba4889f7dbc0e28b63cab961803
sanlock-debuginfo-2.3-4.el6_3.x86_64.rpm     MD5: ea881bf1a6e10a8b563eb17a951b2798
SHA-256: 45e4bd05ef80cf750ea3204624e3816f52caa34dbcbc6060a3a6543475d2e278
sanlock-devel-2.3-4.el6_3.x86_64.rpm     MD5: 8308f0d33a475d2ee54ab1683258c658
SHA-256: 34b86c118bd39181580dd56b46a60bd42422020b0774e2cdd6611ff5a086130c
sanlock-lib-2.3-4.el6_3.x86_64.rpm     MD5: 5b35b3720aef566cba217c3045f70070
SHA-256: 167b50c19fc35bd2b77a40ffafb51870060526d13559100a6e83488e04194488
sanlock-python-2.3-4.el6_3.x86_64.rpm     MD5: 7b4b3686ea946bcc4b2054d0865d1bc7
SHA-256: d5dd10cfcc042bd63aeddb0058d501f5d75ad00e2d7a7801026f0df668b64254
sos-2.2-17.2.el6rhs.noarch.rpm     MD5: 2ca3bf2991cb1878fbeb6343393b003c
SHA-256: dc0c948cd00b438d9dff555a148573fa6fca906562b4b4553d0a3dac67fa2b4f
vdsm-4.9.6-20.el6rhs.x86_64.rpm
File outdated by:  RHBA-2013:1064
    MD5: 52a6b82eb2e6f87696e3dd869ff051e6
SHA-256: d53ec6993b00eb3f8acd98856694b6a0dd686f6ef91f61971560c042150788bc
vdsm-bootstrap-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 80d50a34a101a4ba5eced1904b0ff861
SHA-256: 06c72d5ad16dd5d0c3e9ba2edc6a26efc3a18deffe0e7bcf8c2d597791b35f37
vdsm-cli-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 86a523b61467e602b65beb6c638d2798
SHA-256: 894b9b0a20e041b5bf4b7b340bc2a1d4ecb120019bdd87c8c035b4391fcf9b56
vdsm-debug-plugin-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 3c4176a0a16232d8c90db03c0d11d49e
SHA-256: 0959c413a26ec65d48a675d0b34f71fd7eca8c7c40f008ddaa781c291f69d9ed
vdsm-debuginfo-4.9.6-20.el6rhs.x86_64.rpm
File outdated by:  RHBA-2013:1064
    MD5: f7aea325700d368744280d7b29810a7e
SHA-256: b8fc1fc8951b7a26f9965ad765bd9000d024cd2aea08a86c4d42ca0a777273e6
vdsm-gluster-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 0d24676ca8614ef60149a4dc0dd88558
SHA-256: 868e4afbb26b1ec4c34aebdcd05ca7919ccffecfeb5412b1612049c7568a0d75
vdsm-hook-faqemu-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 68b33beffccae2bd9a189b37bf6b4e1b
SHA-256: 24bbfdf6381e7d543ee7bf7cd21d9f5a8deee914fdcde92213e3d0c1e1b40bbd
vdsm-hook-vhostmd-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: b8559bbceebba79dd817941df3cd6004
SHA-256: c159f4a8efffc6e7f4523b7bf371f83cba3e68411e257d4ad3aadcd9e0da626f
vdsm-python-4.9.6-20.el6rhs.x86_64.rpm
File outdated by:  RHBA-2013:1064
    MD5: 5be1bee7e3a047397316d58f3d279c6f
SHA-256: c907eb2fd18c58d5b8e52d1c0ad8dd393806e43d6a1e22aa92526e6e1566798d
vdsm-reg-4.9.6-20.el6rhs.noarch.rpm
File outdated by:  RHBA-2013:1064
    MD5: 5fcda12cb91ff118773772ba30214e31
SHA-256: 1a821bd200142abb45a9e21a184fd98f911c7b5530cf6330e6dff869045bf9f3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

854757 - CVE-2012-4406 Openstack-Swift: insecure use of python pickle()
856206 - [FEAT] FUSE queue length needs to be configurable
859387 - [RHEV-RHS] Rebalance migration failures are seen when replicate bricks are brought down and restarted
869724 - smbtorture's raw.ping-pong test fails against GlusterFS share
876679 - 32bit support in Fuse, related to special option nfs.enable-ino32
883590 - Gluster CLI does not allow setting root squashing
886364 - CVE-2012-5635 GlusterFS: insecure temporary file creation
887010 - CVE-2012-5638 sanlock world writable /var/log/sanlock.log
895841 - [glusterfs-3.3.1qa3]: glusterfs client asserted
902213 - "gluster volume geo-replication .. config" with an incorrect hostname for the source gives a DeprecationWarning
922572 - Console Configuration Script adds invalid 'security' configuration for ENGINEDataSource in JBoss
923674 - rhsc-setup fails: does not check for SELinux before running setsebool


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/