Skip to navigation

Security Advisory Important: cman security update

Advisory: RHSA-2007:0559-2
Type: Security Advisory
Severity: Important
Issued on: 2007-06-28
Last updated on: 2007-06-28
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
CVEs (cve.mitre.org): CVE-2007-3374

Details

Updated cman packages that correct a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

cman is the Red Hat Cluster Manager.

A flaw was found in the cman daemon. A local attacker could connect to the
cman daemon and trigger a static buffer overflow leading to a denial of
service or, potentially, an escalation of privileges. (CVE-2007-3374)

Users of Cluster Manager should upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
cman-2.0.64-1.0.1.el5.src.rpm
File outdated by:  RHBA-2014:0282
    MD5: 1fcc797abeb94c5822f21ad4a851aab2
 
IA-32:
cman-2.0.64-1.0.1.el5.i386.rpm
File outdated by:  RHBA-2014:0282
    MD5: fae8fdb3d0ce291b73e386013273e58e
cman-devel-2.0.64-1.0.1.el5.i386.rpm
File outdated by:  RHBA-2014:0282
    MD5: 14b0724782b621886026c0cd342ba733
 
x86_64:
cman-2.0.64-1.0.1.el5.x86_64.rpm
File outdated by:  RHBA-2014:0282
    MD5: de0045b6cf4b0b1965a06ae63272252e
cman-devel-2.0.64-1.0.1.el5.i386.rpm
File outdated by:  RHBA-2014:0282
    MD5: 14b0724782b621886026c0cd342ba733
cman-devel-2.0.64-1.0.1.el5.x86_64.rpm
File outdated by:  RHBA-2014:0282
    MD5: 0310e2f5055a9e5b7fbb35dfdfa6f8bb
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
cman-2.0.64-1.0.1.el5.src.rpm
File outdated by:  RHBA-2014:0282
    MD5: 1fcc797abeb94c5822f21ad4a851aab2
 
IA-32:
cman-2.0.64-1.0.1.el5.i386.rpm
File outdated by:  RHBA-2014:0282
    MD5: fae8fdb3d0ce291b73e386013273e58e
cman-devel-2.0.64-1.0.1.el5.i386.rpm
File outdated by:  RHBA-2014:0282
    MD5: 14b0724782b621886026c0cd342ba733
 
IA-64:
cman-2.0.64-1.0.1.el5.ia64.rpm
File outdated by:  RHBA-2014:0282
    MD5: 9774f665b8af6b784660348b5b6dab64
cman-devel-2.0.64-1.0.1.el5.ia64.rpm
File outdated by:  RHBA-2014:0282
    MD5: bddaad0ff171cb92671d157309e44e7b
 
PPC:
cman-2.0.64-1.0.1.el5.ppc.rpm
File outdated by:  RHBA-2014:0282
    MD5: a89444882d12337cb6cb3a8a328f5c9b
cman-devel-2.0.64-1.0.1.el5.ppc.rpm
File outdated by:  RHBA-2014:0282
    MD5: e9df7cfc0ed760455867b7a454f15beb
cman-devel-2.0.64-1.0.1.el5.ppc64.rpm
File outdated by:  RHBA-2014:0282
    MD5: 1e035386019255d5e24724230d99dcbd
 
s390x:
cman-2.0.64-1.0.1.el5.s390x.rpm
File outdated by:  RHBA-2009:1622
    MD5: dd30779b292d16e80f6430ded4420cba
cman-devel-2.0.64-1.0.1.el5.s390.rpm
File outdated by:  RHBA-2009:1622
    MD5: d7d6b697e58cf728a22d401155571d7a
cman-devel-2.0.64-1.0.1.el5.s390x.rpm
File outdated by:  RHBA-2009:1622
    MD5: 8d7665f0a81ffa094d145ace6bec2218
 
x86_64:
cman-2.0.64-1.0.1.el5.x86_64.rpm
File outdated by:  RHBA-2014:0282
    MD5: de0045b6cf4b0b1965a06ae63272252e
cman-devel-2.0.64-1.0.1.el5.i386.rpm
File outdated by:  RHBA-2014:0282
    MD5: 14b0724782b621886026c0cd342ba733
cman-devel-2.0.64-1.0.1.el5.x86_64.rpm
File outdated by:  RHBA-2014:0282
    MD5: 0310e2f5055a9e5b7fbb35dfdfa6f8bb
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

244891 - CVE-2007-3374 possible buffer overflow could cause local DoS by crashing cman


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/