Security Advisory Moderate: GFS security and bug fix update

Advisory: RHSA-2010:0330-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-03-30
Last updated on: 2010-03-30
Affected Products: Global File System EL3
CVEs ( CVE-2010-0727


Updated GFS packages that fix one security issue are now available for Red
Hat Enterprise Linux 3.9, kernel release 2.4.21-63.EL.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The Red Hat Global File System (GFS) allows a cluster of Linux servers to
share data in a common pool of storage.

A flaw was found in the gfs_lock() implementation. The GFS locking code
could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged user
on a system that has a GFS file system mounted could use this flaw to cause
a kernel panic. (CVE-2010-0727)

As well, these updated GFS packages are in sync with the latest kernel
(2.4.21-63.EL). The modules in earlier GFS packages fail to load because
they do not match the running kernel. It is possible to force-load the
modules; however, with this update, force-loading the modules is not
required. (BZ#525198)

Users are advised to upgrade to these latest GFS packages, which resolve
this issue and are updated for use with the 2.4.21-63.EL kernel.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Global File System EL3

Missing file
    MD5: 5a4181c308955a8233812c4110726ff7
SHA-256: d772617d8adad770c9637870944cd379841492e3803eb3f5c562454a3c2f7fed
Missing file
    MD5: 2ac29df2ca63da06457572255d80298c
SHA-256: 2848f96e456aa6008c6f245a31a2510df4572916d7f1f5bbf0ba45ab140382e3
Missing file
    MD5: 9418c38518db0601e9bd422ec07c9aa0
SHA-256: b3d0393910d259b097adfa0884019dba41b69b5cea053d754b8193639214dc6a
Missing file
    MD5: 8743856a0161caf430f5af9cdcfb711e
SHA-256: 5244e3e215d48c9cb2dc8255182e6e7578f8be9b6aaed3149d379e2f301e6a31
Missing file
    MD5: 424500641cc9844078ae81efffb03b9b
SHA-256: b93daaac3c14ec4c6a58397b19b581e6be0038f1df10fedb990a91faac8b3165
Missing file
    MD5: ffde164c2d2709138644bbf8ea337683
SHA-256: f8e7e18d27ea6c845f32afe66f11e8596067e79b528917a929f0a705ef3ce126
Missing file
    MD5: 47132eb46156b67c31559f88670bfcff
SHA-256: 7e93fa0bb148f53b6aa94ca38c49f9381208a52492d769b9652f67635032eb87
Missing file
    MD5: 604002c8950f6e1ee0f59e8afdba83c0
SHA-256: 6e2716e04d2c2694e8d259b895282c0966d52ba7286aa160bd1f7bc02e777177
Missing file
    MD5: 97da40e131c2ad227ec0c68acffd14b0
SHA-256: 1c452ef7d95cd3f323182d81f1de85a1560272a6fa63224526872128e16e385e
Missing file
    MD5: ca5f06b95d8e067c0619dfbfed84b753
SHA-256: 59c8258a3f26d19b6104976c8e4689406fbb78f6e745ad801c505f3e4fe989ec
Missing file
    MD5: 22c0257e52b9feeaf82b22c303fcbe17
SHA-256: f46e7bc7a952f7f6d6a8b8256db7ad8980011a50217b197f7ebb9d4096efa410
Missing file
    MD5: f914bd29925f9fc223fc58e532aba6a7
SHA-256: ecf1217c584935c83d81be762acf6328461b0d60e33a4f86116b2eb1d7ff2d83
Missing file
    MD5: c11cad047d3c9f1b5fcc41a0ea12a4fc
SHA-256: cdb18311c4007f02de5c2f24220fa69861cc2d6f2efb6f2139e91c6bd877c1c6
Missing file
    MD5: dffb3551a1a27420e658a3430beb3e29
SHA-256: d35d24ee030d3246600d5697e823fa8b57818e135fb3df93f92662d7fb40bbcd
Missing file
    MD5: 0069688976703835e65acdce33c72cc7
SHA-256: dcdaa3c8b05157042af53e548ecdb46551a76adb6852bf80b5aae19f2ecf1665
Missing file
    MD5: 159402be2908faa23862395e3b19b1b3
SHA-256: 964c5b3d8a61059e2d8dd5566cb1dad8be6443bb2500358e44de949c0d6ca829
Missing file
    MD5: 03f3d08eeec5e4e8f1599ec5bdd08382
SHA-256: 57873d601f5bca3327eecba232e5c9cca346d09281e29f5f2926b48d62f6b157
Missing file
    MD5: 575ccb02676d7215d693f406df45adb0
SHA-256: ea8f0ef645dd35c17e8ed0be6ecb1ecf857c4deb3a9e2f640f4e189630014398
Missing file
    MD5: 94faacd0da02ea8b98901ae2000f98db
SHA-256: ee3a7924c1bb93e7e973b118401834bd12b8a19efef6f6cb5980ccb0e9a54bc1

Bugs fixed (see bugzilla for more information)

525198 - Need rebuild for 2.4.21-63.EL kernel
570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at