Skip to navigation

Security Advisory Moderate: GFS-kernel security and bug fix update

Advisory: RHSA-2010:0331-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-03-30
Last updated on: 2010-03-30
Affected Products: Global File System EL4
Global File System EL4.8.z
CVEs (cve.mitre.org): CVE-2010-0727

Details

Updated GFS-kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 4.8, kernel release 2.6.9-89.0.20.EL.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The GFS-kernel packages contain modules that provide the ability to mount
and use GFS file systems.

A flaw was found in the gfs_lock() implementation. The GFS locking code
could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged user
on a system that has a GFS file system mounted could use this flaw to cause
a kernel panic. (CVE-2010-0727)

As well, these updated GFS-kernel packages are in sync with the latest
kernel (2.6.9-89.0.20.EL). The modules in earlier GFS-kernel packages fail
to load because they do not match the running kernel. It is possible to
force-load the modules; however, with this update, force-loading the
modules is not required.

Users are advised to upgrade to these latest GFS-kernel packages, which
resolve this issue and are updated for use with the 2.6.9-89.0.20.EL
kernel.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Global File System EL4

SRPMS:
GFS-kernel-2.6.9-85.2.el4_8.10.src.rpm
File outdated by:  RHBA-2011:0159
    MD5: c1c12fdae7a8a4f5251833b3a1840dd8
SHA-256: 421f3f3445890aedc9f8ced8a93f4a944b33bd0e181bf305bed6a86a9b09dfac
 
IA-32:
GFS-kernel-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2012:0113
    MD5: cc7a018d6f722034c5a70f37987439c2
SHA-256: 34b9fcf2788c9a7cefb6dad020f680efa154e3b07a95df42914e9d7dccc80bbe
GFS-kernel-hugemem-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2012:0113
    MD5: 67fac8e4a2a061195a8a70129b288ffb
SHA-256: fb7299f9ea0d2bc075d71e2609fdec5e328847fcc8752612c2eb00c3fe3decce
GFS-kernel-smp-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2012:0113
    MD5: 9a06337f6686ac22ca6eaea3ad29b563
SHA-256: f5cf0fabb9f11641f199102e618dc06215aa78d16c58e3dfc4e25289ab46a44c
GFS-kernel-xenU-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2012:0113
    MD5: afb78f4d5f68bf144006be6f77f06840
SHA-256: 517ab28d8c70cf414afb0904a945d9b47723c5632a870ec7201f877ae417f5ea
GFS-kernheaders-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2012:0113
    MD5: 63c582a7d86527c5386187d2b6eff61e
SHA-256: bbb35c92167a52fc6efc3057ecb4e89eae4123ebbf3bfaf8305c5901e3ee8d25
 
IA-64:
GFS-kernel-2.6.9-85.2.el4_8.10.ia64.rpm
File outdated by:  RHBA-2012:0113
    MD5: e35a53649f92c7606522a8cfbc5c0b76
SHA-256: 8f1594e9a7a4bc7710e7f552666a6758769dc771186864a45edacc3d37d71840
GFS-kernheaders-2.6.9-85.2.el4_8.10.ia64.rpm
File outdated by:  RHBA-2012:0113
    MD5: 272ac9ef0279e5897d45cede466c1890
SHA-256: b6dd5e1c0a0c6f50dab9c220f674667e9ed44dd248c3f65827a4d5e6abb6a230
 
PPC:
GFS-kernel-2.6.9-85.2.el4_8.10.ppc64.rpm
File outdated by:  RHBA-2012:0113
    MD5: 0c371eced85b26f50cdacb96f03a4c60
SHA-256: a7f9ba6a4f4362b34c125891c709c5fa1b597cb832b994468d28c4b76d80008f
GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.ppc64.rpm
File outdated by:  RHBA-2012:0113
    MD5: 90f52fe6b9f84c64fc292c98974e232e
SHA-256: 49845ab91d4592df6850705dd8d6f0779d159e59da9dbb674bca00d0916e1b5d
GFS-kernheaders-2.6.9-85.2.el4_8.10.ppc64.rpm
File outdated by:  RHBA-2012:0113
    MD5: 63fba8e4bcb4710654c6d917a42d7719
SHA-256: 76ebb2981de243f2353e78d1540359f827da46a95692486370e0edd8666d7b58
 
x86_64:
GFS-kernel-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2012:0113
    MD5: c742bfb7d11a5cb454f69627900b079a
SHA-256: e8a64bf2f6c4a04669f800ea7ee1111235e4fa26af639d16687d37cc8d950341
GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2012:0113
    MD5: b7f0a4035ef6f4a7fe8cd5a6dc5663d3
SHA-256: 74b3eaaba425032b14ee7bd3063d3045a6230ba5f7d7b5df0379b53837430028
GFS-kernel-smp-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2012:0113
    MD5: bf76052e8a71ea38214e21386bf138de
SHA-256: 3342f9b73ac83f9f070070256cef9dcf122febf643ea75658227922b6ad4c8be
GFS-kernel-xenU-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2012:0113
    MD5: 09b270505454908c5698dd756bbae8f4
SHA-256: d047f3d3bf05a06b13a48a200e09bf87d99f83b398a92971a9f197c105f08ce2
GFS-kernheaders-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2012:0113
    MD5: 78bf5f953c4bd4f788d8c34a5ef7391f
SHA-256: 667af750aa35f6696cebd569574f9323e511acb9a13be9ac6d97b7f9220945b2
 
Global File System EL4.8.z

SRPMS:
GFS-kernel-2.6.9-85.2.el4_8.10.src.rpm
File outdated by:  RHBA-2011:0159
    MD5: c1c12fdae7a8a4f5251833b3a1840dd8
SHA-256: 421f3f3445890aedc9f8ced8a93f4a944b33bd0e181bf305bed6a86a9b09dfac
 
IA-32:
GFS-kernel-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2011:0159
    MD5: cc7a018d6f722034c5a70f37987439c2
SHA-256: 34b9fcf2788c9a7cefb6dad020f680efa154e3b07a95df42914e9d7dccc80bbe
GFS-kernel-hugemem-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2011:0159
    MD5: 67fac8e4a2a061195a8a70129b288ffb
SHA-256: fb7299f9ea0d2bc075d71e2609fdec5e328847fcc8752612c2eb00c3fe3decce
GFS-kernel-smp-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2011:0159
    MD5: 9a06337f6686ac22ca6eaea3ad29b563
SHA-256: f5cf0fabb9f11641f199102e618dc06215aa78d16c58e3dfc4e25289ab46a44c
GFS-kernel-xenU-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2011:0159
    MD5: afb78f4d5f68bf144006be6f77f06840
SHA-256: 517ab28d8c70cf414afb0904a945d9b47723c5632a870ec7201f877ae417f5ea
GFS-kernheaders-2.6.9-85.2.el4_8.10.i686.rpm
File outdated by:  RHBA-2011:0159
    MD5: 63c582a7d86527c5386187d2b6eff61e
SHA-256: bbb35c92167a52fc6efc3057ecb4e89eae4123ebbf3bfaf8305c5901e3ee8d25
 
IA-64:
GFS-kernel-2.6.9-85.2.el4_8.10.ia64.rpm
File outdated by:  RHBA-2011:0159
    MD5: e35a53649f92c7606522a8cfbc5c0b76
SHA-256: 8f1594e9a7a4bc7710e7f552666a6758769dc771186864a45edacc3d37d71840
GFS-kernheaders-2.6.9-85.2.el4_8.10.ia64.rpm
File outdated by:  RHBA-2011:0159
    MD5: 272ac9ef0279e5897d45cede466c1890
SHA-256: b6dd5e1c0a0c6f50dab9c220f674667e9ed44dd248c3f65827a4d5e6abb6a230
 
PPC:
GFS-kernel-2.6.9-85.2.el4_8.10.ppc64.rpm
File outdated by:  RHBA-2011:0159
    MD5: 0c371eced85b26f50cdacb96f03a4c60
SHA-256: a7f9ba6a4f4362b34c125891c709c5fa1b597cb832b994468d28c4b76d80008f
GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.ppc64.rpm
File outdated by:  RHBA-2011:0159
    MD5: 90f52fe6b9f84c64fc292c98974e232e
SHA-256: 49845ab91d4592df6850705dd8d6f0779d159e59da9dbb674bca00d0916e1b5d
GFS-kernheaders-2.6.9-85.2.el4_8.10.ppc64.rpm
File outdated by:  RHBA-2011:0159
    MD5: 63fba8e4bcb4710654c6d917a42d7719
SHA-256: 76ebb2981de243f2353e78d1540359f827da46a95692486370e0edd8666d7b58
 
x86_64:
GFS-kernel-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2011:0159
    MD5: c742bfb7d11a5cb454f69627900b079a
SHA-256: e8a64bf2f6c4a04669f800ea7ee1111235e4fa26af639d16687d37cc8d950341
GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2011:0159
    MD5: b7f0a4035ef6f4a7fe8cd5a6dc5663d3
SHA-256: 74b3eaaba425032b14ee7bd3063d3045a6230ba5f7d7b5df0379b53837430028
GFS-kernel-smp-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2011:0159
    MD5: bf76052e8a71ea38214e21386bf138de
SHA-256: 3342f9b73ac83f9f070070256cef9dcf122febf643ea75658227922b6ad4c8be
GFS-kernel-xenU-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2011:0159
    MD5: 09b270505454908c5698dd756bbae8f4
SHA-256: d047f3d3bf05a06b13a48a200e09bf87d99f83b398a92971a9f197c105f08ce2
GFS-kernheaders-2.6.9-85.2.el4_8.10.x86_64.rpm
File outdated by:  RHBA-2011:0159
    MD5: 78bf5f953c4bd4f788d8c34a5ef7391f
SHA-256: 667af750aa35f6696cebd569574f9323e511acb9a13be9ac6d97b7f9220945b2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/