Skip to navigation

Security Advisory Moderate: gfs-kmod security update

Advisory: RHSA-2010:0521-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-07-08
Last updated on: 2010-07-08
Affected Products: RHEL Cluster-Storage EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2010-0727

Details

Updated gfs-kmod packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.4 Extended Update Support, kernel release
2.6.18-164.19.1.el5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The gfs-kmod packages contain modules that provide the ability to mount and
use GFS file systems.

A flaw was found in the gfs_lock() implementation. The GFS locking code
could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged user
on a system that has a GFS file system mounted could use this flaw to cause
a kernel panic. (CVE-2010-0727)

These updated gfs-kmod packages are in sync with the latest kernel
(2.6.18-164.19.1.el5). The modules in earlier gfs-kmod packages failed to
load because they did not match the running kernel. It was possible to
force-load the modules. With this update, however, users no longer need to.

Users are advised to upgrade to these latest gfs-kmod packages, updated for
use with the 2.6.18-164.19.1.el5 kernel, which contain a backported patch
to correct this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Cluster-Storage EUS (v. 5.4.z server)

SRPMS:
gfs-kmod-0.1.34-2.el5_4.3.src.rpm
File outdated by:  RHBA-2010:0598
    MD5: 3569a9413390a9a7f5b9d67b9c9579fb
SHA-256: 0b6dc5f31d282b5494c68b7305041d54b5083979e62043c135b028894c58beb3
 
IA-32:
kmod-gfs-0.1.34-2.el5_4.3.i686.rpm
File outdated by:  RHBA-2010:0598
    MD5: 6cbe2a74df5395334cd9aaeb15915644
SHA-256: 8239dec5a7ba43debfbd0e4f8a3ac3fff2c5a9acff1d8b2a2fdd25e58756f781
kmod-gfs-PAE-0.1.34-2.el5_4.3.i686.rpm
File outdated by:  RHBA-2010:0598
    MD5: 31fbfd537d202195c8d075d887316d38
SHA-256: 6ba4c977f150d27e89262bb8947aa897ecb6cf32db964d8612adbc89e7f3afc9
kmod-gfs-xen-0.1.34-2.el5_4.3.i686.rpm
File outdated by:  RHBA-2010:0598
    MD5: 0d00a28065e504a05fd86aeeae5084b1
SHA-256: 59224afd165f6d830ee89ee25f8e782a881eab2427bf03dd6559b3f79421b639
 
IA-64:
kmod-gfs-0.1.34-2.el5_4.3.ia64.rpm
File outdated by:  RHBA-2010:0598
    MD5: f215b3c4db8d13fba1fbdb99a22ba5c0
SHA-256: f771aa111fb570774a6e0e1c3ca3a68194f6ffb89abf8be7ae154654d7f806d5
kmod-gfs-xen-0.1.34-2.el5_4.3.ia64.rpm
File outdated by:  RHBA-2010:0598
    MD5: f812bba96433b9dfba60a8594234b5ef
SHA-256: 37fb880b17f091b41bcb65046bf7ed57eaf9216120fe82096ebce4e27f121538
 
PPC:
kmod-gfs-0.1.34-2.el5_4.3.ppc64.rpm
File outdated by:  RHBA-2010:0598
    MD5: 90a179242aebc8f651e9aa7c58807743
SHA-256: 7d21c8b00a7b92d4a935153662044a58a28cfc5b9a2b133404449a466f04e3b0
 
x86_64:
kmod-gfs-0.1.34-2.el5_4.3.x86_64.rpm
File outdated by:  RHBA-2010:0598
    MD5: 5744a08bbf3d29eace91b5768f1decc7
SHA-256: 0246f7a191f4e093546f3f8281ca98d907f6a4cff9310120daaafd8ffaad606b
kmod-gfs-xen-0.1.34-2.el5_4.3.x86_64.rpm
File outdated by:  RHBA-2010:0598
    MD5: 9c7ca29c89ae4cb398d8036eb47c6d71
SHA-256: ef1aac484406549e8bb11bec94ae977afb4413427f95ea74b65de2c5993bfb47
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/