Skip to navigation

Security Advisory Low: ibutils security and bug fix update

Advisory: RHSA-2012:0311-3
Type: Security Advisory
Severity: Low
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
CVEs (cve.mitre.org): CVE-2008-3277

Details

Updated ibutils packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The ibutils packages provide InfiniBand network and path diagnostics.

It was found that the ibmssh executable had an insecure relative RPATH
(runtime library search path) set in the ELF (Executable and Linking
Format) header. A local user able to convince another user to run ibmssh in
an attacker-controlled directory could run arbitrary code with the
privileges of the victim. (CVE-2008-3277)

This update also fixes the following bug:

* Under certain circumstances, the "ibdiagnet -r" command could suffer from
memory corruption and terminate with a "double free or corruption" message
and a backtrace. With this update, the correct memory management function
is used to prevent the corruption. (BZ#711779)

All users of ibutils are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
ibutils-1.2-11.2.el5.src.rpm
File outdated by:  RHBA-2013:0106
    MD5: b3065ff728a07523989fd1bb71c9e490
SHA-256: 2d7f7e3c906a0c238c56722778bec7a288d0d4bc08d52185bc8860e90dfc0ef8
 
IA-32:
ibutils-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: 8877ffcd5756f40f67c9fc5269526319
SHA-256: 7f7fc7488fa4fbc799d0759dcf7b98b5f252505a24bfdc51112e152a98c2c683
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: bc44e5966e04dbfb7d6cd00cc92234b0
SHA-256: ba982a6ca7aa5c87282c0a67a8894046a37dd31fed45a3ccb19cbe426e7c9ea9
ibutils-devel-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: a24de6823248b6f1a847e0a0cc7f75cf
SHA-256: 2f8be9ed670ad10d53fcca64a542a531a6bf2e4fb1d7ffdfb713bfd2c00a6096
ibutils-libs-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: 34adcf5213c74c3f5c4574efa29f4449
SHA-256: 55ab86f79c678e4ab04afa763eeef613537e8367c344dfce58d8aaca16040d7b
 
x86_64:
ibutils-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 9d443e34be443293345d6836fffe7d49
SHA-256: 0bab4fd55c78f1c8688b9c991e892b9aef8f214f8d22c089babf8fb65f8b4820
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: bc44e5966e04dbfb7d6cd00cc92234b0
SHA-256: ba982a6ca7aa5c87282c0a67a8894046a37dd31fed45a3ccb19cbe426e7c9ea9
ibutils-debuginfo-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 53a1437bd3851235207dee45e7627f71
SHA-256: 4c77fa42ef511c17c53a21a51d3444635219ce2823579329b68d237d8fd387cb
ibutils-devel-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: a24de6823248b6f1a847e0a0cc7f75cf
SHA-256: 2f8be9ed670ad10d53fcca64a542a531a6bf2e4fb1d7ffdfb713bfd2c00a6096
ibutils-devel-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 0bea33ef5b0a7f064f1c362447f13e77
SHA-256: 0016d199a76387d0ef036bf688bbc5e9db550be2eff0803f056531276b317936
ibutils-libs-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: 34adcf5213c74c3f5c4574efa29f4449
SHA-256: 55ab86f79c678e4ab04afa763eeef613537e8367c344dfce58d8aaca16040d7b
ibutils-libs-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 0e1f048165d5b55a22511cf719627cc6
SHA-256: 73e089f1517ed0bf3182d6287664846ff17326010e8c1dfaafd26db2a8798225
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
ibutils-1.2-11.2.el5.src.rpm
File outdated by:  RHBA-2013:0106
    MD5: b3065ff728a07523989fd1bb71c9e490
SHA-256: 2d7f7e3c906a0c238c56722778bec7a288d0d4bc08d52185bc8860e90dfc0ef8
 
IA-32:
ibutils-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: 8877ffcd5756f40f67c9fc5269526319
SHA-256: 7f7fc7488fa4fbc799d0759dcf7b98b5f252505a24bfdc51112e152a98c2c683
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: bc44e5966e04dbfb7d6cd00cc92234b0
SHA-256: ba982a6ca7aa5c87282c0a67a8894046a37dd31fed45a3ccb19cbe426e7c9ea9
ibutils-devel-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: a24de6823248b6f1a847e0a0cc7f75cf
SHA-256: 2f8be9ed670ad10d53fcca64a542a531a6bf2e4fb1d7ffdfb713bfd2c00a6096
ibutils-libs-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: 34adcf5213c74c3f5c4574efa29f4449
SHA-256: 55ab86f79c678e4ab04afa763eeef613537e8367c344dfce58d8aaca16040d7b
 
IA-64:
ibutils-1.2-11.2.el5.ia64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 851d03705918020ed3320365dfda5b83
SHA-256: 4bb7e03a317cd78245189c8169eaba2a4a93ed0a4df5130d17322ce9a11f9625
ibutils-debuginfo-1.2-11.2.el5.ia64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 8421eede41028b55537c2454c399c9f9
SHA-256: 11149823bf5e02a110836651d91dfffe16b331a4d3a9565737a5e089adea8db1
ibutils-devel-1.2-11.2.el5.ia64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 38e5cdb596e44e1e1f63d07ef8412c47
SHA-256: 79bc160e149b99d725a761e7ea781e0a0bbdb8b4fe03883bcdee7180b497a5f0
ibutils-libs-1.2-11.2.el5.ia64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 7d94dfa444b1bb9e85bf96912c63a619
SHA-256: 7b727c61b1980c4367b6e886a54bd21082063ffa3e16dac0a01cbcc152397780
 
PPC:
ibutils-1.2-11.2.el5.ppc.rpm
File outdated by:  RHBA-2013:0106
    MD5: 871655e8fd25f5e9a102351c67197950
SHA-256: e8a98f5acfb2022eb97c4b178abec8dccc25ffa045d573115ff758a0b15d5b16
ibutils-debuginfo-1.2-11.2.el5.ppc.rpm
File outdated by:  RHBA-2013:0106
    MD5: 5c2fd5be0a3e7edf6eb240f55ac1dfb3
SHA-256: aa8fb096d520a4e36ddf2b480681f42566674c28c984eb4ef8c11bd89bb9ca60
ibutils-devel-1.2-11.2.el5.ppc.rpm
File outdated by:  RHBA-2013:0106
    MD5: 4578b217223715818841ba261f24bd7b
SHA-256: b0dec63f39f1a6230634f317b8f11c82c1b5134feb319ecef225b972f3ee9008
ibutils-libs-1.2-11.2.el5.ppc.rpm
File outdated by:  RHBA-2013:0106
    MD5: abb5c7e9a23628737b91c126bf77bd0c
SHA-256: c62cae2d0e62b994bf03e19cfe965567f8395fb83da83405b38e84cfed954529
 
x86_64:
ibutils-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 9d443e34be443293345d6836fffe7d49
SHA-256: 0bab4fd55c78f1c8688b9c991e892b9aef8f214f8d22c089babf8fb65f8b4820
ibutils-debuginfo-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: bc44e5966e04dbfb7d6cd00cc92234b0
SHA-256: ba982a6ca7aa5c87282c0a67a8894046a37dd31fed45a3ccb19cbe426e7c9ea9
ibutils-debuginfo-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 53a1437bd3851235207dee45e7627f71
SHA-256: 4c77fa42ef511c17c53a21a51d3444635219ce2823579329b68d237d8fd387cb
ibutils-devel-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: a24de6823248b6f1a847e0a0cc7f75cf
SHA-256: 2f8be9ed670ad10d53fcca64a542a531a6bf2e4fb1d7ffdfb713bfd2c00a6096
ibutils-devel-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 0bea33ef5b0a7f064f1c362447f13e77
SHA-256: 0016d199a76387d0ef036bf688bbc5e9db550be2eff0803f056531276b317936
ibutils-libs-1.2-11.2.el5.i386.rpm
File outdated by:  RHBA-2013:0106
    MD5: 34adcf5213c74c3f5c4574efa29f4449
SHA-256: 55ab86f79c678e4ab04afa763eeef613537e8367c344dfce58d8aaca16040d7b
ibutils-libs-1.2-11.2.el5.x86_64.rpm
File outdated by:  RHBA-2013:0106
    MD5: 0e1f048165d5b55a22511cf719627cc6
SHA-256: 73e089f1517ed0bf3182d6287664846ff17326010e8c1dfaafd26db2a8798225
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

457935 - CVE-2008-3277 ibutils: insecure relative RPATH


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/