Skip to navigation

Security Advisory Low: initscripts security and bug fix update

Advisory: RHSA-2012:0312-3
Type: Security Advisory
Severity: Low
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2008-1198

Details

An updated initscripts package that fixes one security issue and four bugs
is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The initscripts package contains system scripts to boot your system, change
runlevels, activate and deactivate most network interfaces, and shut the
system down cleanly.

With the default IPsec (Internet Protocol Security) ifup script
configuration, the racoon IKE key management daemon used aggressive IKE
mode instead of main IKE mode. This resulted in the preshared key (PSK)
hash being sent unencrypted, which could make it easier for an attacker
able to sniff network traffic to obtain the plain text PSK from a
transmitted hash. (CVE-2008-1198)

Red Hat would like to thank Aleksander Adamowski for reporting this issue.

This update also fixes the following bugs:

* Prior to this update, the DHCPv6 client was not terminated when the
network service was stopped. This update modifies the source so that the
client is now terminated when stopping the network service. (BZ#568896)

* Prior to this update, on some systems the rm command failed and reported
the error message "rm: cannot remove directory `/var/run/dovecot/login/':
Is a directory" during system boot. This update modifies the source so that
this error message no longer appears. (BZ#679998)

* Prior to this update, the netconsole script could not discover and
resolve the MAC address of the router specified in the
/etc/sysconfig/netconsole file. This update modifies the netconsole script
so that the script no longer fails when the arping tool returns the MAC
address of the router more than once. (BZ#744734)

* Prior to this update, the arp_ip_target was, due to a logic error, not
correctly removed via sysfs. As a consequence, the error "ifdown-eth: line
64: echo: write error: Invalid argument" was reported when attempting to
shut down a bonding device. This update modifies the script so that the
error no longer appears and arp_ip_target is now correctly removed.
(BZ#745681)

All users of initscripts are advised to upgrade to this updated package,
which fixes these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
initscripts-8.45.42-1.el5.src.rpm
File outdated by:  RHBA-2013:1300
    MD5: 150c6877296e956c4523fbd57b803236
SHA-256: ec2b63fadfbb341577f7fe1b4596da445d3a26c0772849afcce32551c050646a
 
IA-32:
initscripts-8.45.42-1.el5.i386.rpm
File outdated by:  RHBA-2013:1300
    MD5: 312152c6c4607b1ce22a31e7c4377c73
SHA-256: 4406cb7c419832d100d84fa46056145b9f74f783e8b6b72068d7c10799edd68a
initscripts-debuginfo-8.45.42-1.el5.i386.rpm
File outdated by:  RHBA-2013:1300
    MD5: 24df0be2884753d1f9d86f958ebaaafc
SHA-256: 400dcbc39e6f06b4b6748ee6618819f126e5529e7b1dc20220ea413e9d0c5b0a
 
IA-64:
initscripts-8.45.42-1.el5.ia64.rpm
File outdated by:  RHBA-2013:1300
    MD5: e78bd789a483985414c72a126c24c502
SHA-256: 6e63875b9c4f1a092fdf92a370d3eb235716610dd15315c302d5467508c6710f
initscripts-debuginfo-8.45.42-1.el5.ia64.rpm
File outdated by:  RHBA-2013:1300
    MD5: 583edf03d73c67d6b35fd0012bb80de1
SHA-256: 7071cf08f7c3426f474f362899a3a39fe9ec2ce091e9741c40b4fde7d8e0e5c2
 
PPC:
initscripts-8.45.42-1.el5.ppc.rpm
File outdated by:  RHBA-2013:1300
    MD5: 9a3cd68d8eb07874dd8de4a94bbbad91
SHA-256: 5f31b99d1891b680006df028d88c865b235a25225883bea505dfd46ac7628aa1
initscripts-debuginfo-8.45.42-1.el5.ppc.rpm
File outdated by:  RHBA-2013:1300
    MD5: 4b2b51da7827c6087f43f511eaada739
SHA-256: 429beffa08b06457aa2b99149410aa805b4dd543f728514d6dc9b5d6bf9784e9
 
s390x:
initscripts-8.45.42-1.el5.s390x.rpm
File outdated by:  RHBA-2013:1300
    MD5: 8e1bcbe75ecd687a6ca213b3bedb11bd
SHA-256: e251aa7ed9471bbb66e67553595c8267eb4f236644503676f10f93e4166398e7
initscripts-debuginfo-8.45.42-1.el5.s390x.rpm
File outdated by:  RHBA-2013:1300
    MD5: 8a53f73f71371a541806246358a2d931
SHA-256: 110953b1e515896ca7eb03cc5be1cf1c8ca6b6be5cd86551e58784b59eb0cce2
 
x86_64:
initscripts-8.45.42-1.el5.x86_64.rpm
File outdated by:  RHBA-2013:1300
    MD5: 778f578c65ac3f74da4328740630da68
SHA-256: 8c92193ffe603db722b5081ed5597f48c2fa7e99525b44f4b0bb670cd3f69e15
initscripts-debuginfo-8.45.42-1.el5.x86_64.rpm
File outdated by:  RHBA-2013:1300
    MD5: fa62744190e89fb505dcf82368a8e352
SHA-256: a01c1f57cdea87292bd6ad1ced46417db326797a193160411318d1aa9f5f5e31
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
initscripts-8.45.42-1.el5.src.rpm
File outdated by:  RHBA-2013:1300
    MD5: 150c6877296e956c4523fbd57b803236
SHA-256: ec2b63fadfbb341577f7fe1b4596da445d3a26c0772849afcce32551c050646a
 
IA-32:
initscripts-8.45.42-1.el5.i386.rpm
File outdated by:  RHBA-2013:1300
    MD5: 312152c6c4607b1ce22a31e7c4377c73
SHA-256: 4406cb7c419832d100d84fa46056145b9f74f783e8b6b72068d7c10799edd68a
initscripts-debuginfo-8.45.42-1.el5.i386.rpm
File outdated by:  RHBA-2013:1300
    MD5: 24df0be2884753d1f9d86f958ebaaafc
SHA-256: 400dcbc39e6f06b4b6748ee6618819f126e5529e7b1dc20220ea413e9d0c5b0a
 
x86_64:
initscripts-8.45.42-1.el5.x86_64.rpm
File outdated by:  RHBA-2013:1300
    MD5: 778f578c65ac3f74da4328740630da68
SHA-256: 8c92193ffe603db722b5081ed5597f48c2fa7e99525b44f4b0bb670cd3f69e15
initscripts-debuginfo-8.45.42-1.el5.x86_64.rpm
File outdated by:  RHBA-2013:1300
    MD5: fa62744190e89fb505dcf82368a8e352
SHA-256: a01c1f57cdea87292bd6ad1ced46417db326797a193160411318d1aa9f5f5e31
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

435274 - CVE-2008-1198 IPSec ifup script allows for aggressive IKE mode
679998 - [REG][5.6] rm command reports an error message during system booting.


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/