Security Advisory Low: augeas security, bug fix, and enhancement update

Advisory: RHSA-2013:1537-2
Type: Security Advisory
Severity: Low
Issued on: 2013-11-21
Last updated on: 2013-11-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
Red Hat Enterprise Virtualization 3
CVEs (cve.mitre.org): CVE-2012-0786
CVE-2012-0787

Details

Updated augeas packages that fix two security issues, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Augeas is a utility for editing configuration. Augeas parses configuration
files in their native formats and transforms them into a tree.
Configuration changes are made by manipulating this tree and saving it back
into native configuration files. Augeas also uses "lenses" as basic
building blocks for establishing the mapping from files into the Augeas
tree and back.

Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for example,
an application running as root that is updating files in a directory owned
by a non-root service user) could have been tricked into overwriting
arbitrary files or leaking information via a symbolic link or mount point
attack. (CVE-2012-0786, CVE-2012-0787)

The augeas package has been upgraded to upstream version 1.0.0, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#817753)

This update also fixes the following bugs:

* Previously, when single quotes were used in an XML attribute, Augeas was
unable to parse the file with the XML lens. An upstream patch has been
provided ensuring that single quotes are handled as valid characters and
parsing no longer fails. (BZ#799885)

* Prior to this update, Augeas was unable to set up the "require_ssl_reuse"
option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to
properly recognize this option, thus fixing this bug. (BZ#855022)

* Previously, the XML lens did not support non-Unix line endings.
Consequently, Augeas was unable to load any files containing such line
endings. The XML lens has been fixed to handle files with CRLF line
endings, thus fixing this bug. (BZ#799879)

* Previously, Augeas was unable to parse modprobe.conf files with spaces
around "=" characters in option directives. The modprobe lens has been
updated and parsing no longer fails. (BZ#826752)

All Augeas users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
augeas-1.0.0-5.el6.src.rpm
File outdated by:  RHSA-2014:0044
    MD5: d7e283f892457e00f1ed23c8701db217
SHA-256: 869e83279a1cee57b3404fe8444f7520ba25fb4c9fb066902259f1aa68e3d46b
 
IA-32:
augeas-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 5f100693441d27d4df3f2dcabbcf066c
SHA-256: b4edbcbf54fd7fbd1c9ec2e13e9cc5adc61215e246c35529258a59783dcc7593
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-devel-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-libs-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: a9635509fbc2aa88dceda8781c228179
SHA-256: f05baf0ddc17758a22ded1387f481f0e7afbd5df3d08e98df820da368bb2628c
 
x86_64:
augeas-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: ae9731b076c58e9b50c5b18cce8e5fd0
SHA-256: fe7f4d9d51107f513cc991b4adb82cb28e3359c2fdcd98c621f8a7ff155915d1
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-debuginfo-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 161bbb08ed5482bab04ac5e911917419
SHA-256: d5e583d9e71c9434a8fffc2374ff01f2c7606b721ab65467305c6952a8926b66
augeas-devel-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-devel-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 5c5fcda2160f02aa3fb7bbe65a7def25
SHA-256: a8aefb25d9ab2e699265a63221516ab8484b2badfa5ac3d5ad7eb123dff07227
augeas-libs-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: a9635509fbc2aa88dceda8781c228179
SHA-256: f05baf0ddc17758a22ded1387f481f0e7afbd5df3d08e98df820da368bb2628c
augeas-libs-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 26caacbd06cfdc48f16cbdface308ae8
SHA-256: 5f85157528b2c083836d13bdaa864f27fbddee510c90e84a3f336d7d5feb856d
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
augeas-1.0.0-5.el6.src.rpm
File outdated by:  RHSA-2014:0044
    MD5: d7e283f892457e00f1ed23c8701db217
SHA-256: 869e83279a1cee57b3404fe8444f7520ba25fb4c9fb066902259f1aa68e3d46b
 
x86_64:
augeas-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: ae9731b076c58e9b50c5b18cce8e5fd0
SHA-256: fe7f4d9d51107f513cc991b4adb82cb28e3359c2fdcd98c621f8a7ff155915d1
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-debuginfo-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 161bbb08ed5482bab04ac5e911917419
SHA-256: d5e583d9e71c9434a8fffc2374ff01f2c7606b721ab65467305c6952a8926b66
augeas-devel-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-devel-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 5c5fcda2160f02aa3fb7bbe65a7def25
SHA-256: a8aefb25d9ab2e699265a63221516ab8484b2badfa5ac3d5ad7eb123dff07227
augeas-libs-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: a9635509fbc2aa88dceda8781c228179
SHA-256: f05baf0ddc17758a22ded1387f481f0e7afbd5df3d08e98df820da368bb2628c
augeas-libs-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 26caacbd06cfdc48f16cbdface308ae8
SHA-256: 5f85157528b2c083836d13bdaa864f27fbddee510c90e84a3f336d7d5feb856d
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
augeas-1.0.0-5.el6.src.rpm
File outdated by:  RHSA-2014:0044
    MD5: d7e283f892457e00f1ed23c8701db217
SHA-256: 869e83279a1cee57b3404fe8444f7520ba25fb4c9fb066902259f1aa68e3d46b
 
IA-32:
augeas-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 5f100693441d27d4df3f2dcabbcf066c
SHA-256: b4edbcbf54fd7fbd1c9ec2e13e9cc5adc61215e246c35529258a59783dcc7593
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-devel-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-libs-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: a9635509fbc2aa88dceda8781c228179
SHA-256: f05baf0ddc17758a22ded1387f481f0e7afbd5df3d08e98df820da368bb2628c
 
PPC:
augeas-1.0.0-5.el6.ppc64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 36315f1f3799c3530d7fddbcbb31da08
SHA-256: 40fd920e26a79c1b65a03fa48de85c6390aba66824a814580827edfc384352ca
augeas-debuginfo-1.0.0-5.el6.ppc.rpm
File outdated by:  RHBA-2015:0162
    MD5: 12afeb8454847d4cd87099ac7fafc280
SHA-256: 64970bccec0f227b8874ebb5d53af7fc364e99beaaef29db21fc445e250cc703
augeas-debuginfo-1.0.0-5.el6.ppc64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 2356983f525e257c3b35aed9c8eb2959
SHA-256: 67c951cd750e6118c13432d5f8e21d569e3bcd8286988883d140306672a7f479
augeas-devel-1.0.0-5.el6.ppc.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8a56e4965ca0acbf1967ae0ea9e90254
SHA-256: 1764403a19d36260290dcef59164b94cd7f0e87c045e4afc1d8af01486cdde4c
augeas-devel-1.0.0-5.el6.ppc64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 861878fcbb27822ed8e27e14f4a21233
SHA-256: 255fe1ef8f2d714e46bb98a00d6806ad8ebb792d52db31979092b3751c252bd1
augeas-libs-1.0.0-5.el6.ppc.rpm
File outdated by:  RHBA-2015:0162
    MD5: fda4fc963bee67c481ea3840bb8f96f2
SHA-256: 0d53f637b6ff09dfca45333dc51b69a0d9b28be04e8d0f39b8e41bffbe8e4ebd
augeas-libs-1.0.0-5.el6.ppc64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 1faa0ae2227de3fbd589362112df14c2
SHA-256: 498b2376a0ea3c8a3aa70cd93e51bde6597d4f10e68f41d38f9ef31548908bd6
 
s390x:
augeas-1.0.0-5.el6.s390x.rpm
File outdated by:  RHBA-2015:0162
    MD5: f27f21f43def7838113ed03b86c60d32
SHA-256: 569c31c3fe14be50627d7765dcab8b07334bb1aebafc4a652eccabc6f89658ad
augeas-debuginfo-1.0.0-5.el6.s390.rpm
File outdated by:  RHBA-2015:0162
    MD5: 213980e7ecac830daa490712ebb88174
SHA-256: 95a40dfd23f8fab22e78363590e5ad979ae2587ace0d72f1e8a57902027dc1cf
augeas-debuginfo-1.0.0-5.el6.s390x.rpm
File outdated by:  RHBA-2015:0162
    MD5: e9bd42dff37c271db9f40b8d7f300ad7
SHA-256: 48df73aac4eea1c599b1b2034b612c82bbe2a47ef49ad511dd116832b58a5ea6
augeas-devel-1.0.0-5.el6.s390.rpm
File outdated by:  RHBA-2015:0162
    MD5: 59b1abc24494c4598b790019e39ce3cb
SHA-256: 2bed20925bc38a2789a5d03ee361ff20d212a93b727381ce16c74cf4058bde2a
augeas-devel-1.0.0-5.el6.s390x.rpm
File outdated by:  RHBA-2015:0162
    MD5: 788d174000fdc58140c8db10d7f45e78
SHA-256: e32671d6f797b53093d592e67aa3dbea0f9b019a7e65638e34d86fe4e268239f
augeas-libs-1.0.0-5.el6.s390.rpm
File outdated by:  RHBA-2015:0162
    MD5: e08f5414713b558e6ee58fa1deff9f77
SHA-256: 0e2fb9feaf7d2f4f1346adebc1054ef481c20639088fbf7c656af9444a36a0bb
augeas-libs-1.0.0-5.el6.s390x.rpm
File outdated by:  RHBA-2015:0162
    MD5: c9882128616dd9db3f390e83b2b4f338
SHA-256: 3a3dccf84e82d138eea253e394f5b61ae504b59e5d6f82e62925067ec5a2c2f2
 
x86_64:
augeas-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: ae9731b076c58e9b50c5b18cce8e5fd0
SHA-256: fe7f4d9d51107f513cc991b4adb82cb28e3359c2fdcd98c621f8a7ff155915d1
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-debuginfo-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 161bbb08ed5482bab04ac5e911917419
SHA-256: d5e583d9e71c9434a8fffc2374ff01f2c7606b721ab65467305c6952a8926b66
augeas-devel-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-devel-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 5c5fcda2160f02aa3fb7bbe65a7def25
SHA-256: a8aefb25d9ab2e699265a63221516ab8484b2badfa5ac3d5ad7eb123dff07227
augeas-libs-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: a9635509fbc2aa88dceda8781c228179
SHA-256: f05baf0ddc17758a22ded1387f481f0e7afbd5df3d08e98df820da368bb2628c
augeas-libs-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 26caacbd06cfdc48f16cbdface308ae8
SHA-256: 5f85157528b2c083836d13bdaa864f27fbddee510c90e84a3f336d7d5feb856d
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
augeas-1.0.0-5.el6.src.rpm
File outdated by:  RHSA-2014:0044
    MD5: d7e283f892457e00f1ed23c8701db217
SHA-256: 869e83279a1cee57b3404fe8444f7520ba25fb4c9fb066902259f1aa68e3d46b
 
IA-32:
augeas-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 5f100693441d27d4df3f2dcabbcf066c
SHA-256: b4edbcbf54fd7fbd1c9ec2e13e9cc5adc61215e246c35529258a59783dcc7593
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-devel-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-libs-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: a9635509fbc2aa88dceda8781c228179
SHA-256: f05baf0ddc17758a22ded1387f481f0e7afbd5df3d08e98df820da368bb2628c
 
x86_64:
augeas-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: ae9731b076c58e9b50c5b18cce8e5fd0
SHA-256: fe7f4d9d51107f513cc991b4adb82cb28e3359c2fdcd98c621f8a7ff155915d1
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-debuginfo-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 161bbb08ed5482bab04ac5e911917419
SHA-256: d5e583d9e71c9434a8fffc2374ff01f2c7606b721ab65467305c6952a8926b66
augeas-devel-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-devel-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 5c5fcda2160f02aa3fb7bbe65a7def25
SHA-256: a8aefb25d9ab2e699265a63221516ab8484b2badfa5ac3d5ad7eb123dff07227
augeas-libs-1.0.0-5.el6.i686.rpm
File outdated by:  RHBA-2015:0162
    MD5: a9635509fbc2aa88dceda8781c228179
SHA-256: f05baf0ddc17758a22ded1387f481f0e7afbd5df3d08e98df820da368bb2628c
augeas-libs-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:0162
    MD5: 26caacbd06cfdc48f16cbdface308ae8
SHA-256: 5f85157528b2c083836d13bdaa864f27fbddee510c90e84a3f336d7d5feb856d
 
Red Hat Enterprise Virtualization 3

SRPMS:
augeas-1.0.0-5.el6.src.rpm
File outdated by:  RHSA-2014:0044
    MD5: d7e283f892457e00f1ed23c8701db217
SHA-256: 869e83279a1cee57b3404fe8444f7520ba25fb4c9fb066902259f1aa68e3d46b
 
x86_64:
augeas-1.0.0-5.el6.x86_64.rpm     MD5: ae9731b076c58e9b50c5b18cce8e5fd0
SHA-256: fe7f4d9d51107f513cc991b4adb82cb28e3359c2fdcd98c621f8a7ff155915d1
augeas-debuginfo-1.0.0-5.el6.i686.rpm
File outdated by:  RHSA-2014:0044
    MD5: 8bb1ca37eca61af6241e15742ed15ab1
SHA-256: 5f46d7190a333e0979166e9e4ee86b553be8f393a78894670f85eda8b4b25f02
augeas-debuginfo-1.0.0-5.el6.x86_64.rpm
File outdated by:  RHSA-2014:0044
    MD5: 161bbb08ed5482bab04ac5e911917419
SHA-256: d5e583d9e71c9434a8fffc2374ff01f2c7606b721ab65467305c6952a8926b66
augeas-devel-1.0.0-5.el6.i686.rpm     MD5: 0f5a28aab5c664fecc1449ea421c276a
SHA-256: da0ed154a6073dabc9623caf852d8bc750d12ae6d6515d0cad593c04feb24297
augeas-devel-1.0.0-5.el6.x86_64.rpm     MD5: 5c5fcda2160f02aa3fb7bbe65a7def25
SHA-256: a8aefb25d9ab2e699265a63221516ab8484b2badfa5ac3d5ad7eb123dff07227
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

772257 - CVE-2012-0786 augeas: susceptible to symlink attack
772261 - CVE-2012-0787 augeas: susceptible to mountpoint attack
826752 - virsh iface-list produces an error when "options ipv6 disable = 1" is in an /etc/modprobe.d file
855022 - Augeas can't setup "require_ssl_reuse" option in vsftpd.conf


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/