Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
Luci is a web-based high availability administration application.
- A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user.
- A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.
These issues were discovered by Jan Pokorný of Red Hat.
- Previously, luci did not reflect concurrent additions to fence devices coverage as happened in the fence-agents package. Consequently, Dell iDRAC (idrac), HP iLO2 (ilo2), HP iLO3 (ilo3), HP iLO4 (ilo4), and IBM Integrated Management Module (imm) devices or agents were not honored in luci, leading to the inability to properly work with or to setup a cluster comprising of these devices. This update restores the capability of luci to work with a full intended set of fence devices.
- Previously, luci did not run in FIPS mode because it utilized components that were not compliant with FIPS. Both components, the python-breaker library and the python-weberror error handler have been modified to comply with FIPS so that luci now works in FIPS mode as expected.
- Due to a bug in the luci code, a data race condition could occur while adding multiple nodes into a cluster with a single request. As a consequence, nodes could have been provided configurations with varying version numbers, leaving the cluster in an unexpected state. The respective luci code has been fixed so this data race cannot be triggered anymore. Multiple nodes can now be added to a cluster at once without a risk of negative consequences.
- Previous implementation of dynamic pop-up messages had a high probability of messages leaving the screen unnoticed under certain circumstances. Therefore, the respective luci code has been modified to adjust dynamic pop-ups to appear as static messages, which significantly decreases a chance that the message might be unnoticed.
- Previously, luci did not reflect concurrent additions to parameters for some fence devices (including "cmd_prompt", "login_timeout", "power_timeout", "retry_on", "shell_timeout") or respective instances ("delay") as happened in the fence-agents package. Consequently, the valid parameters could be dropped from the respective part of the configuration upon submitting the dedicated forms in luci. This update restores the capability of luci to work with a full intended set of fence agents parameters and, in turn, prevents luci from unexpectedly discarding the already configured parameters.
- Due to a bug in the cluster.conf(5) man page, luci expected the default value for the syslog_facility option in the cluster logging configuration to be "daemon" instead of the actual default value "local4". Consequently, all logging configuration items without "syslog_facility" explicitly set were thus marked as having "Syslog Message Facility" of "daemon" in luci. This could result in no cluster messages being logged into the custom log file for the rules containing "daemon.*". With this update, luci correctly recognizes "local4" as the default syslog message facility and logging configuration items in luci are marked accordingly by default. The user is now able to effectively set the syslog facility of the logging configuration item to be "daemon". In such a case, cluster messages are logged into log files containing the "daemon.*" rules as expected.
- The luci application did not automatically enable the ricci and modclusterd services upon creating a new cluster or adding a node to the existing cluster. Therefore, an administrator's intervention was necessary because these services are essential for managing the cluster during its life-cycle. Without these services, luci sustained the contact with cluster nodes, preventing the cluster from rebooting. With this update, luci has been modified to enable the ricci and modclusterd services on every cluster's node when creating a new cluster or adding a node to the existing cluster. The administrator's intervention is no longer needed in the aforementioned scenario.
- Previously, if no cluster node could have been contacted on certain luci pages, luci displayed the Error 500 message on that page and logged an error message with a traceback into its log. As an appropriate response to this situation, this update modifies luci to display one of the following messages:
Unable to contact any of the nodes in this cluster.
No nodes from this cluster could be contacted. The status of this cluster is unknown
- Due to a bug in luci validation code, a confusing validation error message was displayed if a non-existing failover domain in the "Failover Domains" tab was specified. This bug has been fixed and luci now processes these validation errors correctly, displaying appropriate error messages as expected.
- The "User preferences" page was accessible without authentication, which allowed an anonymous user disabling or enabling "expert" mode. Although this behavior had no direct security impact, consistency in assigned authorization is considered to be best practice. This update modifies luci to strictly require users to be authenticated before accessing this "Preferences" page.
- The "Remove this instance" button in the "Edit Fence Instance" form had no function and could have misled cluster administrators. This button has been removed so the aforementioned form now shows only the relevant content.
- The luci application incorrectly considered the "module_name" parameter of the Dell DRAC 5 fence device as mandatory. Therefore, such a fence device could not have been created without specifying its module name. The validation code has been fixed so luci now treats this parameter as optional, and Dell DRAC 5 fence devices can now be successfully created without module names.
- A confirmation pop-up dialog has been added that prevents luci from removing selected clusters accidentally.
- The luci application now reflects the concurrent extension to the oracledb, orainstance, and oralistener resource agents regarding Oracle Database 11g support. This also includes the ability to configure the newly supported TNS_ADMIN variable to allow for wider customization.
All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, the
luci service will be restarted automatically.