RHBA-2012:0778 - Bug Fix Advisory

Topic

An updated setup package that fixes three bugs and adds various enhancements is
now available for Red Hat Enterprise Linux 6.

Description

The setup package contains a set of important system configuration and setup
files, such as passwd, group, and profile.

This update fixes the following bugs:

• Prior to this update, the /etc/filesystems configuration file did not contain

a line with the ext4 file system. This could lead to various problems; for
example, a process that used the file to determine supported file systems was
not able to recognize ext4 as a valid file system. This update adds the missing
line in the /etc/filesystems file. (BZ#771388)

• Prior to this update, the /etc/services configuration file contained an entry

with the Internet Assigned Numbers Authority (IANA) reservation of port 0 for
the spr-itunes service. However, the reservation of port 0 does not represent a
real port reservation (it is only acknowledgment of IANA that the service
exists). The spr-itunes entry has been commented out in the /etc/services file
and an extended comment has been added to clarify the issue. (BZ#710185)

• Prior to this update, the /etc/group configuration file contained unnecessary

supplementary groups - especially the root groups posed some potential security
risk. These groups were legacy remnants and are no longer required. To mitigate
the risk of making some future exploit more severe only because of the root's
supplementary groups, the groups have been removed from the defaults.(BZ#724007)

This update also adds the following enhancements:

• The wallaby package creates a user ID (UID) and a group ID (GID) pair, both

with the name "wallaby" and number 181. Prior to this update, the UID and GID
pairs were not reserved by the setup package. As a consequence, other packages
or system administrators could accidentally assign the values to other users and
groups. With this update, the setup package reserves these UID/GID names and
numbers, so that accidental UID/GID usage risk is reduced. (BZ#772746)

• The tog-pegasus-libs package creates a user ID (UID) and a group ID (GID)

pair, both with the name "cimsrvr" and number 134. Prior to this update, the UID
and GID pairs were not reserved by the setup package. As a consequence, other
packages or system administrators could accidentally assign the values to other
users and groups. With this update, the setup package reserves these UID/GID
names and numbers, so that accidental UID/GID usage risk is reduced. (BZ#760178)

• The sanlock package creates a user ID (UID) and a group ID (GID) pair, both

with the name "sanlock" and number 179. Prior to this update, the UID and GID
pairs were not reserved by the setup package. As a consequence, other packages
or system administrators could accidentally assign the values to other users and
groups. With this update, the setup package reserves these UID/GID names and
numbers, so that accidental UID/GID usage risk is reduced. (BZ#738294)

• The dhcp package creates a user ID (UID) and a group ID (GID) pair, both with

the name "dhcpd" and number 177. Prior to this update, the UID and GID pairs
were not reserved by the setup packages. As a consequence, other packages or
system administrators could accidentally assign the values to other users and
groups. With this update, the setup package reserves these UID/GID names and
numbers, so that accidental UID/GID usage risk is reduced. (BZ#738177)

• A new cloud engine feature requires new users and groups - namely aeolus,

katello, elasticsearch and mongodb with numbers 180, 182, 183 and 184. Prior to
this update, the UID and GID pairs were not reserved by the setup packages. To
prevent accidental UID/GID usage by other packages or system administrators, the
aforementioned UID/GID names and number are now reserved by the setup package.
(BZ#804203, BZ#804204, BZ#804205, BZ#806052)

All users of setup are advised to upgrade to this updated package, which fixes
these bugs and add these enhancements.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 710185 - /etc/services contains entry 0/tcp spr-itunes
• BZ - 724007 - Remove root's supplemental groups
• BZ - 738177 - Reserve UID/GID for dhcpd
• BZ - 738294 - sanlock daemon needs uid/gid assignment
• BZ - 760178 - Assigning UID/GID for "cimsrvr" user/group.
• BZ - 771388 - /etc/filesystems does not contain 'ext4'
• BZ - 772746 - wallaby user request
• BZ - 804203 - Allocate an 'aeolus' username and groupname of 180:180 for CloudForms
• BZ - 804204 - Allocate a 'katello' username and groupname
• BZ - 804205 - Allocate a 'elasticsearch' username and groupname

CVEs

(none)

References

(none)