RHBA-2013:1681 - Bug Fix Advisory

Topic

Updated cronie packages that fix several bugs and add two enhancements are now
available for Red Hat Enterprise Linux 6.

Description

Cronie contains the standard UNIX daemon crond that runs specified programs at
scheduled times and related tools. It is a fork of the original vixie-cron and
has security and configuration enhancements like the ability to use pam and
SELinux.

This update fixes the following bugs:

• Previously, the crond deamon did not drop data about user privileges before

calling the popen() system function. Consequently, warnings about changing
privileges were written to the /var/log/crond file when the function was invoked
by the non-root user. With this update, crond has been modified to drop user
privileges before calling popen(). As a result, warnings are no longer logged in
this scenario. (BZ#697485)

• With this update, file permissions of cron configuration files have been

changed to be readable only by the root user. (BZ#706979)

• Prior to this update, the definition of restart in the cron init file was

incorrect. Consequently, a failure was incorrectly reported when restarting the
crond daemon. The init file has been fixed and the redundant failure message is
no longer displayed after crond restart. (BZ#733697)

• Cron jobs of users with home directories mounted on a Lightweight Directory

Access Protocol (LDAP) server or Network File System (NFS) were often refused
because jobs were marked as orphaned (typically due to a temporary NSS lookup
failure, when NIS and LDAP servers were unreachable). With this update, a
database of orphans is created, and cron jobs are performed as expected.
(BZ#738232)

• With this update, obsolete comments have been removed from the

/etc/cron.hourly/0anacron configuration file. (BZ#743473)

• Due to a bug in cron's support for time zones, planned jobs were executed

multiple times. Effects of this bug were visible only during the spring change
of time. This bug has been fixed and jobs are now executed correctly during the
time change. (BZ#821046, BZ#995089)

• With this update, an incorrect example showing the anacron table setup has

been fixed in the anacrontab man page. (BZ#887859)

• Previously, the crond daemon did not check for existing locks for daemon.

Consequently, multiple instances of crond could run simultaneously. The locking
mechanism has been updated and running multiple instances of cron at once is no
longer possible. (BZ#919440)

• Prior to this update, the $LANG setting was not read by the crond daemon.

Consequently, cron jobs were not run with the system-wide $LANG setting. This
bug has been fixed and $LANG is now used by cron jobs as expected. (BZ#985888)

• Previously, the crond daemon used the putenv system call, which could have

caused crond to terminate unexpectedly with a segmentation fault. With this
update, putenv() has been replaced with the setenv() system call, thus
preventing the segmentation fault. (BZ#985893)

• Prior to this update, the PATH variable could be set by cron or in crontable,

but could not be changed by a PAM setting. With this update, PATH can be altered
by PAM setting. As a result, PATH can now be inherited from the environment if
the "-P" option is used. (BZ#990710)

• Previously, an incorrect error code was returned when non-root user tried to

restart the crond daemon. With this update, a correct code is returned in the
described case. (BZ#1006869)

In addition, this update adds the following enhancements:

• This update adds the RANDOM_DELAY variable that allows delaying job startups

by random amount of minutes with upper limit specified by the variable. The
random scaling factor is determined during the crond daemon startup so it
remains constant for the whole run time of the daemon. (BZ#829910)

• With this update, the CRON_CORRECT_MAIL_HEADER environment variable in the

/etc/crond/sysconfig configuration file has been updated. With this variable
enabled, cron now sends emails with headers in RFC compliant format. (BZ#922829)

Users of cronie are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 697485 - cronie doesn't drop privileges before popen
• BZ - 706979 - config file permissions are world readable
• BZ - 733697 - Service restart needlessly reports failure
• BZ - 743473 - Confusing comments in /etc/cron.hourly/0anacron
• BZ - 887859 - Incorrect example in anacrontab manpage
• BZ - 919440 - cronie: prevent new crond process when already running
• BZ - 985888 - cronie drops $LANG and never passes it on to jobs run
• BZ - 985893 - do not use putenv
• BZ - 1006869 - init script: service restart under the nonroot changed behaviour, it returns 1 instead of 4

CVEs

(none)

References

(none)