Red Hat Product Errata RHSA-2009:0411 - Security Advisory
Issued:
2009-04-07
Updated:
2009-04-07

RHSA-2009:0411 - Security Advisory

Synopsis

Moderate: device-mapper-multipath security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated device-mapper-multipath packages that fix a security issue are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The device-mapper multipath packages provide tools to manage multipath
devices by issuing instructions to the device-mapper multipath kernel
module, and by managing the creation and removal of partitions for
device-mapper devices.

It was discovered that the multipathd daemon set incorrect permissions on
the socket used to communicate with command line clients. An unprivileged,
local user could use this flaw to send commands to multipathd, resulting in
access disruptions to storage devices accessible via multiple paths and,
possibly, file system corruption on these devices. (CVE-2009-0115)

Users of device-mapper-multipath are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. The
multipathd service must be restarted for the changes to take effect.

Important: the version of the multipathd daemon in Red Hat Enterprise Linux
5 has a known issue which may cause a machine to become unresponsive when
the multipathd service is stopped. This issue is tracked in the Bugzilla
bug #494582; a link is provided in the References section of this erratum.
Until this issue is resolved, we recommend restarting the multipathd
service by issuing the following commands in sequence:

# killall -KILL multipathd

# service multipathd restart

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 ia64
  • Red Hat Enterprise Linux Server - AUS 5.3 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 x86_64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

  • BZ - 493330 - CVE-2009-0115 device-mapper-multipath: insecure permissions on multipathd.sock

Red Hat Enterprise Linux Server 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
ia64
device-mapper-multipath-0.4.7-23.el5_3.2.ia64.rpm SHA-256: 9e1b6bde9eb152985a7e923393f47563104ef19431d07666ea25a5da4b7a0958
kpartx-0.4.7-23.el5_3.2.ia64.rpm SHA-256: 7e5f3f1244414bba30984ed5134f44b3644ac10c2f6a42e1b31be2fef26dd71f
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

Red Hat Enterprise Linux Server 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
ia64
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
ia64
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux Server - AUS 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

Red Hat Enterprise Linux Workstation 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
ia64
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux Desktop 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

Red Hat Enterprise Linux Desktop 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
s390x
device-mapper-multipath-0.4.7-23.el5_3.2.s390x.rpm SHA-256: 1a8365caaa3f5156f115a833fdc3768a453cfa395309687434144c54ee0266a4
kpartx-0.4.7-23.el5_3.2.s390x.rpm SHA-256: 66dffe029936faa180e93495ac35e78f7f8248b967527d8d19bfbaa1d2bba697

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
s390x
device-mapper-multipath-0.4.5-31.el4_7.1.s390x.rpm SHA-256: 1729814d4936d74f1b6686f7e2a59c6b5f69c4c913b3bc8f845207f898f020ce
s390
device-mapper-multipath-0.4.5-31.el4_7.1.s390.rpm SHA-256: d476a367c914b65c791e52d9dc5854626eed91ac16276eabbf05cffd5259e31b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
s390x
device-mapper-multipath-0.4.5-31.el4_7.1.s390x.rpm SHA-256: 1729814d4936d74f1b6686f7e2a59c6b5f69c4c913b3bc8f845207f898f020ce
s390
device-mapper-multipath-0.4.5-31.el4_7.1.s390.rpm SHA-256: d476a367c914b65c791e52d9dc5854626eed91ac16276eabbf05cffd5259e31b

Red Hat Enterprise Linux for Power, big endian 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
ppc
device-mapper-multipath-0.4.7-23.el5_3.2.ppc.rpm SHA-256: 149ae1d6eeaf1643bd35e55e72115ec7054e679c91deabdd86332e8c42cf07db
kpartx-0.4.7-23.el5_3.2.ppc.rpm SHA-256: e22f500b84b9ba04fe4aed87e4060843dc2253e2b4218792f70a4185c95e09e5

Red Hat Enterprise Linux for Power, big endian 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
ppc
device-mapper-multipath-0.4.5-31.el4_7.1.ppc.rpm SHA-256: 7c993572e8065742540f11e3cf1fb2136c11096ce57a8f7724d9cff476b27a53

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
ppc
device-mapper-multipath-0.4.5-31.el4_7.1.ppc.rpm SHA-256: 7c993572e8065742540f11e3cf1fb2136c11096ce57a8f7724d9cff476b27a53

Red Hat Enterprise Linux Server from RHUI 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.