Red Hat Product Errata RHSA-2009:0411 - Security Advisory

Issued:: 2009-04-07
Updated:: 2009-04-07

RHSA-2009:0411 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: device-mapper-multipath security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated device-mapper-multipath packages that fix a security issue are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The device-mapper multipath packages provide tools to manage multipath
devices by issuing instructions to the device-mapper multipath kernel
module, and by managing the creation and removal of partitions for
device-mapper devices.

It was discovered that the multipathd daemon set incorrect permissions on
the socket used to communicate with command line clients. An unprivileged,
local user could use this flaw to send commands to multipathd, resulting in
access disruptions to storage devices accessible via multiple paths and,
possibly, file system corruption on these devices. (CVE-2009-0115)

Users of device-mapper-multipath are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. The
multipathd service must be restarted for the changes to take effect.

Important: the version of the multipathd daemon in Red Hat Enterprise Linux
5 has a known issue which may cause a machine to become unresponsive when
the multipathd service is stopped. This issue is tracked in the Bugzilla
bug #494582; a link is provided in the References section of this erratum.
Until this issue is resolved, we recommend restarting the multipathd
service by issuing the following commands in sequence:

# killall -KILL multipathd

# service multipathd restart

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
Red Hat Enterprise Linux Server - AUS 5.3 ia64
Red Hat Enterprise Linux Server - AUS 5.3 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386
Red Hat Enterprise Linux Server - AUS 5.3 x86_64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

BZ - 493330 - CVE-2009-0115 device-mapper-multipath: insecure permissions on multipathd.sock

CVEs

CVE-2009-0115

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm	SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
ia64
device-mapper-multipath-0.4.7-23.el5_3.2.ia64.rpm	SHA-256: 9e1b6bde9eb152985a7e923393f47563104ef19431d07666ea25a5da4b7a0958
kpartx-0.4.7-23.el5_3.2.ia64.rpm	SHA-256: 7e5f3f1244414bba30984ed5134f44b3644ac10c2f6a42e1b31be2fef26dd71f
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm	SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm	SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

Red Hat Enterprise Linux Server 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm	SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm	SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
ia64
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm	SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm	SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm	SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm	SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm	SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm	SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
ia64
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm	SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm	SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm	SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm	SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux Server - AUS 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm	SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm	SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm	SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

Red Hat Enterprise Linux Workstation 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm	SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
ia64
device-mapper-multipath-0.4.5-31.el4_7.1.ia64.rpm	SHA-256: f632242ce8e62008048f0e9515b81233b9443b5fb0ac926b9829064b39d8df19
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm	SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux Desktop 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm	SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm	SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm	SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

Red Hat Enterprise Linux Desktop 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
x86_64
device-mapper-multipath-0.4.5-31.el4_7.1.x86_64.rpm	SHA-256: 70a7f05b399446cc67a432d5f9c37578c748e35061b394c868f6f1e9f1fa6d3e
i386
device-mapper-multipath-0.4.5-31.el4_7.1.i386.rpm	SHA-256: a080e883760deed91a1f06a9039ba7ebd948768b0f7faf1a4848e624f706d5d5

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm	SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
s390x
device-mapper-multipath-0.4.7-23.el5_3.2.s390x.rpm	SHA-256: 1a8365caaa3f5156f115a833fdc3768a453cfa395309687434144c54ee0266a4
kpartx-0.4.7-23.el5_3.2.s390x.rpm	SHA-256: 66dffe029936faa180e93495ac35e78f7f8248b967527d8d19bfbaa1d2bba697

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
s390x
device-mapper-multipath-0.4.5-31.el4_7.1.s390x.rpm	SHA-256: 1729814d4936d74f1b6686f7e2a59c6b5f69c4c913b3bc8f845207f898f020ce
s390
device-mapper-multipath-0.4.5-31.el4_7.1.s390.rpm	SHA-256: d476a367c914b65c791e52d9dc5854626eed91ac16276eabbf05cffd5259e31b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
s390x
device-mapper-multipath-0.4.5-31.el4_7.1.s390x.rpm	SHA-256: 1729814d4936d74f1b6686f7e2a59c6b5f69c4c913b3bc8f845207f898f020ce
s390
device-mapper-multipath-0.4.5-31.el4_7.1.s390.rpm	SHA-256: d476a367c914b65c791e52d9dc5854626eed91ac16276eabbf05cffd5259e31b

Red Hat Enterprise Linux for Power, big endian 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm	SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
ppc
device-mapper-multipath-0.4.7-23.el5_3.2.ppc.rpm	SHA-256: 149ae1d6eeaf1643bd35e55e72115ec7054e679c91deabdd86332e8c42cf07db
kpartx-0.4.7-23.el5_3.2.ppc.rpm	SHA-256: e22f500b84b9ba04fe4aed87e4060843dc2253e2b4218792f70a4185c95e09e5

Red Hat Enterprise Linux for Power, big endian 4

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
ppc
device-mapper-multipath-0.4.5-31.el4_7.1.ppc.rpm	SHA-256: 7c993572e8065742540f11e3cf1fb2136c11096ce57a8f7724d9cff476b27a53

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
device-mapper-multipath-0.4.5-31.el4_7.1.src.rpm	SHA-256: d52125ab139161d848d51dc0c92071310686ec919ac6bb6a70a9ea3820c0e0a9
ppc
device-mapper-multipath-0.4.5-31.el4_7.1.ppc.rpm	SHA-256: 7c993572e8065742540f11e3cf1fb2136c11096ce57a8f7724d9cff476b27a53

Red Hat Enterprise Linux Server from RHUI 5

SRPM
device-mapper-multipath-0.4.7-23.el5_3.2.src.rpm	SHA-256: bdefcc258c4838bcb3ed64f40fbe598e5dc6f1171c952fbbb2453b1ee93b69bd
x86_64
device-mapper-multipath-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 5dae00c8177f33728fd854fb4a03249a4a738adccfa5e6862803a85740b4a27a
kpartx-0.4.7-23.el5_3.2.x86_64.rpm	SHA-256: 0ae50969392c82208c474388a8452df5e4e9432aaa5f749aa111885946964550
i386
device-mapper-multipath-0.4.7-23.el5_3.2.i386.rpm	SHA-256: bed6fad1b7e2469096b6ed2a2d9355aaa460dfc713d30ab7b5aa3b9aa43414ea
kpartx-0.4.7-23.el5_3.2.i386.rpm	SHA-256: 74cbf0fbc46220f7beed5bda71b9ee813819fae898b2653a42b688a8d4b73282

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation