Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2012:0152 - Security Advisory
Issued:
2012-02-21
Updated:
2012-02-21

RHSA-2012:0152 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: kexec-tools security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated kexec-tools package that resolves three security issues,
fixes several bugs and adds various enhancements is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The kexec-tools package contains the /sbin/kexec binary and utilities that
together form the user-space component of the kernel's kexec feature. The
/sbin/kexec binary facilitates a new kernel to boot using the kernel's
kexec feature either on a normal or a panic reboot. The kexec fastboot
mechanism allows booting a Linux kernel from the context of an already
running kernel.

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
dumping to SSH targets, causing the target kdump server's SSH host key not
to be checked. This could make it easier for a man-in-the-middle attacker
on the local network to impersonate the kdump SSH target server and
possibly gain access to sensitive information in the vmcore dumps.
(CVE-2011-3588)

The mkdumprd utility created initrd files with world-readable permissions.
A local user could possibly use this flaw to gain access to sensitive
information, such as the private SSH key used to authenticate to a remote
server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

The mkdumprd utility included unneeded sensitive files (such as all files
from the "/root/.ssh/" directory and the host's private SSH keys) in the
resulting initrd. This could lead to an information leak when initrd
files were previously created with world-readable permissions. Note: With
this update, only the SSH client configuration, known hosts files, and the
SSH key configured via the newly introduced sshkey option in
"/etc/kdump.conf" are included in the initrd. The default is the key
generated when running the "service kdump propagate" command,
"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

Red Hat would like to thank Kevan Carstensen for reporting these issues.

This updated kexec-tools package also includes numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All users of kexec-tools are advised to upgrade to this updated package,
which resolves these security issues, fixes these bugs and adds these
enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 662530 - ln: creating symbolic link `/tmp/initrd.ta4308/lib/libc.so.6' to `/lib/power6/libc.so.6': File exists
  • BZ - 678308 - kexec kernel crashes due to use of reserved memory range
  • BZ - 709622 - Non-portable "while" loop form used
  • BZ - 716439 - CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
  • BZ - 748319 - fsck: WARNING: couldn't open /etc/fstab: No such file or directory

CVEs

  • CVE-2011-3590
  • CVE-2011-3589
  • CVE-2011-3588

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kexec-tools.html#RHSA-2012-0152
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
ia64
kexec-tools-1.102pre-154.el5.ia64.rpm SHA-256: acf589bdb572cd80bb670936eba320ad7f7f357788618b7d45c4640a622cd3ea
kexec-tools-debuginfo-1.102pre-154.el5.ia64.rpm SHA-256: aa06acdb1008cab3aca28ccb2f39da8b0e2082a90cd67db817dfde08978bfdb3
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux Workstation 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux Desktop 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
s390x
kexec-tools-1.102pre-154.el5.s390x.rpm SHA-256: ebaa2a8423f585cae36e3f8d64a1dec1d5ba9f6a6ee33071cdc42e5b32eb3764
kexec-tools-debuginfo-1.102pre-154.el5.s390x.rpm SHA-256: f23709c1e494e17b57f2af0449671a13b61fbf1a87afc220ae635d94da5367c0

Red Hat Enterprise Linux for Power, big endian 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
ppc
kexec-tools-1.102pre-154.el5.ppc64.rpm SHA-256: 4f1af53f6d97f061cd6f9467fa23d757231d21f329d377ed11df88d3498621c8
kexec-tools-debuginfo-1.102pre-154.el5.ppc64.rpm SHA-256: 6da7d33f9021333acc0828b26b73168b750d660f7032bd980a7bcb7d9738d0c9

Red Hat Enterprise Linux Server from RHUI 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter