Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2012:0152 - Security Advisory
Issued:
2012-02-21
Updated:
2012-02-21

RHSA-2012:0152 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: kexec-tools security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated kexec-tools package that resolves three security issues,
fixes several bugs and adds various enhancements is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The kexec-tools package contains the /sbin/kexec binary and utilities that
together form the user-space component of the kernel's kexec feature. The
/sbin/kexec binary facilitates a new kernel to boot using the kernel's
kexec feature either on a normal or a panic reboot. The kexec fastboot
mechanism allows booting a Linux kernel from the context of an already
running kernel.

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
dumping to SSH targets, causing the target kdump server's SSH host key not
to be checked. This could make it easier for a man-in-the-middle attacker
on the local network to impersonate the kdump SSH target server and
possibly gain access to sensitive information in the vmcore dumps.
(CVE-2011-3588)

The mkdumprd utility created initrd files with world-readable permissions.
A local user could possibly use this flaw to gain access to sensitive
information, such as the private SSH key used to authenticate to a remote
server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

The mkdumprd utility included unneeded sensitive files (such as all files
from the "/root/.ssh/" directory and the host's private SSH keys) in the
resulting initrd. This could lead to an information leak when initrd
files were previously created with world-readable permissions. Note: With
this update, only the SSH client configuration, known hosts files, and the
SSH key configured via the newly introduced sshkey option in
"/etc/kdump.conf" are included in the initrd. The default is the key
generated when running the "service kdump propagate" command,
"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

Red Hat would like to thank Kevan Carstensen for reporting these issues.

This updated kexec-tools package also includes numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All users of kexec-tools are advised to upgrade to this updated package,
which resolves these security issues, fixes these bugs and adds these
enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 662530 - ln: creating symbolic link `/tmp/initrd.ta4308/lib/libc.so.6' to `/lib/power6/libc.so.6': File exists
  • BZ - 678308 - kexec kernel crashes due to use of reserved memory range
  • BZ - 709622 - Non-portable "while" loop form used
  • BZ - 716439 - CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
  • BZ - 748319 - fsck: WARNING: couldn't open /etc/fstab: No such file or directory

CVEs

  • CVE-2011-3590
  • CVE-2011-3589
  • CVE-2011-3588

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kexec-tools.html#RHSA-2012-0152
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
ia64
kexec-tools-1.102pre-154.el5.ia64.rpm SHA-256: acf589bdb572cd80bb670936eba320ad7f7f357788618b7d45c4640a622cd3ea
kexec-tools-debuginfo-1.102pre-154.el5.ia64.rpm SHA-256: aa06acdb1008cab3aca28ccb2f39da8b0e2082a90cd67db817dfde08978bfdb3
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux Workstation 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux Desktop 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
s390x
kexec-tools-1.102pre-154.el5.s390x.rpm SHA-256: ebaa2a8423f585cae36e3f8d64a1dec1d5ba9f6a6ee33071cdc42e5b32eb3764
kexec-tools-debuginfo-1.102pre-154.el5.s390x.rpm SHA-256: f23709c1e494e17b57f2af0449671a13b61fbf1a87afc220ae635d94da5367c0

Red Hat Enterprise Linux for Power, big endian 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
ppc
kexec-tools-1.102pre-154.el5.ppc64.rpm SHA-256: 4f1af53f6d97f061cd6f9467fa23d757231d21f329d377ed11df88d3498621c8
kexec-tools-debuginfo-1.102pre-154.el5.ppc64.rpm SHA-256: 6da7d33f9021333acc0828b26b73168b750d660f7032bd980a7bcb7d9738d0c9

Red Hat Enterprise Linux Server from RHUI 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility