Issued:
2012-02-21
Updated:
2012-02-21

RHSA-2012:0152 - Security Advisory

Synopsis

Moderate: kexec-tools security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated kexec-tools package that resolves three security issues,
fixes several bugs and adds various enhancements is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The kexec-tools package contains the /sbin/kexec binary and utilities that
together form the user-space component of the kernel's kexec feature. The
/sbin/kexec binary facilitates a new kernel to boot using the kernel's
kexec feature either on a normal or a panic reboot. The kexec fastboot
mechanism allows booting a Linux kernel from the context of an already
running kernel.

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
dumping to SSH targets, causing the target kdump server's SSH host key not
to be checked. This could make it easier for a man-in-the-middle attacker
on the local network to impersonate the kdump SSH target server and
possibly gain access to sensitive information in the vmcore dumps.
(CVE-2011-3588)

The mkdumprd utility created initrd files with world-readable permissions.
A local user could possibly use this flaw to gain access to sensitive
information, such as the private SSH key used to authenticate to a remote
server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

The mkdumprd utility included unneeded sensitive files (such as all files
from the "/root/.ssh/" directory and the host's private SSH keys) in the
resulting initrd. This could lead to an information leak when initrd
files were previously created with world-readable permissions. Note: With
this update, only the SSH client configuration, known hosts files, and the
SSH key configured via the newly introduced sshkey option in
"/etc/kdump.conf" are included in the initrd. The default is the key
generated when running the "service kdump propagate" command,
"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

Red Hat would like to thank Kevan Carstensen for reporting these issues.

This updated kexec-tools package also includes numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All users of kexec-tools are advised to upgrade to this updated package,
which resolves these security issues, fixes these bugs and adds these
enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 662530 - ln: creating symbolic link `/tmp/initrd.ta4308/lib/libc.so.6' to `/lib/power6/libc.so.6': File exists
  • BZ - 678308 - kexec kernel crashes due to use of reserved memory range
  • BZ - 709622 - Non-portable "while" loop form used
  • BZ - 716439 - CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
  • BZ - 748319 - fsck: WARNING: couldn't open /etc/fstab: No such file or directory

Red Hat Enterprise Linux Server 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
ia64
kexec-tools-1.102pre-154.el5.ia64.rpm SHA-256: acf589bdb572cd80bb670936eba320ad7f7f357788618b7d45c4640a622cd3ea
kexec-tools-debuginfo-1.102pre-154.el5.ia64.rpm SHA-256: aa06acdb1008cab3aca28ccb2f39da8b0e2082a90cd67db817dfde08978bfdb3
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux Workstation 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux Desktop 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
s390x
kexec-tools-1.102pre-154.el5.s390x.rpm SHA-256: ebaa2a8423f585cae36e3f8d64a1dec1d5ba9f6a6ee33071cdc42e5b32eb3764
kexec-tools-debuginfo-1.102pre-154.el5.s390x.rpm SHA-256: f23709c1e494e17b57f2af0449671a13b61fbf1a87afc220ae635d94da5367c0

Red Hat Enterprise Linux for Power, big endian 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
ppc
kexec-tools-1.102pre-154.el5.ppc64.rpm SHA-256: 4f1af53f6d97f061cd6f9467fa23d757231d21f329d377ed11df88d3498621c8
kexec-tools-debuginfo-1.102pre-154.el5.ppc64.rpm SHA-256: 6da7d33f9021333acc0828b26b73168b750d660f7032bd980a7bcb7d9738d0c9

Red Hat Enterprise Linux Server from RHUI 5

SRPM
kexec-tools-1.102pre-154.el5.src.rpm SHA-256: 2fa41532f1337d43b19ac26c18478bac1c5f18153f0343ea2a63e269828da043
x86_64
kexec-tools-1.102pre-154.el5.x86_64.rpm SHA-256: be39a444d43e292309d76ba3149ac1afff7d915e3707c90d796de977977a723f
kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm SHA-256: b5802a23a6c01391609259c4dd4473e0b8294637984568c5493683780206ab42
i386
kexec-tools-1.102pre-154.el5.i386.rpm SHA-256: f66caafc2862a1b33deee09a74655a7e7e5e0aac26a0b036c0dc714c056ecf1c
kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm SHA-256: fd0e322cf5b41bf10a7c07690a344046add7e24e00b5e992000a3e7e491dd4fd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.