5.7 Technical Notes

Red Hat Enterprise Linux 5

Detailed notes on the changes implemented in Red Hat Enterprise Linux 5.7

Edition 7

Logo

Red Hat Inc.

Abstract

The Red Hat Enterprise Linux 5.7 Technical Notes list and document the changes made to the Red Hat Enterprise Linux 5 operating system and its accompanying applications between minor release Red Hat Enterprise Linux 5.6 and minor release Red Hat Enterprise Linux 5.7.

Preface

The Red Hat Enterprise Linux 5.7 Technical Notes list and document the changes made to the Red Hat Enterprise Linux 5 operating system and its accompanying applications between minor release Red Hat Enterprise Linux 5.6 and minor release Red Hat Enterprise Linux 5.7.
For system administrators and others planning Red Hat Enterprise Linux 5.7 upgrades and deployments, the Technical Notes provide a single, organized record of the bugs fixed in, features added to, and Technology Previews included with this new release of Red Hat Enterprise Linux.
For auditors and compliance officers, the Red Hat Enterprise Linux 5.7 Technical Notes provide a single, organized source for change tracking and compliance testing.
For every user, the Red Hat Enterprise Linux 5.7 Technical Notes provide details of what has changed in this new release.
The Technical Notes also include, as an Appendix, the Red Hat Enterprise Linux Package Manifest: a listing of every changed package in this release.

Chapter 1. Package Updates

1.1. acroread

1.1.1. RHSA-2011:0301: Critical acroread security update

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Adobe Reader allows users to view and print documents in Portable Document Format (PDF).
This update fixes multiple vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB11-03, listed in the References section.
A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0585, CVE-2011-0586, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0606)
Multiple security flaws were found in Adobe reader. A specially-crafted PDF file could cause cross-site scripting (XSS) attacks against the user running Adobe Reader when opened. (CVE-2011-0587, CVE-2011-0604)
All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.2, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

1.2. anaconda

1.2.1. RHBA-2011:0984: anaconda bug fix and enhancement update

Updated anaconda packages that fix multiple bugs and add multiple enhancements are now available for Red Hat Enterprise Linux 5.
The anaconda packages provide the installation program used by Red Hat Enterprise Linux to identify and configure the hardware, and to create the appropriate file systems for the system's architecture, as well as to to install the operating system software.
This update fixes the following bugs:
* Some packages could be lost when initiating a kickstart with selected virtualization software. Now, anaconda validates package repositories added via kickstart against the installation key if one is given. (BZ#452983)
* When installing all packages in a paravirtualized Xen guest, the wrong kernel was set as default. Now, anaconda sets kernel-xen as the default kernel for installations on Xen guests. (BZ#480031)
* When booting with a kernel boot command, anaconda could abort unexpectedly. Now, anaconda no longer aborts when booted with a kernel boot command-line that ends with a quote character. (BZ#500198)
* Drives to be moved up or down in the "Edit the Driver Order" dialog had to be re-selected each time they moved one position up or down. Now, anaconda no longer deselects selected items when moving them. (BZ#583837)
* When pressing the 'Back' button on the package confirmation screen, incorrect packages could be installed. Now, packages are installed as expected. (BZ#603177)
* The file systems ext3 and ext4 had incompatible mount options when created. Now, both ext3 and ext4 file systems have the same default mount options. (BZ#616184)
* anaconda incorrectly referred to installation DVDs as "CD". Now, this problem is resolved. (BZ#617262, BZ#641412)
* If a 0-byte storage device was present, anaconda aborted unexpectedly. Now, anaconda no longer aborts when a device of 0 bytes is present on the system. (BZ#636984)
* The iBFT code selected the wrong LAN interface for installation. Now, anaconda activates the correct network interface when there are multiple networks available and one of them has iBFT data. (BZ#643774)
* The hard drive installation method and layer2 VSWITCH caused non-functional networking on the IBM System z. Now, anaconda writes out the LAYER2 and PORTNO options into ifcfg files also on non-network install methods. (BZ#649301)
* It was not possible to go back to the Partition screen during VNC installation on the IBM System z. Now, anaconda allows the user to go back from the network screen to the partitioning screen. (BZ#654685)
* An unexpected SELinux context was set in the iptables configuration file. Now, anaconda sets the correct SELinux context. (BZ#658084)
* The kickstart files on USB drives were not found on the first attempt. Now, anaconda only asks to retry reading the kickstart file from a CD-ROM drive when necessary. Now, the drive probing handles situations better when the device shows up late. (BZ#658398)
* ETHTOOL_OPT in ifcfg-ethX was not quoted with the kickstart option --ethtool. Now, anaconda correctly quotes ETHTOOL_OPTS in ifcfg files. (BZ#674473)
* Now, anaconda enables IPv6 on the installed system unless this is explicitly disabled via kickstart. (BZ#677653)
This update also adds the following enhancements:
* It is now possible to disable ssh via Anaconda kickstart command such as "firewall --enabled --no-ssh". (BZ#485086)
* Busybox is now a part of the installation RAM Disk image to allow for easier debugging of installation issues. (BZ#500527)
* A new kernel boot command-line argument blacklist= is now recognized in Anaconda that lets the user blacklist troubling drivers. Such drivers are then not loaded by Anaconda. (BZ#569883)
* Now, the Anaconda installer contains and runs the Red Hat Subscription Manager and associated yum plugins. (BZ#670973)
All users are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.3. apr

1.3.1. RHSA-2011:0844: Low apr security update

Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.
The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928)
Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request.
This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw.
All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.

1.3.2. RHSA-2011:0507: Moderate apr security update

Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.
It was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419)
Red Hat would like to thank Maksymilian Arciemowicz for reporting this issue.
All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect.

1.4. authconfig

1.4.1. RHEA-2011:1003: authconfig enhancement update

Updated authconfig packages that add an enhancement are now available for Red Hat Enterprise Linux 5.
The authconfig packages contain a program with both a command line and a GUI interface for configuring a system to use shadow passwords, or to function as a client for certain network user-information and authentication schemes.
This update adds the following enhancement:
* This update adds the new '--enablesssd' and '--enablesssdauth' command line switches. These options allow administrators to configure the nsswitch.conf and system-auth configuration files so that the System Security Services Daemon (SSSD) is used for account database lookups and authentication. Note, that configuration of the SSSD itself is not handled by authconfig and must be done by other means. (BZ#629021)
All authconfig users are advised to upgrade to these updated authconfig packages, which add this enhancement.

1.5. autofs

1.5.1. RHBA-2011:1079: autofs bug fix and enhancement update

An updated autofs package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1079 – autofs bug fix and enhancement update.
The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts file systems when you use them, and unmounts them when they are not busy.

Bug Fixes:

BZ#519281
Prior to this update, the autofs utility did not reset the map entry status on a reload request. As a result, newly added map entries that had previously recorded a mount failure failed to work. With this update, autofs resets the map entry status on a reload request and map entries are mounted as expected.
BZ#54613
Prior to this update, reloading an existing map could consume an extensive amount of memory. This occurred because the automount daemon failed to free the memory which it preliminary allocated to the map before it had detected that the map already existed. With this update, the memory is freed and the memory leak no longer occurs on map reload.
BZ#549607
The autofs daemon failed to mount hidden Windows shares when using the auto.smb program map. This occurred because the program map did not translate the $ sign in the share names correctly. With this update, the code that matches the share names has been added and the hidden shares are mounted as expected.
BZ#551599
Prior to this update, the autofs utility could terminate with a segmentation fault when attempting certain mounts. This occurred due to a race condition between mount handling threads for mounts that had previously recorded a mount failure. This update adds a check that verifies that the automount cache map entry is valid and the error no longer occurs.
BZ#559796
The autofs utility failed to mount folders from Windows Server with the ampersand (&) in their name. With this update, such folders are mounted successfully.
BZ#560124
Prior to this update, the automount(8) man page referred to a non-existent man page. This was caused by a typographical error in the code. With this update, the man page reference has been corrected and the man page is displayed as expected.
BZ#561213
Due to a deadlock, autofs could stop responding when attempting to mount map entries that were nested within maps. With this update, the underlying code has been changed and, where possible, nested map entries mount correctly.
BZ#562703
Prior to this update, automount could terminate unexpectedly with a pthreads error. This occurred because attempts to acquire the master map lock occasionally failed as the lock was held by another thread. With this update, the underlying code has been adapted to wait for a short time before failing.
BZ#563956
Previously, the automount daemon did not support receiving paged results from an LDAP (Lightweight Directory Access Protocol) server. This update adds the code that handles paged results and such results are processed correctly.
BZ#570783
Prior to this update, if a key entry of an automount map began with an asterisk (*) sign, the daemon failed with a segmentation fault because the sign was not matched correctly. With this update, such asterisk signs are handled correctly.
BZ#576775
Prior to this update, a race condition could have caused the automount daemon to terminate unexpectedly. This happened because the parse_sun module pre-opened and cached the Network File System (NFS) mount module so that the mount module could be accessed by other modules quickly. With this update, the underlying code has been changed and the race condition on longer occurs.
BZ#589573
Prior to this update, the automount daemon stopped responding on startup when started with an already-mounted CIFS (Common Internet File System) share due to a deadlock. With this update, the underlying code has been changed and the deadlock no longer occurs.
BZ#593378
Prior to this update, automount failed to look up mounts from multiple included map sources. This occurred due to a problem with negative caching. With this update, the underlying code has been changed and automount performs the included map lookups correctly.
BZ#601935
When mounting new mounts, the automount daemon could have stopped responding. This occurred due to an execution order race during expire thread creation. This update refactors the code handling expire thread creation and the problem no longer occurs.
BZ#632006
The autofs utility failed to mount Lustre metadata target (MDT) failover mounts because it could not understand the mount point syntax. With this update, the mount point syntax is processed correctly and the failover is mounted as expected.
BZ#632471
Prior to this update, autofs failed occasionally to reload an updated map correctly when the map type was specified explicitly. This occurred because the map stale flag was cleared after the map entry lookup instead of being cleared at the update completion. With this update, the underlying code has been changed to clear the stale flag at the completion of the update and the maps are reread correctly.
BZ#667273
Previously, autofs could have terminated unexpectedly with a segmentation fault if it was heavily loaded with mount requests to service. This occurred due to an invalid pointer. With this update, the underlying code has been changed and autofs no longer crashes in such circumstances.
BZ#668354
Previously, when expanding the & character on map key substitution, autofs handled the white space characters in the key incorrectly. With this update, the underlying code has been changed and the expanding of such keys is handled correctly.
BZ#692524
Previously, autofs could have terminated unexpectedly with a segmentation fault when reloading maps. This occurred when the master map referenced null maps. This error has been fixed, and autofs no longer crashes when reloading such maps.

Enhancements:

BZ#579312
The automount daemon now supports LDAP simple authenticated binds.
BZ#538408
This update adds the --dumpmaps option to the automount command, which allows you to dump the maps from their source as seen by the automount daemon.
BZ#547510
Previously, if multiple mount locations were present, the selection of a mount depended on the weight value defined by the user and on the server response time. With this update, the user can use the option --use-weight-only to make the selection priority depend only on the weight value.
BZ#566481
The autofs utility did not allow the locality name attribute (l) for an LDAP DN (Distinguish Name) in master map entries. This update adds the code to allow the use of DNs with the locality attribute in their name.
BZ#607785
With this update, the autofs utility supports SASL (Simple Authentication and Security Layer) external authentication with certificates using maps stored on an LDAP server.
BZ#610266
This update adds simple Base64 encoding for LDAP and thus allows hashing of the password entries in the /etc/autofs_ldap_auth.conf configuration file.
BZ#629357
The autofs utility now provides IP addresses for map entries that use host names with multiple network addresses in its debugging output.
All users of autofs are advised to upgrade to this updated package, which resolves these issues and adds these enhancements.

1.5.2. RHBA-2011:0487: autofs bug fix update

An updated autofs package that fixes a bug is now available for Red Hat Enterprise Linux 5.
The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts file systems when you use them, and unmounts them when they are not busy.
This updated autofs package fixes the following bug:
* By default, Windows Active Directory servers restrict the number of results that can be retrieved by a single query. If a query returns more than the maximum number of results (1000 by default), the query fails. In such a case, the server returns the results in sets of a specific size (maximum result set size). The automount daemon crashed due to a segmentation fault when it attempted to read a map that contained more results than the maximum result set size. With this update, the automount daemon correctly reads results from larger maps and a segmentation fault no longer occurs. (BZ#691311)
All users of autofs are advised to upgrade to this updated package, which resolves this issue.

1.6. avahi

1.6.1. RHSA-2011:0436: Moderate avahi security update

Updated avahi packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers.
A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002)
All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, avahi-daemon will be restarted automatically.

1.7. bash

1.7.1. RHSA-2011:1073: Low bash security, bug fix, and enhancement update

An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Bash is the default shell for Red Hat Enterprise Linux.
It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)
This update fixes the following bugs:
* When using the source builtin at location ".", occasionally, bash opted to preserve internal consistency and abort scripts. This caused bash to abort scripts that assigned values to read-only variables. This is now fixed to ensure that such scripts are now executed as written and not aborted. (BZ#448508)
* When the tab key was pressed for auto-completion options for the typed text, the cursor moved to an unexpected position on a previous line if the prompt contained characters that cannot be viewed and a "\]". This is now fixed to retain the cursor at the expected position at the end of the target line after autocomplete options correctly display. (BZ#463880)
* Bash attempted to interpret the NOBITS .dynamic section of the ELF header. This resulted in a "^D: bad ELF interpreter: No such file or directory" message. This is fixed to ensure that the invalid "^D" does not appear in the error message. (BZ#484809)
* The $RANDOM variable in Bash carried over values from a previous execution for later jobs. This is fixed and the $RANDOM variable generates a new random number for each use. (BZ#492908)
* When Bash ran a shell script with an embedded null character, bash's source builtin parsed the script incorrectly. This is fixed and bash's source builtin correctly parses shell script null characters. (BZ#503701)
* The bash manual page for "trap" did not mention that signals ignored upon entry cannot be listed later. The manual page was updated for this update and now specifically notes that "Signals ignored upon entry to the shell cannot be trapped, reset or listed". (BZ#504904)
* Bash's readline incorrectly displayed additional text when resizing the terminal window when text spanned more than one line, which caused incorrect display output. This is now fixed to ensure that text in more than one line in a resized window displays as expected. (BZ#525474)
* Previously, bash incorrectly displayed "Broken pipe" messages for builtins like "echo" and "printf" when output did not succeed due to EPIPE. This is fixed to ensure that the unnecessary "Broken pipe" messages no longer display. (BZ#546529)
* Inserts with the repeat function were not possible after a deletion in vi-mode. This has been corrected and, with this update, the repeat function works as expected after a deletion. (BZ#575076)
* In some situations, bash incorrectly appended "/" to files instead of just directories during tab-completion, causing incorrect auto-completions. This is fixed and auto-complete appends "/" only to directories. (BZ#583919)
* Bash had a memory leak in the "read" builtin when the number of fields being read was not equal to the number of variables passed as arguments, causing a shell script crash. This is fixed to prevent a memory leak and shell script crash. (BZ#618393)
* /usr/share/doc/bash-3.2/loadables in the bash package contained source files which would not build due to missing C header files. With this update, the unusable (and unbuildable) source files were removed from the package. (BZ#663656)
This update also adds the following enhancement:
* The system-wide "/etc/bash.bash_logout" bash logout file is now enabled. This allows administrators to write system-wide logout actions for all users. (BZ#592979)
Users of bash are advised to upgrade to this updated package, which contains backported patches to resolve these issues and add this enhancement.

1.8. bind

1.8.1. RHSA-2011:0926: Important bind security update

Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially-crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464)
Users of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.

1.8.2. RHSA-2011:0845: Important bind security update

Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
An off-by-one flaw was found in the way BIND processed negative responses with large resource record sets (RRSets). An attacker able to send recursive queries to a BIND server that is configured as a caching resolver could use this flaw to cause named to exit with an assertion failure. (CVE-2011-1910)
All BIND users are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.

1.9. bind97

1.9.1. RHBA-2011:0510: bind97 fix and enhancement update

Updated bind97 packages that fix a bug and add an enhancement are now available for Red Hat Enterprise Linux 5.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. This package contains version 9.7 of the BIND suite.
These updated bind97 packages fix the following bug:
* BIND could have failed to return queries for subdomains under a newly-added DS (Delegation Signer) record. This occurred because the named daemon failed to validate the new DS record, which was inserted into a trusted DNSSEC (Domain Name System Security Extensions) validation tree. With this update, the daemon validates new DS records correctly. (BZ#695381)
In addition, these updated bind97 packages provide the following enhancement:
* Previously, bind97 did not contain the root zone DNSKEY. DNSKEY is now located in /etc/named.root.key. (BZ#695382)
Users are advised to upgrade to these updated bind97 packages, which resolve this issue and add this enhancement.

1.10. booty

1.10.1. RHBA-2011:0983: booty bug fix update

An updated booty package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The booty package provides a small python library which is used to create boot loader configuration files for the Anaconda and up2date utilities.
This updated package includes fixes for the following bugs:
* The Anaconda utility incorrectly installed GRUB (GRand Unified Bootloader) on md RAID devices. According to the Anaconda's old setting, GRUB was installed to look for a boot configuration on the hard disk it was running on. When RAID-1 (disk mirroring) was configured and the first hard drive failed, the system was unable to continue the boot process. This could have happened because the second hard drive became the new first hard drive but GRUB was still looking for the second hard drive to boot from. This problem has been fixed and GRUB is now installed correctly and refers to the right hard drive to boot from when one of mirrors is lost. (BZ#213578)
* When a multipath device (mpath) name ended with a digit (for example: rootpvp1), the Kickstart installation failed with a traceback report. This was caused by an error in the mpath device name parser. This issue has been fixed and a verification mechanism has been added to validate the mpath name. The booty package now recognizes more mpath names and the installation fails with an explanation if an invalid mpath name has been used. (BZ#572862)
* Prior this update, booty did not translate physical device names correctly for md software RAID on dm devices (device-mapper subsystem devices), which caused booty to crash during an installation. This issue has been fixed, physical device names are translated correctly and booty no longer crashes in this case. (BZ#667014)
All users of booty are advised to upgrade to this updated package, which resolves these issues.

1.11. bridge-utils

1.11.1. RHEA-2011:1061: bridge-utils enhancement update

An enhanced bridge-utils package is now available for Red Hat Enterprise Linux 5.
The bridge-utils package contains utilities for configuration of the Linux Ethernet bridge. The Linux Ethernet bridge can be used to connect multiple Ethernet devices together. This connection is fully transparent: hosts connected to one Ethernet device see hosts connected to the other Ethernet devices directly.
This updated bridge-utils package adds the following enhancement:
* Support for Internet Group Management Protocol (IGMP) snooping configuration has been added, which allows multicast packets to be forwarded to only relevant interfaces. (BZ#574466)
All users of bridge-utils are advised to upgrade to this updated package, which adds this enhancement.

1.12. busybox

1.12.1. RHBA-2011:0815: busybox bug fix update

Updated busybox packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
busybox is a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.
[Updated 2 June 2011] This update fixes a regression in the original fix in which the msh applet was incorrectly executing while loop with empty body. It never exited the loop even if the loop condition was false. With this update, this loop construct works correctly. (BZ#708942)
The original errata update also fixed the following three bugs:
* The grep applet was ignoring the "-i" command line option if the "-F" option was also used. Consequent to this, the "grep -iF" command incorrectly performed a case sensitive search instead of the case insensitive one. This update resolves the problem by ensuring that this combination of command line options works as expected. (BZ#608927)
* Previously, the msh applet had a severely limited depth of shell source operations (that is, the ". FILE" built-in commands). Under certain circumstances, this may have caused it to terminate unexpectedly with the "Shell input nested too deeply" error message. With this update, the maximum number of nested source operations is limited only by the number of available file descriptors and the amount of available memory. (BZ#556845)
* Prior to this update, the msh applet had a limited buffer for the storage of the results of a process substitution. Consequent to this, an attempt to execute certain constructs (for example, `cat FILE` with a file larger than 15KB) could cause it to exit with the "out of string space" error message. With this update, the buffer size is now limited only by the amount of available memory. (BZ#678701)
Users are advised to upgrade to these updated busybox packages, which fix these bugs.

1.13. certmonger

1.13.1. RHBA-2011:1002: certmonger bug fix and enhancement update

An updated certmonger package that fixes multiple bugs and adds several enhancements is now available for Red Hat Enterprise Linux 5.
The certmonger package contains a service which is primarily concerned with getting your system enrolled with a certificate authority (CA) and keeping it enrolled.
The certmonger package has been upgraded to upstream version 0.42, which provides a number of bug fixes and enhancements over the previous version. (BZ#688610)
Additionally, this update fixes the following bugs:
* Previously, when issuing a request for a certificate to an IPA server, if the IPA server returned an error, the ipa-submit helper process terminated unexpectedly while attempting to parse the error in order to report it. The bug has been fixed in this update, and the error is now recorded properly. (BZ#690892)
* Previously, if certmonger did not track any certificates, the output of the "ipa-getcert list" command was empty. This undesired behavior has been fixed so that after running the command, the number of the certificates tracked is now displayed as well as any certificate entries, if they exist. (BZ#681642)
* Previously, when the service attempted to save a certificate to a certificate database, if there was already a certificate in the database with the desired nickname assigned to it but which had a different value in its "subject name" field, the attempt to save the new certificate to the database failed. This bug has been fixed in this update so that any certificates that are already in the certificate database which have the desired nickname are now cleared out before attempting to store a new certificate, and storing the new certificate no longer fails. (BZ#695717)
* Previously, when a non-root user ran the "ipa-getcert" command, an unclear and ambiguous error message about insufficient user rights to run the command was displayed. This update improves the error message text so that it is now clear and straightforward. (BZ#681641)
* Previously, building the certmonger package failed due to a problem with self-tests. This problem has been resolved and does not occur anymore. (BZ#670322)
All users requiring certmonger should upgrade to this updated package, which fixes these bugs and adds several enhancements.

1.14. cman

1.14.1. RHBA-2011:1001: cman bug fix and enhancement update

Updated cman package that fixes bugs and adds enhancements is now available for Red Hat Enterprise Linux 5.
The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster.
This update applies fixes for the following bugs:
* It is now possible to make ccs_tool use different ports. (BZ#656427)
* The fence_cisco_ucs agent now supports sub organizations. (BZ#678902)
* "cman_tool nodes -F id,type,name,addr" no longer crashes when qdisk is enabled. (BZ#654894)
* cman_tool now displays node votes. (BZ#653508)
* Manual pages for fencing agents have been brought up to date. (BZ#488959, BZ#573990, BZ#663808, BZ#671089)
* fence_wti now works with larger (>16) port switches. (BZ#679160)
* A timing issue causing erratic qdiskd heuristic behavior has been fixed. (BZ#679274)
* A traceback in fence_rsa has been fixed. (BZ#678018)
In addition, this update adds the following enhancements:
* There is now a "diag" option to fence_ipmilan to support ipmi chassis power diag. (BZ#678061)
* The fence_rhevm agent has been updated to match the current REST API. (BZ#681670, BZ#681676)
* The fence_vmware agent has been rewritten to use the VMWare SOAP API. (BZ#634567)
* cman_tool no longer reports an incorrect node count. (BZ#649533)
* The man page documentation for the "expected" option to cman_tool has been improved. (BZ#688701)
* The --ssl option now works with fence_cisco_ucs. (BZ#693395)
* "fence_ipmilan -o monitor" now returns the correct status if the chassis is powered off. (BZ#693427)
All cman users are advised to upgrade to this updated package, which fixes these issues and add these enhancements.

1.14.2. RHBA-2011:0006: cman bug fix and enhancement update

Updated cman packages that fix a bug are now available.
The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster.
This update fixes the following bug:
* Previously, no manual pages were available for the new agents fence_cisco_ucs, fence_rhevm, and fence_ifmib. This update adds these manual pages. (BZ#664381)
All cman users are advised to upgrade to this update, which resolves this issue.

1.14.3. RHBA-2011:0470: cman bug fix update

An updated cman package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster.
This update fixes the following bug:
* Previous versions of the ccs_tool utility did not allow users to specify the port numbers to use when distributing the configuration. Consequent to this, changing the port numbers for Cluster Manager components rendered this utility unable to establish a connection with a cluster. With this update, the ccs_tool utility now allows users to specify the port numbers on the command line, so that the connection can be established as expected. (BZ#677814)
All users of cman are advised to upgrade to this updated package, which fixes this bug.

1.14.4. RHBA-2011:0900: cman bug fix update

An updated cman package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster.
This update fixes the following bug:
* Previously, quorum disk heuristic timers in a cluster functioned improperly. As a consequence, if the heartbeat network malfunctioned, the cluster nodes could end up fencing each other in a non-deterministic way. With this update, the problem with the timers has been addressed and the bug no longer occurs. (BZ#707053)
All users of cman are advised to upgrade to this updated package, which fixes this bug.

1.15. conga

1.15.1. RHSA-2011:0394: Important conga security update

Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The conga packages provide a web-based administration tool for remote cluster and storage management.
A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720)
Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ("service luci restart") for the update to take effect.

1.15.2. RHBA-2011:1039: conga bug fix and enhancement update

Updated conga packages that fix multiple bugs and introduce feature enhancements are now available for Red Hat Enterprise Linux 5.
The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules.
This update fixes the following bugs:
* Prior to this update, the luci_admin utility did not operate correctly if third-party packages of the Zope web application server were installed on the system. With this update, this issue has been fixed so that the luci_admin utility now works as expected. (BZ#643996)
* Prior to this update, the length of certain text fields in luci's resource agent forms was insufficient, causing the inability to see the whole text field content. The problem has been resolved in this update by increasing the length of the respective text fields. (BZ#640329)
* Prior to this update, managing a cluster that contained a large number of services or resources configured in the /etc/cluster/cluster.conf file resulted in a "RuntimeError: maximum recursion depth exceeded" error message if a user tried to display that particular cluster. This problem has been resolved so that cluster management works as expected, and no error message is displayed when viewing the cluster. (BZ#658621)
As well, this update adds the following enhancements:
* The commands issued with luci and run by ricci are now logged using the system log facility so that it is now easier to debug problems with Conga actions. (BZ#459190)
* Support for specifying a sub-organization for the fence_cisco_ucs I/O Fencing agent has been added in this update. (BZ#690936)
* Support for setting the "self_fence" attribute for Highly Available Logical Volume Management (HA LVM) resources has been added with this update. (BZ#679866)
* Support for configuring the new fence_vmware_soap Fencing agent has been added in this update. (BZ#705073)
All Conga users are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.16. coreutils

1.16.1. RHBA-2011:1074: coreutils bug fix and enhancement update

An updated coreutils package that fixes number of bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1074 — coreutils bug fix and enhancement update.
The coreutils package contains the core GNU utilities. It is the combination of the old GNU fileutils, sh-utils, and textutils packages.

Bug Fixes:

BZ#510809
When a directory contained a symbolic link to itself, the readlink command incorrectly gave the following error message:
Too many levels of symbolic links.
With this update, the readlink command is able to correctly resolve values of recursive symbolic links to directories and no error messages are given.
BZ#684249
When values of LC_TIME and LC_CTYPE variables differed, the sort utility sometimes terminated due to an assertion failure. This bug has been fixed and the sort utility no longer crashes in the described scenario.
BZ#559098
When a child process was terminated by a signal, the su utility returned the wrong exit code of 0, which means exit success. With this update, the su utility always returns the correct exit code in the described scenario.
BZ#668247
Previously, when the dd utility read data from a pipe and received a signal such as SIGPIPE, it stopped reading the current block and started with the new one immediately. This caused random output values when the dd utility was used to measure the size of an input file. With this update, the new iflag=fullblock option is available. When the option is used, the dd utility always continues to read incomplete blocks after receiving a signal.
BZ#664895
On certain file systems such as VxFS, the Veritas File System, the rmdir() system call returned the wrong error code for non-empty directories. This caused the rmdir utility to fail to ignore the error when the --ignore-fail-on-non-empty command line option was specified. This bug has been fixed and the rmdir utility now handles errors on non-empty directories on VxFS partitions properly.
BZ#515499
Previously, when the ls -1U command was called with two or more arguments and with at least one non-empty directory as an argument, directory entry names were printed before the name of their parent directories. This bug has been fixed and now the entries are printed in correct order.
BZ#525199
Previously, the cp, mv and install utilities were unable to preserve extended attributes on files with read-only permissions. This bug has been fixed and the extended attributes are now preserved correctly by those utilities.
BZ#537463
If the --ghost option was enabled for an automount point, the du command failed on an automounted directory if it was not mounted yet. This bug has been fixed and the du command now succeeds on an automounted directory on the first attempt.
BZ#520630
Due to a regression, running the df -l command with a specific device specified resulted in a Permission denied error message for regular users. This bug has been fixed and specifying a device now works for regular users.

Note

Note that running the df -l command to list all devices was not affected by this bug; it worked as expected previously and continues to do so subsequent to this update.
BZ#628953
Because of internal reordering of arguments, the runcon utility was not able to handle execution of commands with arguments without the option separator --. With this update, the runcon utility no longer reorders arguments and this bug no longer occurs.

Note

Note that syntax runcon RUNCONARGS COMMAND -- COMMANDARGS is incorrect; if the option separator is used, it must precede the COMMAND.
BZ#627285
Previously, the --backup option of the mv command did not work with directories and the cannot move [directory] to a subdirectory of itself error message was returned. This bug has been fixed and the --backup option now works with directories as expected.
BZ#524805
Previously, the runuser utility man page contained incorrect information about PAM API calls. With this update, the documentation has been amended.
BZ#586957
Previously, certain scripts parsing the LS_COLORS environment variable used insufficient escaping, resulting in slow shell start-up in directories with too many files. This bug has been fixed and the shell start-up time is now more independent of the current directory.
BZ#658839
When moving a directory into another non-empty directory, the mv utility returned a confusing cannot move [directory] to a subdirectory of itself error message. This bug has been fixed and the correct Directory not empty error message is now returned instead.
BZ#681598
Previously, due to a bug in the su utility, the suspend command did not work for root users in tcsh shell. With this update, when the suspend command is called in a root shell, the Suspended (signal) message is returned and the user is put back into their user shell.

Enhancements:

BZ#584802, BZ#610559, BZ#660186
This update improves the coreutils documentation in the following ways: descriptions of the runcon and chcon utilities have been added; the behavior of newly added groups is now described; and the description of the mkdir --mode command has been extended.
BZ#523923
Previously, deletion of a large number of files via the rm utility was taking too much time. With this update, the code has been optimized and the deletion is now faster.
BZ#513153
With this update, many unnecessary warning messages of attempts for preserving ACLs on file systems without the support for ACLs have been suppressed, unless the preservation of ACLs is explicitly requested.
BZ#582774
With this update, the -L (logical) and -P (physical) command line options are now supported. These options are used for resolving the path of current working directory.
All coreutils users are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.

1.16.2. RHBA-2011:0188: coreutils bug fix update

An updated coreutils package that fixes a bug is now available for Red Hat Enterprise Linux 5.
The coreutils package contains core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages.
This update fixes the following bug:
* The "su" utility, which switches the user, does not return exit code of the child process command, if the child process is terminated by a signal. Returned exit code 0 - which means exit success - could be confusing for scripts. With this updated package, correct exit code is returned, thus resolving the issue. (BZ#672863)
All users of coreutils should upgrade to this updated package, which resolves this issue.

1.16.3. RHEA-2011:0165: coreutils enhancement update

An updated coreutils package that adds an enhancement to dd command is now available.
The coreutils package contains core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages.
This update adds the following enhancement:
* When a dd command copies data and receives e.g. SIGPIPE signal, then it stops with the current block (leaving it as partial) and starts with the new one, which is called "short read". Sometimes it is useful that dd has to copy full blocks and not stop reading after received signals. To address this, dd now accepts iflag=fullblock, to make it accumulate full input blocks. With this new option, after a short read, dd repeatedly calls read, until it fills the incomplete block, reaches EOF, or encounters an error. (BZ#668465)
All coreutils users may upgrade to this updated package, which adds this enhancement.

1.17. cpuspeed

1.17.1. RHBA-2011:0502: cpuspeed bug fix update

An updated cpuspeed package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The cpuspeed daemon manages the CPU frequency scaling.
This update fixes the following bug:
* The /etc/sysconfig/cpuspeed configuration file allows a user to specify custom maximum (the "MAX_SPEED" option) and minimum (the "MIN_SPEED" option) clock speed limits. Prior to this update, when a user removed these custom settings from the configuration and restarted the service, the cpuspeed init script failed to reset these values to the hardware-specific limits. With this update, the init script has been adapted to ensure that when the minimum or maximum clock speed value is not specified, cpuspeed correctly uses the value reported by the CPU. (BZ#616524)
All users of cpuspeed are advised to upgrade to this updated package, which fixes this bug.

1.18. cryptsetup-luks

1.18.1. RHBA-2011:0987: cryptsetup-luks bug fix update

An updated cryptsetup-luks package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The cryptsetup-luks package provides a utility for setting up encrypted file systems using Device Mapper and the dm-crypt target.
This updated cryptsetup-luks package includes fixes for the following bugs:
* When executing the "cryptsetup luksOpen" command on an encrypted disk device formatted with an older version of cryptsetup, the following message appeared: "automatic header conversion from 0.99 to 0.991 triggered". Consequently, the device became unresponsive at every attempt to open it. The older version of cryptsetup converted the master key iteration count incorrectly, which has been fixed and the device hangs no longer. (BZ#583431)
* The cryptsetup utility became unresponsive when using the "cryptsetup isLuks" command on an ordinary file. This problem has been fixed: if running the command on an ordinary file, the cryptsetup utility informs users about the file not being a LUKS partition. (BZ#622712)
* Previously, the cryptsetup utility could have terminated unexpectedly when the key size was larger than 256 bits. The cryptsetup utility now properly supports keys longer than 256 bits, fixing the problem. (BZ#678011, BZ#684616)
* When removing a key from the key slot by running the "cryptsetup luksDelKey" command, only the key slot itself was cleared but the salt and iteration count remained in the key slot header. All additional information is now cleared as well. (BZ#697815)
All users of cryptsetup-luks are advised to upgrade to this updated package, which resolves these bugs.

1.19. cups

1.19.1. RHBA-2011:0185: cups bug fix update

Updated cups packages that fix a bug are now available for Red Hat Enterprise Linux 5.
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
This update fixes the following bug:
* Previously, when the cupsd daemon was running with SELinux features enabled, file descriptor count was increasing over time until resources ran out. With this update, resources are allocated only once. (BZ#670909)
Users of CUPS are advised to upgrade to these updated packages, which resolve this issue. After installing this update, the cupsd daemon will be restarted automatically.

1.20. curl

1.20.1. RHSA-2011:0918: Moderate curl security update

Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)
Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.

1.20.2. RHBA-2011:0179: curl bug fix update

An updated curl package that fixes a bug is now available for Red Hat Enterprise Linux 5.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. It is designed to work without user interaction or any kind of interactivity, and offers many useful capabilities such as proxy support, user authentication, FTP upload, HTTP post, and file transfer resume.
This update fixes the following bug:
* Previously, an attempt to send an LDAP request through an HTTP proxy tunnel ended up with cURL trying to connect to the LDAP server directly using a wrong port number. With this update, the underlying source code has been modified to address this issue, and cURL now works as expected. (BZ#670523)
All users of curl are advised to upgrade to this updated package, which resolves this issue.

1.21. cyrus-imapd

1.21.1. RHSA-2011:0859: Moderate cyrus-imapd security update

Updated cyrus-imapd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support.
It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. (CVE-2011-1926)
Users of cyrus-imapd are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, cyrus-imapd will be restarted automatically.

1.21.2. RHBA-2011:1075: cyrus-imapd bug fix update

Updated cyrus-imapd packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP and SIEVE support.
This update fixes the following bugs:
* Prior to this update, cyrus-imapd cleared its back end before deinitialization. As a result, when the "unselect" command was used in proxy mode, cyrus-imapd terminated unexpectedly. This bug has been fixed in this update so that cyrus-imapd now clears the back end after deinitialization, and the "unselect" command can be used properly in proxy mode as expected. (BZ#679253)
* Prior to this update, the "ignorequota" command did not work on 64-bit systems. As a result, despite using the "ignorequota" command, it was not possible to deliver a mail message to a user whose quota exceeded the quota limit. This bug has been fixed in this update so that the "ignorequota" command now works on 64-bit systems, as expected. (BZ#584088)
* Prior to this update, Python files included in the cyrus-imapd packages contained the "#!/usr/bin/env python" string. With this update, the string in the aforementioned files has been modified to "#!/usr/bin/python" so that another version of Python can now be installed as expected. (BZ#521338)
* Prior to this update, the cyrus-imapd packages required the lm_sensors-devel package at build time. The lm_sensors-devel package is not available on all platforms supported by Red Hat Enterprise Linux 5. As a result, a very complex spec file had to be distributed with the cyrus-imapd packages. With this update, this bug has been fixed in this update so that the cyrus-imapd packages now require only the net-snmp-devel package, which already solves the lm_sensors package requirement. (BZ#437999)
* Prior to this update, cyrus-imapd did not close all file descriptors that were used for quota. As a result, after moving several folders, cyrus-imapd could have used up available file descriptors and could have not been able to function properly. With this update, cyrus-impad now closes all quota descriptors when they are no longer required, as expected. (BZ#253854)
All users are advised to upgrade to these updated cyrus-imapd packages, which fix these bugs.

1.22. dapl

1.22.1. RHBA-2011:0371: dapl bug fix update

Updated dapl packages that fix a bug are now available for Red Hat Enterprise Linux 5.
The dapl package provides a user-space implementation of the DAT 2.0 API that allows applications to utilize high-performance network technologies such as InfiniBand and iWARP.
This update fixes the following bug:
* Due to an invalid error mapping, when dapl received a signal during the execution of the dapls_evd_dto_wait() function, it could fail to set the correct error type, which may have led to an incorrect operation. With this update, the relevant part of the source code has been modified to return the correct value, and dapl now works as expected. (BZ#660256)
All users of dapl are advised to upgrade to these updated packages, which resolve this issue.

1.23. dbus

1.23.1. RHSA-2011:0376: Moderate dbus security update

Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility.
A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with an excessive number of nested variants to the system-wide message bus, causing the message bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2010-4352)
All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted.

1.24. dejagnu

1.24.1. RHBA-2011:0399: dejagnu bug fix update

An updated dejagnu package that fixes one bug is now available for Red Hat Enterprise Linux 5.
DejaGnu is an Expect/Tcl based framework for testing other programs, and provides a single front end for all tests.
This update fixes the following bug:
* Prior to this update, the runtest utility did not reset variables before running a test, causing certain test cases to be incorrectly evaluated as "UNRESOLVED". This update ensures that the variables are properly reset before a test is run, and all test cases are now evaluated correctly. (BZ#460153)
All users of dejagnu are advised to upgrade to this updated package, which fixes this bug.

1.25. device-mapper

1.25.1. RHBA-2011:0981: device-mapper bug fix and enhancement update

Updated device-mapper packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
The device-mapper packages provide a library required by logical volume management utilities such as LVM2 and dmraid.
The device-mapper package has been upgraded to upstream version 1.02.63, which provides a number of bug fixes and enhancements over the previous version. (BZ#680958) Those enhancements include:
* Unlink failure in the remove_lockfile() function in dmeventd is now checked for.
* Inactive table query support is now supported when using the Red Hat Enterprise Linux 5.7 kernel. The "dmsetup table --inactive" command can be run to view the contents of the inactive table instead of the live one, which is the default.
* The dm_task_secure_data() function has been added to libdevmapper to wipe the ioctl buffers in the kernel.
* A new "-R" option has been added to restart dmeventd without loss of state.
These updated device-mapper packages provide fixes for the following bugs:
* Previously, booting encrypted devices which used Multi-Level Security (MLS) enforcing mode failed with this error message:
/dev/mapper/temporary-cryptsetup-977: lsetfilecon failed: Operation not permitted
The problem occurred when cryptsetup created a device node and relabeled it using the lsetfilecon() function instead of using the setfscreatecon() function. This has been fixed and devices which used MLS enforcing mode now boot successfully. (BZ#584884)
* When installing the kernel-2.6.18 packages, this error message was logged to the /root/install.log file: "matchpathcon failed: No such file or directory". The problem has been fixed and this error message is no longer logged to install.log with this update. (BZ#695374)
* This update fixes a conflict which occurred when lvm2 and the device mapper debuginfo packages were installed together. (BZ#701715)
Users are advised to upgrade to these updated device-mapper packages, which resolve these bugs and add these enhancements.

1.26. device-mapper-multipath

1.26.1. RHBA-2011:1032: device-mapper-multipath bug fix and enhancement update

Updated device-mapper-multipath packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
The device-mapper-multipath packages provide tools to manage multipath devices using the device-mapper multipath kernel module.
This update fixes the following bugs:
* Prior to this update, when viewing partition information from a file, kpartx used a loop device which was not released by kpartx afterwards. With this update, this erroneous behavior has been fixed so that kpartx now correctly releases a loop device as expected. (BZ#578109)
* After a thread of the multipathd service acquired its resource locks, the thread did not check if it had been canceled before accessing the resource. This caused multipathd to occasionally terminate unexpectedly with a segmentation fault on shutdown if the thread attempted to access the resource after the thread was canceled. With this update, the bug has been fixed so that the multipathd thread now checks if it is canceled before accessing its resource. (BZ#639429)
* When the multipathd service started, it created a separate namespace for itself, and unmounted all unnecessary disk-backed file systems. Since /ram file systems are not considered to be disk-backed, they should have not been unmounted by multipathd, however multipathd unmounted them. This update corrects this undesired behavior so that the /ram file systems are no longer unmounted. (BZ#663179)
* Prior to this update, the multipathd service did not check if a value was entered for an option in the /etc/multipath.conf configuration file before attempting to read the value. As a result, multipathd terminated unexpectedly when an option without any value was found in /etc/multipath.conf. With this update, the bug has been fixed so that multipathd no longer crashes. (BZ#675369)
* If the last path of a device was deleted while the multipathd service was trying to reload the device map, or if a ghost path failed, multipathd did not always switch into recovery mode. As a result, multipath devices were not able to recover I/O operations in setups that were supposed to temporarily queue I/O if all paths were unavailable. This update resolves both of these problems; multipath now correctly recovers I/O operations as configured. (BZ#677821)
* Prior to this update, there was a spelling mistake found in the "invalid keyword" error message. The spelling mistake has been fixed in this update. (BZ#676165)
As well, this update adds the following enhancements:
* This update introduces two new defaults options in the /etc/multipath.conf configuration file: "fast_io_fail_tmo" and "dev_loss_tmo". The "fast_io_fail_tmo" option controls how long the SCSI layer waits after a SCSI device fails before failing back the I/O. This option can be set to "off" or any number less than the "dev_loss_tmo" option. The "dev_loss_tmo" option controls how long the SCSI layer waits after a SCSI device fails before marking it as failed. The default values for these options are set by the SCSI device drivers. (BZ#672575)
* This update introduces a new defaults section parameter for the /etc/multipath.conf configuration file: the "file_timeout" parameter. This parameter controls how many seconds the multipathd service will wait for a necessary file to appear while setting up a multipath device. The default value is 90 seconds. (BZ#627911)
* This update introduces the default configuration for multiple new HP storage array products. (BZ#502813)
All users of device-mapper-multipath should upgrade to these updated packages, which fix these bugs and add these enhancements.

1.26.2. RHBA-2011:0322: device-mapper-multipath bug fix update

Updated device-mapper-multipath packages that fix a bug are now available for Red Hat Enterprise Linux 5 Extended Update Support.
The device-mapper-multipath packages provide tools to manage multipath devices by giving the dm-multipath kernel module instructions on what to do, as well as by managing the creation and removal of partitions for Device-Mapper devices.
This update fixes the following bug:
* The "dev_loss_tmo" and "fast_io_fail_tmo" sysfs parameters provide a way to customize timeout values in case of a multipath device failure. Prior to this update, the multipathd daemon was unable to set these values, which may have led to performance issues. To prevent this, this update adds support for the "dev_loss_tmo" and "fast_io_fail_tmo" configuration options, which allow users to override default values for the corresponding sysfs parameters. (BZ#678991)
All users of device-mapper-multipath are advised to upgrade to these updated packages, which resolve this issue.

1.26.3. RHBA-2011:0379: device-mapper-multipath bug fix update

Updated device-mapper-multipath packages that resolve an issue are now available for Red Hat Enterprise Linux 5.
The device-mapper-multipath packages provide tools to manage multipath devices by giving the "dm-multipath" kernel module instructions on what to do, as well as by managing the creation and removal of partitions for Device-Mapper devices.
These updated device-mapper-multipath packages fix the following bug:
* If a device's last path was deleted while the multipathd daemon was trying to reload the device map, or if a ghost path failed, multipathd did not always switch into the recovery mode. As a result, multipath devices could not recover I/O operations in setups that were supposed to temporarily queue I/O if all paths were down. This update resolves both of these issues; multipath now correctly recovers I/O operations as configured. (BZ#683447)
All users of device-mapper-multipath are advised to upgrade to these updated packages, which resolve this issue.

1.26.4. RHBA-2011:0864: device-mapper-multipath bug fix update

Updated device-mapper-multipath packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The device-mapper-multipath packages provide tools to manage multipath devices by giving the "dm-multipath" kernel module instructions on what to do, as well as by managing the creation and removal of partitions for Device-Mapper devices.
This update fixes the following bug:
* After acquiring their resource locks, multipathd's threads did not check if they were canceled before accessing their resources. This caused multipathd to close with a segmentation fault on shutdown, if a thread attempted to access a resource after it was canceled. Now all multipathd threads check if they are canceled before accessing their resources. (BZ#704470)
All users of device-mapper-multipath are advised to upgrade to these updated packages, which fix this bug.

1.27. dhcp

1.27.1. RHSA-2011:0428: Important dhcp security update

Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.
It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997)
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
All dhclient users should upgrade to these updated packages, which contain a backported patch to correct this issue.

1.27.2. RHBA-2011:1038: dhcp bug fix and enhancement update

Updated dhcp packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 5.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks.
This update fixes the following bugs:
* Previously, the dhcpd service sometimes started to give new leases to clients in the INIT state rather than to presently active clients. That led to premature exhaustion of available leases for new clients. With this update, the server's "by client-id" and "by hardware address" hash table lists are sorted according to the preference to re-allocate the lease to returning clients, and the pool starvation problem no longer occurs in the described scenario. (BZ#615995)
* Previously, moving the server from the "communication-interrupted" state to the "partner-down" state did not force the server to take over the partner's leases. Consequently, clients could not get an IP address from the pool of the previously terminated DHCP server. With this update, a failover server in "partner-down" state is able to re-allocate leases to clients. (BZ#610219)
* Previously, the dhclient utility wasn't requesting the interface-mtu option by default. This caused difficulties when the network configuration changed and the MTU (Maximum Transmission Unit) value needed to be changed on all hosts. With this update, the dhclient utility requests the interface-mtu option by default. (BZ#694264)
* Previously, the dhcpd init script lacked several variables and actions required by the Linux Standard Base (LSB). With this update, the init script has been amended and it is now LSB-compliant. (BZ#610128)
* Previously, when the dhcpd service was used in a failover configuration, the primary server sometimes wrote so many "lease imbalance" messages into its log files, that it resulted in a termination. With this update, these messages are not logged unless rebalance is attempted, and the bug no longed occurs. (BZ#661939)
* Previously, when the system had been rebooted while the network switch had been down, after the network connection was recovered, the network interface configuration was not configured with DHCP, even if the dhclient utility was running in persistent mode. With this update, the dhclient-script file has been amended to refresh the ARP (Address Resolution Protocol) table and the routing table instead of bringing the interface down, which fixes the bug. (BZ#685048)
* Previously, when multiple DHCP clients were launched at the same time to handle multiple virtual interfaces on the same network interface card (NIC), the clients used the same seed to choose when to renew their leases. Consequently, virtual interfaces for some clients could have been deconfigured over time. With this update, the dhclient utility uses the PID (Process Identifier) for seeding the random number generator, which fixes the bug. (BZ#623953)
* Previously, it was impossible to configure the dhcrelay service to run the dhcrelay daemon with additional arguments. With this update, a DHCRELAYARGS variable is available for the /etc/sysconfig/dhcrelay configuration file, which allows additional arguments to be passed to the dhcrelay daemon properly. (BZ#624965)
* There was a small error regarding the dhcp-lease-time option in the dhclient.conf(5) man page. With this update, the man page has been amended. (BZ#585855)
This update adds the following enhancement:
* The dhcp package now provides support for IPoIB (IP over InfiniBand) interfaces. (BZ#660679)
Users of dhcp are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

1.28. dmidecode

1.28.1. RHEA-2011:0988: dmidecode enhancement update

An updated dmidecode package that provides one enhancement is now available for Red Hat Enterprise Linux 5.
The dmidecode package provides utilities for extracting x86 and Intel Itanium hardware information from the system BIOS or EFI, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag.
The dmidecode package has been upgraded to version 2.11, which updates support for SMBIOS specification version 2.7. (BZ#661864)
Users of dmidecode are advised to upgrade to this updated package, which adds this enhancement.

1.29. dmraid

1.29.1. RHBA-2011:1020: dmraid bug fix update

Updated dmraid packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
The dmraid packages provide the ATARAID/DDF1 activation tool. The tool supports RAID device discovery and RAID set activation. It also displays properties for ATARAID/DDF1-formatted RAID sets on Linux kernels using the device-mapper utility.
This update fixes the following bugs:
* Prior to this update, the dmeventd-logwatch crontab file was not able to specify the user that the logwatch process should be executed by. Due to this problem, the dmraid logwatch created an incomplete crontab entry. As a workaround, users can now change the functional portion of this crontab to: "* * * * * root /usr/sbin/logwatch --service dmeventd --range today --detail med". (BZ#516892)
* Prior to this update, the operating system did not boot from the RAID volume after an interrupted rebuild operation. Due to this problem, a kernel panic happened during the rebuild process. With this update, the operating system is fully operational after the rebuild. (BZ#626417)
* Prior to this update, Intel ISW RAID was not correctly rebuilt when a fresh disk was replaced in the array set. Due to this behavior, data could become corrupted. With this update, the code is modified so that it inquires the ISW metadata for rebuilding the drive. (BZ#635995)
* Prior to this update, a code path incorrectly dereferenced already known NULL pointers. Due to this problem, dmraid ended with an application coredump. This update adds a check against NULL before the pointer dereference. Now, known NULL pointers are no longer dereferenced. (BZ#696528)
All dmraid users are advised to upgrade to these updated packages, which fix these bugs.

1.30. dogtail

1.30.1. RHBA-2011:0315: dogtail bug fix update

An updated dogtail package that fixes a bug is now available for Red Hat Enterprise Linux 5.
Dogtail is a test tool and automation framework for a graphical user interface (GUI) that uses accessibility technologies to communicate with desktop applications.
This update fixes the following bug:
* Due to a missing pygtk2-libglade runtime dependency, an attempt to run the sniff utility could fail with the following message written to standard error:
ImportError: No module named glade
This updated package corrects this dependency, so that the sniff utility no longer fails to run. (BZ#435714)
All users of dogtail are advised to upgrade to this updated package, which resolves this issue.

1.31. e2fsprogs

1.31.1. RHBA-2011:1080: e2fsprogs bug fix and enhancement update

An updated e2fsprogs packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1080 — e2fsprogs bug fix and enhancement update.
The e2fsprogs packages contain a number of utilities that create, check, modify, and correct inconsistencies in ext2, ext3, and ext4 file systems. This includes e2fsck (which repairs file system inconsistencies after an unclean shutdown), mke2fs (which initializes a partition to contain an empty file system), tune2fs (which modifies file system parameters), and most of the other core file system utilities.

Bug Fixes:

BZ#489842
When lsattr or chattr was pointed at a non-existent file, an error was returned in that the exit code was always zero. This was because ls reported an error if any occurred, and lsattr did the same, reporting the last error encountered. This patch fixes this error, and lsattr and chattr provide the correct error.
BZ#491385
After using resize2fs to perform an offline resize of a file system, running e2fsck gave an error, stating the wrong block count for the resize inode. This was because the resize inode was not being properly cleared. This patch checks to see if the file system has grown to the point where the resize_inode is no longer needed, then cleans it so e2fsck does not have to. The correct block count is now given for the resize inode.
BZ#506643
Previously, e2fsprogs libblkid probe_all() could mismatch devices when scanning whole disks without partitions where the name ended in a number. This caused a mount failure. With this patch these disks are also scanned, so the devices are mounted correctly.
BZ#553216
When a host was re-kickstarted, mpath mount with LABEL failed with the error “mount: /dev/sdk already mounted or /san/intf busy”. This was because the probe_one() function scanned /dev before /dev/mapper. This patch disables all calls from libdevmapper via #undef HAVE_DEVMAPPER, instead using the standard support for “normal” non-dm devices. This results in mpath can mount without errors.
BZ#562044
Running “e2fsck -y -f” on a corrupted file system printed errors when “e2fsck -y” previous reported the file system to be cleaned of errors. This occurred when a file had its i_file_acl block cloned as a duplicate. This duplicate was then cleared because the file system did not have the xattr feature, and the inode was subsequently removed due to an invalid mode. The second e2fsck pass found the cloned xattr block in use but not owned by any file, so had to fix up the block bitmaps. This patch fixes an existing brace misalignment and skips the processing of the duplicate xattr blocks on a non-xattr file system, as these will be cleaned at a later point, allowing the clean to occur properly.
BZ#579836
On 64-bit system, a sign extension bug in libcom_err caused incorrect error messages to be emitted. This was because an error code as an (int) was passed to error_message as an (unsigned int), especially when using libgssapi_krb5. This meant that error_message() failed to find a matching error table. To fix this, error_message() has been changed to follow the same method error_table_name() does when error_message() calls it. That is, it drops most of the higher bits of the parameter passed before continuing, so now correct error messages are emitted.
BZ#580671
A sparse journal (which indicates corruption) was not fixed by e2fsck, causing file system errors and a shut down after mount. This was because e2fsck marked the file system as clean so it would mount, but did not fix that block, so when the journal reached this point again it failed once more. This patch changes process_journal_block() to clear and recreate the journal inode if it is sparse, that is if it gets block 0, allowing e2fsck to correctly fix a sparse journal.
BZ#606757
Previously, chattr and lsattr would return “error code = 0” even when they have not done anything, which made error checking difficult in scripts. With this patch, if there are errors they will be reported with a non-zero exit code. It will give explicit errors when attempting to set files that are not files or directories (which are not currently supported under Linux). Also, the -f flag will suppress error messages from being printed even though the exit status will still be non-zero.
BZ#607843
When checking a particular volume, e2fsck exited with a signal 11 (segmentation fault). This was caused by floating point errors. This patch edits get_icount_el to prevent point precision errors on large file systems from causing the search interpolation algorithm from performing an infinite loop, allowing e2fsck to check the volume correctly.
BZ#618134
The fsck command returned a 0 status instead of an appropriate error code on an exec() failure, due to an error in the code. This patch fixes the error so that the appropriate error code is now returned.
BZ#637920
Previously, blkid cachine caused a tag search (blkid -l -t ...) to return empty results. This occurred mostly in debug code, where dev->bid_type is not-NULL before dereferencing the pointer. This has been edited and blkid cachine now returns proper results.
BZ#669676
Previously, e2fsprogs failed to build with newer gettext package. This was due to a problem in auto-fu. This patch fixes this allowing the packages to build correctly.
BZ#675694
If more than 128 devices were specified on the blkid command line, the devices[] array overflowed, resulting in a crash. This patch avoids the problem by dynamically allocating the devices[] array based on the number of arguments, resulting in more than 128 devices being able to be specified on the blkid command line.
BZ#696930
Running blkid on s390x caused a crash with a signal 11 (segmentation fault) error. This was due to an error in the code regarding floating points. This patch frees a pointer that was not initialized to null, allowing blkid to run correctly on s390x.
BZ#678304
It was possible for the UUIDD to generate duplicate UIDs under certain circumstances. This occurred when the socket backlog in the UUIDD daemon was full, therefore the connection was refused and uuid_generate_time() fell back to unsafe ways of generating a UUID, resulting in the duplicates. Also, fcntle(2) did not work for the synchronization of threads belonging to the same process, contributing to the problem. This patch introduces a safe variant of uuid_generate_time() and fixes the locking of the clock state counter file which prevents UUIDD from generating duplicate UIDs.
BZ#681071
Running e2fsck on a corrupted file system gave a “should never happen” error. This occurred when a directory with an htree index had an incorrect and too-large i_size field. This patch prevents e2fsck from crashing and prompts the user to remove the htree index so that it can be rebuilt after pass 3, allowing file systems with this error to be fixed.

Enhancements:

BZ#563909
When running blkid, stale mounts can occasionally be seen within the cache. While running blkid -c /dev/null gets around this, it can become a runtime issue when blkid is run against a machine with several hundred disks. As such this patch adds a garbage collection routine feature. This performs a garbage collection pass on the /etc/blkid.tab file by adding the -g option to the blkid program. The man page has also been updated with more information about what the -g garbage collection option does.
BZ#587778
The mkfs reserved blocks were originally set to 5% by default, with a 1% step size. This was considered excessive for large file systems. With this patch, the reserved blocks amount now accepts a floating point for better accuracy when setting the percent. Also, mke2fs and tune2fs now accept a floating point number from the user to improve the level of accuracy offered.
All users are advised to upgrade to these updated packages, which resolve these issues and include these features.

1.32. emacs

1.32.1. RHBA-2011:0468: emacs bug fix update

Updated emacs packages that fix various bugs are now available for Red Hat Enterprise Linux 5.
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read email and news.
This update fixes the following bugs:
* Previously, the emacs and emacs-nox packages did not provide any convenient way for other packages to specify a dependency that can be satisfied by either of the emacs variants. This update changes the emacs and emacs-nox packages and provides the common symbol "emacs(bin)". (BZ#466580)
* Previously, the emacs-nox program was compiled with variable argument function calls, which caused the program to terminate because it violated stack protection boundaries. This occurred, for example, when the user tried to kill a buffer with modifications. This update changes the emacs-nox package to call the variable argument functions without triggering the stack protection. This update also enables the stack protection for the emacs package. (BZ#499035)
All users of emacs are advised to upgrade to these updated packages, which fix these bugs.

1.33. etherboot

1.33.1. RHBA-2011:0982: etherboot bug fix update

Updated etherboot packages that fix two bugs are now available for Red Hat Enterprise Linux 5.
Etherboot is an open source network bootloader. It provides a direct replacement for proprietary Preboot eXecution Environment (PXE) ROMs. It also has many extra features, such as DNS, HTTP and iSCSI.
This update fixes the following bugs:
* Prior to this update, the debuginfo in etherboot was empty. This update drops the debuginfo package. Now, etherboot contains no more redundant subpackages. (BZ#500578)
* Prior to this update, etherboot could loop forever if a valid PXE offer was not received. Due to this problem, the Virtual Machine (VM) could become unresponsive indefinitely. With this update, etherboot transfers in such cases the control back to the basic input/output system (BIOS) of the VM. Now, the VM can boot from the configured boot method. (BZ#655266)
All etherboot users are advised to upgrade to these updated packages, which fix these bugs.

1.34. exim

1.34.1. RHSA-2011:0153: Moderate exim security update

Updated exim packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on UNIX systems connected to the Internet.
A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as the root user. (CVE-2010-4345)
This update adds a new configuration file, "/etc/exim/trusted-configs". To prevent Exim from running arbitrary commands as root, Exim will now drop privileges when run with a configuration file not listed as trusted. This could break backwards compatibility with some Exim configurations, as the trusted-configs file only trusts "/etc/exim/exim.conf" and "/etc/exim/exim4.conf" by default. If you are using a configuration file not listed in the new trusted-configs file, you will need to add it manually.
Additionally, Exim will no longer allow a user to execute exim as root with the -D command line option to override macro definitions. All macro definitions that require root permissions must now reside in a trusted configuration file.
Users of Exim are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the exim daemon will be restarted automatically.

1.34.2. RHBA-2011:0443: exim bug fix update

Updated exim packages that fix two bugs are now available for Red Hat Enterprise Linux 5.
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on UNIX systems connected to the Internet. It provides a flexible solution with extensive facilities for checking incoming mail, and can be installed in place of Sendmail.
This update fixes the following bugs:
* Due to an error in the spec file, dynamic loading of the local_scan() function was not enabled. This update resolves this issue, and dynamic loading of local_scan() is now supported as expected. (BZ#567309)
* Prior to this update, some of the Exim tools were installed without a corresponding manual page. This error has been fixed, and all binaries are now installed with a manual page. (BZ#612466)
All users of exim should upgrade to these updated packages, which resolve these issues.

1.35. finger

1.35.1. RHBA-2011:0467: finger bug fix update

Updated finger packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The finger utility allows users to display information about the system users, including their login names, full names, and the time they logged in to the system.
The update fixes the following bug:
* When the finger utility is run with no additional command line options, it provides output in the form of a table. Prior to this update, this tabular output did not include a separate column for information about a host, and this information was incorrectly displayed in the "Office" column. This update adds a new column named "Host", so that the host information no longer appears in the wrong column. (BZ#563291)
All users of finger are advised to upgrade to these updated packages, which fix this bug.

1.36. firefox

1.36.1. RHSA-2011:0885: Critical firefox security and bug fix update

Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2377)
Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376)
An integer overflow flaw was found in the way Firefox handled JavaScript Array objects. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2371)
A use-after-free flaw was found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2373)
It was found that Firefox could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.18. You can find a link to the Mozilla advisories in the References section of this erratum.
This update also fixes the following bug:
* With previous versions of Firefox on Red Hat Enterprise Linux 5, the "background-repeat" CSS (Cascading Style Sheets) property did not work (such images were not displayed and repeated as expected). (BZ#698313)
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

1.36.2. RHSA-2011:0471: Critical firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081)
An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078)
An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the "rows" and "cols" attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077)
A flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075)
A flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0074)
A flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073)
A use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072)
A directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox. (CVE-2011-0071)
A double free flaw was found in the way Firefox handled "application/http-index-format" documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070)
A flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0069)
A flaw was found in the way Firefox displayed the autocomplete pop-up. Malicious content could use this flaw to steal form history information. (CVE-2011-0067)
Two use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0066, CVE-2011-0065)
A flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

1.36.3. RHSA-2011:0373: Important firefox security update

Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having important security impact.
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
This erratum blacklists a small number of HTTPS certificates. (BZ#689430)
All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect.

1.36.4. RHSA-2011:0310: Critical firefox security and bug fix update

Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to safely display the content, causing Firefox to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-1585)
A flaw was found in the way Firefox handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated privileges. (CVE-2011-0051)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0053, CVE-2011-0055, CVE-2011-0058, CVE-2011-0062)
Several flaws were found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-0054, CVE-2011-0056, CVE-2011-0057)
A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0061)
A flaw was found in the way Firefox handled plug-ins that perform HTTP requests. If a plug-in performed an HTTP request, and the server sent a 307 redirect response, the plug-in was not notified, and the HTTP request was forwarded. The forwarded request could contain custom headers, which could result in a Cross Site Request Forgery attack. (CVE-2011-0059)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.14. You can find a link to the Mozilla advisories in the References section of this erratum.
This update also fixes the following bug:
* On Red Hat Enterprise Linux 4 and 5, running the "firefox -setDefaultBrowser" command caused warnings such as the following:
libgnomevfs-WARNING **: Deprecated function. User modifications to the MIME database are no longer supported.
This update disables the "setDefaultBrowser" option. Red Hat Enterprise Linux 4 users wishing to set a default web browser can use Applications -> Preferences -> More Preferences -> Preferred Applications. Red Hat Enterprise Linux 5 users can use System -> Preferences -> Preferred Applications. (BZ#463131, BZ#665031)
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

1.37. flash-plugin

1.37.1. RHSA-2011:0869: Critical flash-plugin security update

An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code. (CVE-2011-2110)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.181.26.

1.37.2. RHSA-2011:0850: Important flash-plugin security update

An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-13, listed in the References section. (CVE-2011-2107)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.181.22

1.37.3. RHSA-2011:0511: Critical flash-plugin security update

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-12, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627)
This update also fixes an information disclosure flaw in flash-plugin. (CVE-2011-0579)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.181.14.

1.37.4. RHSA-2011:0451: Critical flash-plugin security update

An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code. (CVE-2011-0611)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.2.159.1.

1.37.5. RHSA-2011:0372: Critical flash-plugin security update

An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code. (CVE-2011-0609)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.2.153.1.

1.37.6. RHSA-2011:0206: Critical flash-plugin security update

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-02, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.2.152.27.

1.38. fonts-indic

1.38.1. RHEA-2011:0978: fonts-indic enhancement update

An updated fonts-indic package which adds a glyph for the new Indian Rupee Sign is now available for Red Hat Enterprise Linux 5.
The fonts-indic package provides a free Indian Script TrueType and OpenType font.
This update adds the following enhancement:
* Unicode 6.0, the most recent major version of the Unicode standard, was released 2011-10-11. Among 2,088 new characters added to the standard is the Indian Rupee Sign, the new official Indian currency symbol. With this update, the fonts-indic package now includes a glypo for this new character, U+20B9. (BZ#674486)
All users requiring the Indian rupee sign should install this updated package, which adds this enhancement.

1.39. gcc

1.39.1. RHBA-2011:1029: gcc bug fix update

Updated gcc packages that fix three bugs are now available for Red Hat Enterprise Linux 5.
The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries.
This update fixes the following bugs:
* Prior to this update, aliasing problems could occur when the wrong value type was used for reading the vtable. Due to these problems, the pointer-to-member handling in the C++ frontend could cause miscompilations. This update accesses the correct value type. (BZ#630893)
* Prior to this update, the debug information wrongly indicated that a variable with Named Return Value (NRV) was located in a certain register when only its address was located in the register. With this update, the source code is modified so that the debug information contains the correct information. (BZ#660302)
* Prior to this update, gcc-c++ produced redundant duplicate entries in the dwarf debug information for class variables with virtual functions. This update modifies the code so that class variables are entered only once. (BZ#660305)
All GCC users are advised to upgrade to these updated packages, which fix these bugs.

1.40. gdb

1.40.1. RHBA-2011:1024: gdb bug fix update

An updated gdb package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The GNU Debugger, GDB, allows the debugging of programs written in C, C++, and other languages by executing them in a controlled fashion and printing the debug data.
This updated gdb package includes fixes for the following bugs:
* Previously, a change to the list of shared libraries could have corrupted the internal "bpstat" structure. Consequent to this, typing the "info program" command at a GDB prompt could have caused the utility to terminate unexpectedly with a segmentation fault. This update ensures that the "bpstat" structure always contains the correct data, and running the "info program" command no longer causes the debugger to terminate unexpectedly. (BZ#660197)
* A multithreaded program can be dumped into a core file. GDB can load the core file and display the list of its threads. Previously, GDB displayed for the threads found in the core file only their LWP (light-weight process) identifiers, which match the Linux TID (Thread Identifier) values. With this update, GDB initializes the libthread_db threads debugging library when accessing a core file and now displays the pthread_t identifier in addition to the LWP identifier. (BZ#673697)
* The Fortran programming language is case-insensitive. When compiling Fortran programs with the Intel Fortran Compiler, the compiler records some debug info symbols in uppercase. The gfortran compiler writes case-insensitive symbols in lowercase. Because of this, GDB could have terminated unexpectedly while accessing uppercase characters in the debug information from the Intel Fortran Compiler. With this update, GDB properly implements case insensitivity and ignores the symbols case in the symbol files. (BZ#645773)
* GDB crashed when reading a kernel core dump file because the value of the temporary current inferior process was set to minus_one_ptid (all processes). The value is now set to null_ptid (no processes) and GDB displays the vmcore file correctly. (BZ#696464)
All users of gdb are advised to upgrade to this updated package, which resolves these issues.

1.40.2. RHBA-2011:0186: gdb bug fix update

An updated gdb package that fixes a bug is now available for Red Hat Enterprise Linux 5.
The GNU Debugger, GDB, allows the debugging of programs written in C, C++, and other languages by executing them in a controlled fashion and then printing out their data.
This update fixes the following bug:
* Previously, a change to the list of shared libraries could corrupt the internal "bpstat" structure. Consequent to this, typing the "info program" command at a GDB prompt could cause the utility to terminate unexpectedly with a segmentation fault. This update ensures that the "bpstat" structure always contains the correct data, and running the "info program" command no longer causes the debugger to crash. (BZ#669636)
All users of gdb are advised to upgrade to this updated package, which resolves this issue.

1.41. gdbm

1.41.1. RHBA-2011:0172: gdbm bug fix update

An updated gdbm package that fixes a bug is now available.
The gdbm package is a GNU database indexing library, including routines which use extensible hashing.
This updated gdbm package fixes the following bug:
* Prior to this update, some applications performed poorly while using the "dbm_*" calls to perform operations on database files hosted on a NFS share. This was caused by thousands of flock calls made by the "gdbm_*" calls which in turn were called by the "dbm_*()" functions used in applications. These flock calls are inefficient when used over a NFS share since they result in a call being made over the wire and result in the cache on the NFS client being invalidated. This update adds a new environment variable "NDBM_LOCK". The "dbm_open" function now reads the "NDBM_LOCK" environment variable and if this variable is set to false ("NDBM_LOCK=false/no/off/0"), the "dbm_open" function does not lock the database. (BZ#668689)
All users of gdbm are advised to upgrade to this updated package, which resolves this issue.

1.42. gfs-utils

1.42.1. RHBA-2011:1041: gfs-utils bug fix update

An updated gfs-utils package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The gfs-utils package provides various user-space tools necessary to mount, create, maintain, and test Global File Systems (GFS).
This update fixes the following bug:
* Prior to this update, the performance of the gfs_fsck utility was very slow. This update modifies the source code to improve the GFS check utility (gfs_fsck). The performance gain depends on the contents of the file system and the amount of corruption encountered. (BZ#515834)
All users of gfs-utils are advised to upgrade to this updated package, which resolves this bug.

1.43. gfs2-utils

1.43.1. RHBA-2011:1042: gfs2-utils bug fix and enhancement update

Updated gfs2-utils packages that fix multiple bugs and add one enhancement are now available for Red Hat Enterprise Linux 5.
The gfs2-utils packages provide the user-space utilities necessary to mount, create, maintain and test GFS2 file systems.
This update fixes the following bugs:
* Prior to this update, gfs2_grow aborted unexpectedly with an error message on a full file system If no free blocks were available in the file system, and the last block of the rindex file did not allow to add more resource group entries. As a workaround, the user must remove or truncate a file to free up space. Once the file system is grown, the file can safely be added back. (BZ# 490649)
* Prior to this update, a file system check (fsck) on GFS2 file systems in verbose mode caused misleading error messages that the master and root inodes were not correctly marked. This update modifies the code to set both the master and root inodes as "in use" in the in-core block map. Now, fsck.gfs2 realizes that the master and root inodes are properly marked. (BZ# 642797)
* Prior to this update, a fsck on a GFS2 file system for i686 calculated the wrong starting point for its bitmap search because the GFS2 bitmap was in the wrong state. Due to this issue, the bitmap search was stuck in an infinite loop. This update modifies the calculation to use the correct size on 32-bit platforms. Now, the fsck.gfs2 check runs as expected. (BZ# 667769)
* Prior to this update, a file system check on a damaged GFS2 file system containing two inodes that point to the same metadata appeared to be a "duplicate block reference" but both were unrecoverable. Due to this issue, the fsck.gfs2 check in pass1b terminated abnormally with a segmentation fault because of the empty reference list. This update additionally checks whether the duplicate reference list is empty. Now, pass1b completes normally and fsck.gfs2 finishes as expected. (BZ#679076)
* Prior to this update, the command "gfs2_edit savemeta" did not save all directory information for large directories. Due to this behavior, the directory hash table and directory leaf blocks beneath were not saved. This update modifies the savemeta function for gfs2_edit to read all the data. With the directory hash table processed correctly, all leaf blocks are saved as expected. (BZ# 679565)
* Prior to this update, indirect blocks were prematurely released from a gfs2_edit savemeta queue. Due to this behavior, some meta data was not saved and consequently meta data sets restored with gfs2_edit restoremeta did not pass a file system check (fsck). This update modifies gfs2_edit so that the required blocks are now left on the queue and saved with the rest of the meta data. Now, saving the meta data of a consistent file system results in a complete meta data set which passes a fsck when restored. (BZ# 698298)
This update also adds the following enhancement:
* Prior to this update, gfs2_edit gathered GFS2 file system information less effectively. This update enhances gfs_edit to gather more information. (BZ# 656371)
All gfs2-utils users are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

1.43.2. RHBA-2011:0476: gfs2-utils bug fix update

An updated gfs2-utils package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems.
This update fixes the following bug:
* On 32-bit x86 architectures, an attempt to check a large GFS2 file system caused the fsck.gfs2 utility to enter an infinite loop, utilizing 100% of available CPU resources. When run with the "-vv" option, the fsck.gfs2 command would produce output similar to the following:
(pass1.c:1453) Already processed system inode 33121 (0x8161)
This update applies an upstream patch that prevents such infinite loop, and large GFS2 file systems now successfully complete their file system check on both 32-bit and 64-bit architectures. (BZ#675911)
All users of gfs2-utils are advised to upgrade to this updated package, which fixes this bug.

1.44. giflib

1.44.1. RHBA-2011:0398: giflib bug fix update

Updated giflib packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect.
This update fixes the following bug:
* Prior to this update, an attempt to use the giftext utility on a GIF file that does not store a global color map caused it to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that resolves this issue, and giftext no longer crashes. (BZ#249555)
All users of giflib are advised to upgrade to these updated packages, which fix this bug.

1.45. gimp

1.45.1. RHSA-2011:0838: Moderate gimp security update

Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The GIMP (GNU Image Manipulation Program) is an image composition and editing program.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)
A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)
A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)
Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw.
Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.

1.46. glibc

1.46.1. RHSA-2011:0412: Important glibc security update

Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
The fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)
It was discovered that the glibc addmntent() function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296)
It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)
It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)
All users should upgrade to these updated packages, which contain backported patches to correct these issues.

1.46.2. RHBA-2011:1034: glibc bug fix update

Updated glibc packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
This update fixes the following bugs:
* Prior to this update, SELinux stopped the worker module on 64-bit architectures, which prevented servers from loading. This was caused by the executable stack not being allocated when the first 4 GB of the address space were exhausted. This modifies the code so that servers now load correctly. (BZ#448011)
* Prior to this update, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. Initialization routines for depended-upon objects were not being called before the objects, which depended on them, were initialized. This manifested itself only when initializing compiled C++ libraries whose global initialization depended upon the global initialization of data in other libraries which were linked against at link time, generating a DT_NEEDED entry. This update modifies the topological sort algorithm for dependency resolution. Now, functions for initialization and termination are ordered correctly. (BZ#604796)
* Prior to this update, the expansion of the "$ORIGIN" dynamic string token in "RPATH" elements for privileged programs was disabled. Due to this problem, certain libraries such as gconv did not work correctly. This update re-enables this feature for libraries. Now, the libraries work as expected. (BZ#670988)
* Prior to this update, the resolver failed to return all addresses of multi-homed hosts in /etc/hosts. Now, getaddrinfo correctly initializes the resolver state on the first call. (BZ#676039)
* Prior to this update, the PHTREAD_CANCEL_DISABLE could, under certain conditions, fail to prevent thread cancellations. Due to this problem, pthread_cancel could cancel input/output (I/O) like write and read calls while PTHREAD_CANCEL_DISABLE was in effect. With this update, the cancellations work as expected. (BZ#684808)
* Prior to this update, the glibc libraries could fail to allocate enough memory for the expanded strings when expanding the dynamic string tokens in load paths for the dynamic linker or in module names for the "dlopen" function. Due to this behavior, certain applications could freeze or terminate unexpectedly with an error message. This update modifies the underlying source code to allocate enough memory for the expanded strings. (BZ#694655)
All users of glibc are advised to upgrade to these updated packages, which fix these bugs.

1.46.3. RHBA-2011:0466: glibc bug fix update

Updated glibc packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly.
This update fixes the following bug:
* When expanding the dynamic string tokens in load paths for the dynamic linker or in module names for the "dlopen" function, previous versions of the glibc libraries may have failed to allocate enough memory for the expanded strings, causing certain applications to terminate unexpectedly with the following error:
malloc(): memory corruption: 0x09b43fd0
With this update, the underlying source code has been adapted to allocate enough memory for the expanded strings, and the glibc libraries no longer cause applications to crash. (BZ#695258)
All users are advised to upgrade to these updated packages, which fix this bug.

1.46.4. RHBA-2011:0901: glibc bug fix update

Updated glibc packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly.
This update fixes the following bug:
* Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. Initialization routines for depended-upon objects were not being called before the objects, which depended on them, were being initialized. This manifested itself only when initializing compiled C++ libraries whose global initialization depended upon the global initialization of data in other libraries which they were linked against at link time, generating a DT_NEEDED entry. With this update, implementation of the topological sort algorithm for dependency resolution has been fixed, and functions for initialization and termination are now ordered correctly. (BZ#711778)
All users are advised to upgrade to these updated packages, which fix this bug.

1.47. gnome-screensaver

1.47.1. RHBA-2011:0286: gnome-screensaver bug fix update

An updated gnome-screensaver package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The gnome-screensaver package contains the GNOME project's official screen saver program. It is designed for improved integration with a GNOME desktop, including themeability, language support, and Human Interface Guidelines (HIG) compliance. It also provides screen-locking and fast user-switching from a locked screen.
This update fixes the following bug:
* Previously, using the "Pictures folder" screen saver with an empty Pictures directory could cause the gnome-screensaver program to terminate unexpectedly. This update applies an upstream patch that resolves this issue, and an empty Pictures directory no longer causes the "Pictures folder" screen saver to crash. (BZ#673990)
All users of gnome-screensaver are advised to upgrade to this updated package, which resolves this issue.

1.48. gnome-terminal

1.48.1. RHBA-2011:1082: gnome-terminal bug fix update

An updated gnome-terminal package that fixes a bug is now available for Red Hat Enterprise Linux 5.
Gnome-terminal is a terminal emulator for GNOME. It supports translucent backgrounds, opening multiple terminals in a single window (tabs) and clickable URLs.
This updated gnome-terminal package fixes the following enhancement:
* When the HTTP_PROXY environment variable was set with the ignore_hosts option in the GConf configuration system, this setting was not honored in terminal applications. With this update, the code has been modified to better honor GNOME proxy configuration in terminal applications. (BZ#719399)
All users of gnome-terminal are advised to upgrade to this updated package, which fixes this bug.

1.49. gnome-vfs2

1.49.1. RHBA-2011:0441: gnome-vfs2 bug fix update

Updated gnome-vfs2 packages that fix two bugs are now available for Red Hat Enterprise Linux 5.
The gnome-vfs2 packages provide the GNOME virtual file system (GNOME VFS) which is the foundation of the Nautilus file manager.
This update fixes the following bugs:
* Previously, the ImageMagick tool set closed unexpectedly with a segmentation fault after successful conversion during exit due to an incompatibility with the atexit handler when unloading librsvg. This update uses __attribute__((destructor)) instead of atexit(). Now, ImageMagick no longer closes unexpectedly after successful conversion. (BZ#472253)
* When using the GNOME desktop with an ext4 file system, moving a file located on the ext4 file system did not result in the file being correctly moved to the Trash. This update corrects the VFS code so that moving files to the Trash succeeds as expected on ext4 file systems. (BZ#594836)
All gnome-vfs2 users are advised to upgrade to these updated packages, which fix these bugs.

1.50. gzip

1.50.1. RHBA-2011:0976: gzip bug fix update

An updated gzip package that fixes two bugs is now available for Red Hat Enterprise Linux 5.
The gzip package provides the GNU gzip data compression program.
This update fixes the following bugs:
* Previously, an automatic attempt to close the standard output (stdout) stream could under certain circumstances fail. However, the gzip utility did not check if the final stdout close was successful. Due to this issue, the gzip utility could cause silent data loss while it returned a zero exit status, indicating success. This update closes the stdin and stdout streams carefully at exit time. Now, a non-zero exit status is returned if there are any problems while closing the stdin or stdout streams. (BZ#514562)
* Previously, the gzip(1) man page contained a typographic error. This update corrects this error. Now, the manual page is typographically correct. (BZ#675464)
Users of gzip are advised to upgrade to this updated package, which fixes these bugs.

1.51. hplip

1.51.1. RHSA-2011:0154: Moderate hplip security update

Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them.
A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them. (CVE-2010-4267)
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
Users of hplip should upgrade to these updated packages, which contain a backported patch to correct this issue.

1.52. httpd

1.52.1. RHBA-2011:1067: httpd bug fix and enhancement update

Updated httpd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1067 — httpd bug fix and enhancement update.
The Apache HTTP Server is a popular web server.

Bug Fixes:

BZ#264681
Prior to this update, using any mod_ldap directive within a VirtualHost context prevented the module from caching results for that particular virtual host. This update adapts the mod_ldap module to make sure that caching now works correctly in such configurations.
BZ#552303, BZ#632407
When the mod_proxy module was configured as a reverse proxy, multiple unrelated bugs may have prevented it from operating correctly, and may have led to incorrect handling of connection timeouts or even data corruption. With this update, various patches have been applied to address this issue, and the mod_proxy module can now serve as a reverse proxy as expected.
BZ#580008
When the mod_deflate module was configured to compress responses and an HTTP client prematurely terminated a connection, the previous version of the httpd service may have terminated unexpectedly with a segmentation fault. This update applies a patch that resolves this issue, and httpd no longer crashes.
BZ#604727
Prior to this update, the mod_authnz_ldap module was unable to handle referrals from an LDAP server. This update introduces the LDAPChaseReferrals directive, which allows users to enable referral chasing.
BZ#614423
Previously, when the OID() function was used as part of the SSLRequire directive, it was unable to parse certificate attributes of an unknown type. Consequent to this, strings that use the Abstract Syntax Notation One (ASN.1) notation were not rendered properly, and may have been incorrectly prefixed with a random string. This update adapts the OID() function to parse all unknown attributes as ASN.1 strings, so that these strings are now rendered as expected.
BZ#649648
Due to incorrect handling of the SSL certificate cache, an attempt to use an SSL configuration with multiple VirtualHost sections that use identical ServerName values rendered the httpd service unable to start. With this update, the underlying source code has been adapted to address this issue, and using multiple VirtualHost sections with identical ServerNames values no longer prevents httpd from starting.
BZ#673276
Due to incorrect handling of responses with multiple duplicate headers, when a user configured the httpd service to transform HTTP response headers by specifying edit as a value of the Header directive, only one of the matching headers was retained. This has now been fixed, and the edit mode is now applied correctly across all HTTP response headers.
BZ#674102
When using the prefork Multi-Processing Module (MPM), children processes with persistent connections (that is, with the KeepAlive directive set to On) kept processing new requests even when a graceful restart had been issued. This update applies a patch that corrects this error, and children processes with persistent connections no longer process new requests when a graceful restart is requested.
BZ#678057
Prior to this update, an attempt to use the ProxyPassReverse directive with a balancer:// URL that included a path segment caused redirect responses to map the HTTP Location header paths incorrectly. This error has been fixed, and HTTP Location header paths are now mapped correctly.
BZ#679994
Previously, the FilterProvider directive of the mod_filter module was unable to match against non-standard HTTP response headers. With this update, the underlying source code has been adapted to address this issue, and the FilterProvider directive is now able to match against non-standard HTTP response headers as expected.
BZ#691497
When configured as a reverse proxy, the previous version of the mod_proxy module was unable to establish an SSL connection via an intermediary proxy configured using the ProxyRemote directive. This update adapts the mod_proxy module to support this configuration.
BZ#698402
Prior to this update, the mod_include module may have failed to parse certain Server Side Include (SSI) documents if the response contained attribute boundaries that were split across multiple buckets. This update corrects this error, and such SSI documents can now be parsed as expected.

Enhancements:

BZ#379811
When using the mod_cache module, by default, the CacheMaxExpire directive is only applied to responses which do not specify their expiry date. Previously, it was not possible to limit the maximum expiry time for all resources. This update adapts the mod_cache module to provide support for hard as a second argument of the CacheMaxExpire directive, allowing a maximum expiry time to be enforced for all resources.
BZ#555870
The mod_proxy_balancer load balancer module has been updated to provide support for the bybusyness scheduler algorithm.
BZ#612198
The mod_reqtimeout module has been added. When enabled, this module allows fine-grained timeouts to be applied during request parsing.
BZ#658766
The mod_proxy and mod_proxy_http modules have been updated to provide support for remote HTTPS proxy servers by using the HTTP CONNECT method.
All users of httpd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.52.2. RHBA-2011:0480: httpd bug fix update

Updated httpd packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The Apache HTTP Server is a popular web server.
This update fixes the following bug:
* When the mod_proxy module was configured as a reverse proxy using HTTP over SSL/TLS to a back-end server, data from the back end could be incorrectly truncated. This update applies a backported patch that resolves this issue, and using a reverse proxy with HTTP over SSL/TLS no longer causes the Apache HTTP Server to serve corrupted data. (BZ#694158)
All users of httpd are advised to upgrade to these updated packages, which fix this bug.

1.53. hwdata

1.53.1. RHEA-2011:1011: hwdata enhancement update

An updated hwdata package that adds various enhancements is now available for Red Hat Enterprise Linux 5.
The hwdata package contains tools for accessing and displaying hardware identification and configuration data.
This update adds the following enhancements:
* This update introduces support for the IMMv2 management controller and the integrated Matrox MGA-G200ER graphics chipset. (BZ#592427)
* This update enables hardware support for upcoming Intel products releases. (BZ#571823)
* The pci.ids database has been updated according to the latest upstream changes. (BZ#677671)
All users of hwdata are advised to upgrade to this updated package, which adds these enhancements.

1.54. ia32el

1.54.1. RHBA-2011:1037: ia32el bug fix update

An updated ia32el package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The ia32el package contains the IA-32 Execution Layer platform, which allows emulation of IA-32 binaries on Intel Itanium processors.
This updated package fixes the following bug:
* Prior to this update, a well-formed multi-threaded program aborted unexpectedly with a segmentation fault or a double free abort due to a conflict between malloc and free library calls. With this update, the code is modified so that a well-formed program runs as expected. (BZ#548655)
All users of ia32el are advised to upgrade to this updated package which resolves this bug.

1.55. initscripts

1.55.1. RHBA-2011:1081: initscripts bug fix and enhancement update

An updated initscripts package that fixes various bugs and add several enhancements is now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1081 — initscripts bug fix and enhancement update.
The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly.

Bug Fixes:

BZ#699544
After system installation, the dhclient utility failed to start after boot on an interface configured to get an IPv4 address from DHCP. This bug has been fixed and the dhclient utility now starts properly in the described scenario.
BZ#624704
Previously, when a logical network with VLAN tag 0 was created, this value was out of range for logical networks, the host would never create a sub interface 0 and the cluster network would stay in non-operational mode. With this update, the /etc/sysconfig/network-scripts/ifup script has been fixed and logical networks with VLAN tag 0 can now be created.
BZ#676851
Previously, when the netfs script performed a lazy unmount on a NFS file system, sometimes cached data would be written out before the shutdown scripts were able to take down the network interfaces. This caused various machines to have been hanging on shutdown. With this update, the netfs script has been fixed and the physical machines no longer hang in the described scenario.
BZ#664091
When the biosdevname utility sets a name for a PCI device, it uses a # character to specify the device interface. Subsequently, when network services were restarted, the network init script returned an error message, such as ifcfg-ifcfg-pci3#1: No such file or directory even though the interface itself was properly found. With this update, the network init script parses the # character correctly and no error messages are given in the described scenario.
BZ#462095
If an Ethernet interface had letters in the device file name (such as ethWAN or ethVZ) instead of just numbers (such as eth0 or eth5), the /sbin/ifup script failed to enable VLANs configured on such interfaces after the network service was restarted. This bug has been fixed and the /sbin/ifup script now properly configures VLANs regardless of their names.
BZ#604669
When a bonding interface was configured in the /etc/modprobe.conf file without specifying the options in the BONDING_OPTS variable, the arp_ip_target parameter value was cleared after a network restart. Subsequently, the interface connection could not be restored. With this update, the ifdown-eth script has been fixed to only add the arp_ip_target parameter if it is not present, fixing this bug.
BZ#649995
Previously, the following diagnostic error message was given in every tcsh shell:
		grep: character class syntax is [[:space:]], not [:space:].
This bug has been fixed in the /etc/profile.d/lang.csh script and the error message is no longer returned.
BZ#671386
Due to a change in a status message of the dmraid utility, the following error messages appeared on boot, when the previous version of the initscripts package was installed:
	failed to stat() /dev/mapper/no
	failed to stat() /dev/mapper/block
	failed to stat() /dev/mapper/devices
	failed to stat() /dev/mapper/found
With this update, the /rc.d/rc.sysinit script has been fixed and the error messages no longer appear on boot.
BZ#685038
When a system was rebooted while the network switch was down and the network interface had the PERSISTENT_DHCLIENT variable set to yes, the dhclient utility still failed to start on boot. With this update, the ifup-eth init script has been fixed and the dhclient utility starts as expected when PERSISTENT_DHCLIENT=yes is configured.
BZ#687849
Previously, when no Internet Small Computer System Interface (iSCSI) check was done during shutdown or reboot, the following redundant error message was given:
	find: /sys/class/iscsi_session/: No such file or directory.
With this update, the /etc/rc.d/init.d/network script has been fixed and the error message is no longer displayed.
BZ#687890
Previously, the following redundant error message was given during system shutdown:
	Unmounting file systems:  Cannot umount ""
With this update, the /rc.d/init.d/functions script has been fixed and the error message is no longer displayed.
BZ#692893
Due to a bug in the /etc/ssh/ssh_config init script, the value of the LANG variable overwrote the same variable on a remote system as the config settings were passed via OpenSSH, even if the LANG variable was already set. This sometimes caused undesired locale settings with unsupported character set to be set on the target system. This bug has been fixed and the LANG variable is no longer overwritten in the described scenario.
BZ#703203
Due to a bug in the /etc/init.d/halt script, no mount point set up with the word nfs anywhere in its path could be unmounted at reboot or shutdown. This bug has been fixed and such mount points are now unmounted properly.
BZ#684909
Previously, if no IPv4 address was configured, then DHCP for an IPv6 address was not carried out. Subsequently, the eth0 interface had the default IPv6 link-local address assigned to it, instead the address that would be allocated to it via IPv6 dhcpd utility. This bug has been fixed in the /etc/sysconfig/network-scripts/ifup-eth script and now, the dhcp6c daemon is started and an IPv6 address is acquired for the address as well as additional information such as DNS servers etc.
BZ#674221
Previously, if a bonded interface was created and the slave interface includes the setting MASTER=bond0 (where bond0 is the bonded interface) the slave did not start. This bug has been fixed in the /etc/sysconfig/network-scripts/ifcfg-ethX script and the bonded interface now brings up the slave interface and communicate as expected.
BZ#669728
Previously, when MAC (Media Access Control) addresses were switched on a virtual machine or a physical machine with two network interfaces, the sbin/ifdown script became unresponsive when the network was restarted. With this update, the script recognizes that the MAC address for the network interface is wrong and then ignores it, thus fixing this bug.
BZ#665601
The sysctl utility uses . as the path delimiter while VLAN interfaces use . as the ID delimiter. This conflict caused all sysctl calls on a VLAN interface to terminate without any output, causing various issues with IPv6 auto-configuration feature. With this update, several scripts of the iniscripts package have been patched and the sysctl calls no longer hang on VLAN interfaces.
BZ#648524
Previously, the /sysconfig/network-scripts/network-functions script calculated wrong value of the DEVICETYPE variable for IPoIB (IP over Infiniband) child interfaces. Subsequently, the variable could not be used to handle the specific need of the interface, such as calling the ifup-${DEVICETYPE} script. This bug has been fixed and the DEVICETYPE variable value is now calculated correctly for IPoIB interfaces.
BZ#637176
When multiple PIDs (Process Identifiers) are passed to the checkpid() function, it exits with the return value of 0 after finding the first existing PID. This is intended behavior of the function but the accompanying comment in the code indicated that the function fully supported multiple PIDs as arguments, which was confusing for some users. With this update, the comment in the code has been clarified.
BZ#713988
When the X Window System was started by the startx command on the console, the desktop was always displayed in English regardless of the language configured in the /etc/sysconfig/i18n file. With this update, the bug has been fixed in the /etc/profile.d/lang.sh script, and the language setting is now properly recognized when X starts.

Enhancements:

BZ#624385
With this update, various init scripts have been enhanced so that they are able to parse configuration files located in the /etc/sysctl.d/ directory. This makes it easier to install or remove RPM packages packages that modify kernel runtime parameters.
BZ#612877
With this update, the ifup and ifdown scripts can recognize and act upon configuration for IPv6 that contains alias devices. Now, multiple IPv6 addresses can be configured on the same interface and can be controlled separately.
BZ#507515
With this update, the ifup script reports duplicate IP addresses via the syslog utility to the /var/log/messages file, in addition to printing its messages on standard output.
BZ#653621
With this update, support for the 1731/02 OSM/OSX network device has been added to the initscrips package.
BZ#689898
With this update, an explanatory comment has been added to the /rc.d/init.d/netfs and the /rc.d/rc.sysinit init scripts regarding the mount -t no* syntax.
All users of initscript are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.

1.56. ipa-client

1.56.1. RHBA-2011:0990: ipa-client bug fix update

An updated ipa-client package that fixes two bugs is now available for Red Hat Enterprise Linux 5.
The ipa-client package provides a tool to enroll a machine to an IPA version 2 server. IPA (Identity, Policy, Audit) is an integrated solution to provide centrally managed identity, that is, machine, user, virtual machines, groups, and authentication credentials.
This update fixes the following bug:
* This update adds sssd suport to the ipa-client package. (BZ#631907)
* Previously, the ipa-client used the wrong object identifier (OID). This update corrects this issue. Now, the ipa-client uses the same OID as the the server. (BZ #682231)
All IPA users are advised to upgrade to this updated package which, fixes this bug.

1.56.2. RHBA-2011:0832: ipa-client bug fix update

An updated ipa-client package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The ipa-client package provides a tool to enroll a machine to an IPA version 2 server. IPA (Identity, Policy, Audit) is an integrated solution to provide centrally managed identity, that is, machine, user, virtual machines, groups, and authentication credentials.
This update fixes the following bug:
* Previously, the ipa-client used the wrong object identifier (OID). This update corrects this issue. Now, the ipa-client uses the same OID as the server (BZ #704649)
All IPA users are advised to upgrade to this updated package which, fixes this bug.

1.57. iprutils

1.57.1. RHEA-2011:0992: iprutils enhancement update

An updated iprutils package that provides one enhancement is now available for Red Hat Enterprise Linux 5.
The iprutils package provides utilities to manage and configure SCSI devices that are supported by the ipr SCSI storage device driver.
This update adds the following enhancement:
* The iprutils package has been updated to provide support for the Serial Attached SCSI (SAS) vRAID functions. (BZ#651439)
All users of iprutils are advised to upgrade to this updated iprutils package, which adds this enhancement.

1.58. ipvsadm

1.58.1. RHBA-2011:0979: ipvsadm bug fix update

An updated ipvsadm package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The ipvsadm package provides the ipsvadm tool to administer the IP Virtual Server services offered by the Linux kernel.
This update fixes the following bug:
* Prior to this update, the kernel module ipvs was automatically loaded if the ipvsadm module was not loaded when checking the ipvsadm service status. This behavior affected the system configuration, especially the memory usage. This update ensures that the ipvsadm service status check does not load the kernel module on systems without the loaded ipsvadm module. (BZ#592264)
All users of ipvsadm are advised to upgrade to this updated package, which fixes this bug.

1.59. iscsi-initiator-utils

1.59.1. RHBA-2011:1033: iscsi-initiator-utils bug fix and enhancement update

An updated iscsi-initiator-utils package that fixes two bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5.
The iscsi-initiator-utils package provides the daemon for the iSCSI protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol (IP) networks.
This update fixes the following bugs:
* Prior to this update, the iscsid service and Broadcom iSCSI driver's user space component were not synchronized when logging into an iSCSI target. As a result, the iSCSI login timeout could have been reached or a login error could have been issued under certain circumstances. The bug has been fixed in this update so that iscsid and the user space component are now synchronized and the iSCSI login process works as expected. (BZ#595549)
* Prior to this update, trying to establish a connection to an iSCSI target using the bnx2i offload interface transport could have failed due to the iSCSI daemon and bnx2i driver not being in sync during initialization. Furthermore, any number of machine restarts had no effect on this undesired behavior. The bug has been fixed in this update so that the connection with bnx2i can now be successfully established as expected. (BZ#572596)
As well, this update adds the following enhancements:
* Broadcom iSCSI driver's user space component has been upgraded to upstream version 0.6.2.14, which adds support for the Broadcom 57712 10Gb controller, IPv6 networking, virtual LAN support, and subnet masking. (BZ#660434)
* With this update, the iscsi-initiator-utils package now supports the Chelsio T4 iSCSI offload cards using the cxgb4i driver. (BZ#640121)
* With this update, the iscsi-initiator-utils package is now built for the IBM System z platform. (BZ#567852)
All users of iscsi-initiator-utils should upgrade to this updated package, which fixes these bugs and adds these enhancements.

1.60. iwl6000-firmware

1.60.1. RHEA-2011:0971: iwl6000-firmware bug fix and enhancement update

An updated iwl6000-firmware package that fixes several bugs, adds various enhancements, and matches the iwlagn driver in the latest Red Hat Enterprise Linux 6 kernels, is now available.
The iwlagn driver requires firmware loaded on the device in order to function. This package provides the firmware required by that driver for Intel Wireless WiFi Link 6000 series adapters.
The iwl6000-firmware package has been upgraded to upstream version 9.221.4.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#568033)
Users of the iwlagn driver are advised to upgrade to this updated iwl6000-firmware package, which resolves these issues and adds these enhancements.

1.61. jabberd

1.61.1. RHSA-2011:0882: Low Red Hat Network Satellite server jabberd security update

An updated jabberd package that fixes one security issue is now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
This package provides jabberd 2, an Extensible Messaging and Presence Protocol (XMPP) server used for XML based communication.
It was found that the jabberd daemon did not properly detect recursion during entity expansion. A remote attacker could provide a specially-crafted XML file containing a large number of nested entity references, which once processed by the jabberd daemon, could lead to a denial of service (excessive memory and CPU consumption). (CVE-2011-1755)
Red Hat would like to thank Nico Golde of the Debian Security Team for reporting this issue. The Debian Security Team acknowledges Wouter Coekaerts as the original reporter.
Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details.

1.61.2. RHSA-2011:0881: Low Red Hat Network Proxy server jabberd security update

An updated jabberd package that fixes one security issue is now available for Red Hat Network Proxy 5.4.1 for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
This package provides jabberd 2, an Extensible Messaging and Presence Protocol (XMPP) server used for XML based communication.
It was found that the jabberd daemon did not properly detect recursion during entity expansion. A remote attacker could provide a specially-crafted XML file containing a large number of nested entity references, which once processed by the jabberd daemon, could lead to a denial of service (excessive memory and CPU consumption). (CVE-2011-1755)
Red Hat would like to thank Nico Golde of the Debian Security Team for reporting this issue. The Debian Security Team acknowledges Wouter Coekaerts as the original reporter.
Users of Red Hat Network Proxy 5.4.1 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Proxy must be restarted. Refer to the Solution section for details.

1.62. java-1.4.2-ibm

1.62.1. RHSA-2011:0490: Critical java-1.4.2-ibm security update

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The IBM 1.4.2 SR13-FP9 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473, CVE-2010-4475, CVE-2011-0311)
All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP9 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.62.2. RHSA-2011:0292: Moderate java-1.4.2-ibm security update

Updated java-1.4.2-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially-crafted HTTP request. (CVE-2010-4476)
All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.62.3. RHSA-2011:0152: Moderate java-1.4.2-ibm security update

Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-1321, CVE-2010-3574)
Note: The RHSA-2010:0935 java-1.4.2-ibm update did not, unlike the erratum text stated, provide fixes for the above issues.
All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.63. java-1.4.2-ibm-sap

1.63.1. RHSA-2011:0870: Moderate java-1.4.2-ibm-sap security update

Updated java-1.4.2-ibm-sap packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The IBM 1.4.2 SR13-FP9 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473, CVE-2010-4475, CVE-2011-0311)
All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for SAP are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP9 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.63.2. RHSA-2011:0299: Moderate java-1.4.2-ibm-sap security update

Updated java-1.4.2-ibm-sap packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially-crafted HTTP request. (CVE-2010-4476)
Note: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to correct a naming overlap; however, java-1.4.2-ibm-sap does not automatically obsolete the previous java-1.4.2-ibm packages for Red Hat Enterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and RHBA-2010:0530 advisories, listed in the References, for further information.
All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for SAP are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.64. java-1.5.0-ibm

1.64.1. RHSA-2011:0364: Critical java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475)
All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP4 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.64.2. RHSA-2011:0291: Moderate java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially-crafted HTTP request. (CVE-2010-4476)
All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP3 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.64.3. RHSA-2011:0169: Critical java-1.5.0-ibm security and bug fix update

Updated java-1.5.0-ibm packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes multiple vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-3553, CVE-2010-3557, CVE-2010-3571)
This update also fixes the following bug:
* An error in the java-1.5.0-ibm RPM spec file caused an incorrect path to be included in HtmlConverter, preventing it from running. (BZ#659710)
All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP3 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.65. java-1.6.0-ibm

1.65.1. RHSA-2011:0938: Critical java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873)
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9-FP2 Java release. All running instances of IBM Java must be restarted for the update to take effect.

1.65.2. RHSA-2011:0357: Critical java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475)
Note: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were missing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras. This erratum provides 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras as expected.
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9-FP1 Java release. All running instances of IBM Java must be restarted for the update to take effect.

1.65.3. RHSA-2011:0290: Moderate java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially-crafted HTTP request. (CVE-2010-4476)
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9 Java release. All running instances of IBM Java must be restarted for the update to take effect.

1.65.4. RHSA-2011:0880: Low Red Hat Network Satellite server IBM Java Runtime security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476)
Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java release. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details.

1.66. java-1.6.0-openjdk

1.66.1. RHSA-2011:0857: Important java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862)
It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871)
A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864)
An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867)
An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868)
It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869)
A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865)
Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the "appletviewer" application.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

1.66.2. RHSA-2011:0281: Important java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
A flaw was found in the Swing library. Forged TimerEvents could be used to bypass SecurityManager checks, allowing access to otherwise blocked files and directories. (CVE-2010-4465)
A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), which could lead to heap corruption. (CVE-2010-4469)
A flaw was found in the way JAXP (Java API for XML Processing) components were handled, allowing them to be manipulated by untrusted applets. This could be used to elevate privileges and bypass secure XML processing restrictions. (CVE-2010-4470)
It was found that untrusted applets could create and place cache entries in the name resolution cache. This could allow an attacker targeted manipulation over name resolution until the OpenJDK VM is restarted. (CVE-2010-4448)
It was found that the Java launcher provided by OpenJDK did not check the LD_LIBRARY_PATH environment variable for insecure empty path elements. A local attacker able to trick a user into running the Java launcher while working from an attacker-writable directory could use this flaw to load an untrusted library, subverting the Java security model. (CVE-2010-4450)
A flaw was found in the XML Digital Signature component in OpenJDK. Untrusted code could use this flaw to replace the Java Runtime Environment (JRE) XML Digital Signature Transform or C14N algorithm implementations to intercept digital signature operations. (CVE-2010-4472)
Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the "appletviewer" application.
This update also provides one defense in depth patch. (BZ#676019)
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

1.66.3. RHSA-2011:0214: Moderate java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially-crafted HTTP request. (CVE-2010-4476)
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.

1.66.4. RHSA-2011:0176: Moderate java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The javaws command can be used to launch Java Web Start applications.
A public static field declaration allowed untrusted JNLP (Java Network Launching Protocol) applications to read privileged data. A remote attacker could directly or indirectly read the values of restricted system properties, such as "user.name", "user.home", and "java.home", which untrusted applications should not be allowed to read. (CVE-2010-3860)
It was found that JNLPSecurityManager could silently return without throwing an exception when permission was denied. If the javaws command was used to launch a Java Web Start application that relies on this exception being thrown, it could result in that application being run with elevated privileges, allowing it to bypass security manager restrictions and gain access to privileged functionality. (CVE-2010-4351)
Note: The RHSA-2010:0339 java-1.6.0-openjdk update installed javaws by mistake. As part of the fixes for CVE-2010-3860 and CVE-2010-4351, this update removes javaws.
Red Hat would like to thank the TippingPoint Zero Day Initiative project for reporting CVE-2010-4351. The original issue reporter wishes to stay anonymous.
This erratum also upgrades the OpenJDK package to IcedTea6 1.7.7. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

1.66.5. RHEA-2011:0485: java-1.6.0-openjdk enhancement update

Enhanced java-1.6.0-openjdk packages are now available for Red Hat Linux 5.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
These updated java-1.6.0-openjdk packages provide support for the Rhino JavaScript interpreter, an open-source implementation of JavaScript. (BZ#694080)
Note: new rhino and jline packages are also now available separately for Red Hat Enterprise Linux 5. In order to rebuild java-1.6.0-openjdk, you must first install the new rhino and jline packages.
Users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which add this enhancement.

1.67. java-1.6.0-sun

1.67.1. RHSA-2011:0860: Critical java-1.6.0-sun security update

Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the "Oracle Java SE Critical Patch Update Advisory" page, listed in the References section. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873)
All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 26 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.

1.67.2. RHSA-2011:0282: Critical java-1.6.0-sun security update

Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the "Oracle Java SE and Java for Business Critical Patch Update Advisory" page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476)
All users of java-1.6.0-sun are advised to upgrade to these updated packages, which resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.

1.68. JBoss

1.68.1. RHSA-2011:0948: Important JBoss Enterprise Application Platform 5.1.1 update

Updated JBoss Enterprise Application Platform 5.1.1 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. JBoss Enterprise Application Platform integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam into a complete and simple enterprise solution.
This JBoss Enterprise Application Platform 5.1.1 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application Platform 5.1.0.
These updated packages include the bug fixes detailed in the release notes, which are linked to from the References section of this erratum.
The following security issue is also fixed with this release:
It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-2196)
Red Hat would like to thank the ObjectWorks+ Development Team at Nomura Research Institute for reporting this issue.
Warning: Before applying this update, please back up your JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along with all other customized configuration files.
All users of JBoss Enterprise Application Platform 5.1.0 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. Manual action is required for this update to take effect. Refer to the Solution section for details.

1.68.2. RHSA-2011:0945: Important JBoss Enterprise Web Platform 5.1.1 update

Updated JBoss Enterprise Web Platform 5.1.1 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Enterprise Web Platform is for mid-size workloads, focusing on light and rich Java applications. Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform.
This JBoss Enterprise Web Platform 5.1.1 release for Red Hat Enterprise Linux 4, 5, and 6 serves as a replacement for JBoss Enterprise Web Platform 5.1.0.
These updated packages include the bug fixes detailed in the release notes, which are linked to from the References section of this erratum.
The following security issue is also fixed with this release:
It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-2196)
Red Hat would like to thank the ObjectWorks+ Development Team at Nomura Research Institute for reporting this issue.
Warning: Before applying this update, please back up your JBoss Enterprise Web Platform's "jboss-as-web/server/[PROFILE]/deploy/" directory and any other customized configuration files.
All users of JBoss Enterprise Web Platform on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. Manual action is required for this update to take effect. Refer to the Solution section for details.

1.68.3. RHSA-2011:0897: Moderate JBoss Enterprise Web Server 1.0.2 update

JBoss Enterprise Web Server 1.0.2 is now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications.
This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information.
This update corrects security flaws in the following components:
tomcat6:
A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172)
tomcat5 and tomcat6:
It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718)
A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)
A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1157)
httpd:
A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452)
apr:
It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419)
apr-util:
It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. Note: This issue only affected the JBoss Enterprise Web Server packages on Red Hat Enterprise Linux 4. (CVE-2010-1623)
All users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues. After installing this update, the relevant Apache Tomcat service ("tomcat5" or "tomcat6") and the Apache HTTP Server ("httpd") must be restarted for the update to take effect.

1.69. jboss-seam2

1.69.1. RHSA-2011:0950: Important jboss-seam2 security update

Updated jboss-seam2 packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The JBoss Seam 2 framework is an application framework for building web applications in Java.
It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-2196)
Red Hat would like to thank the ObjectWorks+ Development Team at Nomura Research Institute for reporting this issue.
Users of jboss-seam2 should upgrade to these updated packages, which correct this issue. Manual action is required for this update to take effect. Refer to the Solution section for details.

1.69.2. RHSA-2011:0461: Important jboss-seam2 security update

Updated jboss-seam2 packages that fix one security issue are now available for JBoss Enterprise Application Platform 5.1 for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The JBoss Seam 2 framework is an application framework for building web applications in Java.
It was found that JBoss Seam 2 did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-1484)
Red Hat would like to thank Martin Kouba from IT SYSTEMS a.s. for reporting this issue.
Users of jboss-seam2 should upgrade to these updated packages, which correct this issue. The JBoss server process must be restarted for this update to take effect.

1.69.3. RHSA-2011:0460: Important jboss-seam2 security update

Updated jboss-seam2 packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The JBoss Seam 2 framework is an application framework for building web applications in Java.
It was found that JBoss Seam 2 did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-1484)
Red Hat would like to thank Martin Kouba from IT SYSTEMS a.s. for reporting this issue.
Users of jboss-seam2 should upgrade to these updated packages, which correct this issue. The JBoss server process must be restarted for this update to take effect.

1.70. jbossweb

1.70.1. RHSA-2011:0211: Important jbossweb security update

Updated jbossweb packages that fix one security issue are now available for JBoss Enterprise Web Platform 5 for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
JBoss Web Server is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause JBoss Web Server to hang via a specially-crafted HTTP request. (CVE-2010-4476)
Users of JBoss Web Server should upgrade to these updated packages, which contain a backported patch to correct this issue. The JBoss server process must be restarted for this update to take effect.

1.70.2. RHSA-2011:0210: Important jbossweb security update

Updated jbossweb packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.2, 4.3, and 5.1, for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
JBoss Web Server is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause JBoss Web Server to hang via a specially-crafted HTTP request. (CVE-2010-4476)
Users of JBoss Web Server should upgrade to these updated packages, which contain a backported patch to correct this issue. The JBoss server process must be restarted for this update to take effect.

1.71. jwhois

1.71.1. RHEA-2011:0419: jwhois enhancement update

An updated jwhois package that adds one enhancement is now available for Red Hat Enterprise Linux 5.
The jwhois package provides a whois client which is used to obtain information about domain names and IP addresses from whois servers.
This update adds the following enhancement:
* Previously, jwhois did not contain the whois server details for the dotEmarat extension. Due to this issue, whois queries for these extensions were incorrectly directed to whois.internic.net. With this update, the configuration file correctly directs queries for the dotEmarat domains to whois.aeda.net.ae. (BZ#663972)
All users of whois clients are advised to upgrade to this updated package which adds this enhancement.

1.72. kdebase

1.72.1. RHBA-2011:0501: kdebase bug fix update

An updated kdebase package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase package includes core applications for the K Desktop Environment.
This update fixes the following bugs:
* Due to incorrect handling of transient groups, closing a dialog box of a Java application could cause the KWin window manager to terminate unexpectedly. This update applies an upstream patch that corrects this error, and KWin no longer crashes when a Java dialog box is closed. (BZ#501483)
* Prior to this update, a race condition in the KWin window manager could cause it to ignore configure requests. Consequent to this, Motif-based applications may have been occasionally displayed with an incorrect window size. With this update, the underlying source code has been adapted to ensure the configure requests are received, and Motif applications are now always displayed with a correct window size. (BZ#561844)
* When a user's password expires, the KDM login manager displays a dialog box that forces the user to change the password upon the next login. Previously, canceling this dialog box caused KDM to stop responding. With this update, the "Cancel" button has been removed from the dialog box, resolving this issue. (BZ#579707)
* Previously, selecting the "Save History As..." option from the "Edit" menu after clearing the history could cause the Konsole terminal emulator to terminate unexpectedly with a segmentation fault. This update ensures that a correct variable is used to access the current session, and selecting the "Save History As..." menu option no longer causes Konsole to crash. (BZ#580485)
* On a system with dual screens enabled, selecting the "Cascade" window placement option in the KDE Control Center and opening a new window on the second screen could cause KWin to consider the new window off screen, and thus change the window placement back to "Smart". This update corrects the window placement algorithm to take into account the position of the screens, so that the "Cascade" window placement now works on both screens. (BZ#584822)
* Due to an error in the RPM spec file, when the lm_sensors-devel package was installed, the support for lm_sensors was automatically enabled on all architectures. However, the lm_sensors packages are only built for the x86 architectures, and an attempt to rebuild the kdebase package on the Itanium architecture failed. This update corrects the spec file to enable the lm_sensors support only on x86 architectures, so that the kdebase package can now be rebuilt successfully on all supported architectures. (BZ#638849)
All users of kdebase are advised to upgrade to this updated package, which fixes these bugs.

1.73. kdenetwork

1.73.1. RHBA-2011:0913: kdenetwork bug fix update

An updated kdenetwork package that fixes a bug is now available for Red Hat Enterprise Linux 5.
The kdenetwork package provides a collection of networking applications for the K Desktop Environment (KDE).
This update fixes the following bug:
* Previously, the krfb utility providing a remote desktop in KDE terminated unexpectedly when it disconnected from a remote VNC client. With this update, a patch has been provided, and krfb no longer crashes in the described scenario. (BZ#715389)
All users of kdenetwork are advised to upgrade to this updated package, which fixes this bug.

1.74. kernel

1.74.1. RHSA-2012:0007: Important: kernel security, bug fix, and enhancement update

Important

This update has already been released as the security errata RHSA-2012:0007.
Updated kernel packages that fix multiple security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4077, Important)
The fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux 5. (CVE-2011-4348, Important)
The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate)
A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate)
A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)
A flaw was found in the Linux kernel's encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod(). (CVE-2011-4324, Moderate)
A flaw was found in the Linux kernel's NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate)
A missing boundary check was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4330, Moderate)
Red Hat would like to thank Kees Cook for reporting CVE-2011-1020, and Clement Lecigne for reporting CVE-2011-4330.

Bug fixes:

BZ#741877
The Intel i350 Gigabit Network adapters failed to pass traffic in SR-IOV (Single Root I/O Virtualization) mode because multiple RX queues were being used, which the hardware does not support in this mode. With this update, the number of RX queues is now limited to one if SR-IOV gets enabled.
BZ#752735
Previously, link power down could not be used. The code for it was already in place but was disabled. With this update, link power down has been enabled in the code and works as expected.
BZ#755482
In some cases, a client skipped issuing a COMMIT call to the server when it determined that it will need to do another such call in the near future. Consequently, the NFS code failed to re-mark the inode as dirty, and the VFS file system failed to issue the call on the next pass. The inode had pages that needed to be cleaned but the inode itself was not marked as dirty. The kdump tuned writeback thresholds to a very low value in order to keep the page cache small. In this environment, the above bug often caused the client to become unresponsive when writing out the vmcore file. With this update, an upstream patch has been provided to address this issue and the hangs no longer occur.
BZ#759387
The IDE error handling code uses the IDE interrupt handler and the general interrupt handler. This could lead to the erroneous execution of kexec/kdump code that was intended to only run at boot time. As a result, the asserted IDE IRQ line would be cleared without the interrupt being handled, which in turn caused the system to become unresponsive during the shut down of the kexec/kdump kernel. To fix this bug, a new test for the IRQ status, which should be IRQ_DISABLED, has been introduced to ensure that the code introduced for the kexec/kdump kernel only executes at boot time.
BZ#750460
When the SMP (Symmetric Multi Processing) kernel ran the crash_kexec() function, the local Advanced Programmable Interrupt Controllers (APICs) could have pending interrupt requests (IRQs) in their vector tables. If there was more than one pending IRQ within the same 32-bit word in the Local APIC (LAPIC) vector table registers, the I/O APIC subsystem would enter setup with pending interrupts left in the LAPIC, causing various degrees of malfunctioning depending on the stuck interrupt vector. This update adds the MAX_LOOPS parameter to limit number of iterations and to provide enough time for the pending IRQs to be cleared if the loop was to lock-up for whatever reason, thus fixing this bug.
BZ#766803
Previously, the domain_update_iommu_coherency() function set domains, by default, as coherent when the domain was not attached to any input/output memory management units (IOMMUs). Consequently, such a domain could update context entries non-coherently via the domain_context_mapping_one() function. To resolve this issue, domain_update_iommu_coherency() has been updated to use the safer default value and domains not attached to any IOMMU are now set as non-coherent.
BZ#746343
If management firmware is present and a device is down, the firmware assumes control of the phy register. Previously, phy access was allowed from the host and it collided with firmware phy accesses, resulting in unpredictable behavior such as BMC (Baseboard Management Controller) LAN link being lost over time. With this update, the bug is fixed in the tg3 driver by only allowing phy accesses while the driver has control of the device.
BZ#744147
In certain circumstances, the evdev_pass_event() function with a spinlock attached was interrupted and called again, eventually resulting in a deadlock. A patch has been provided to address this issue by disabling interrupts when the spinlock is obtained. This prevents the deadlock from occurring.
BZ#750458
The unsolicited frame control infrastructure requires a table of DMA addresses for the hardware to look up the frame buffer location by an index. The hardware expects the elements of this table to be 64-bit quantities. Previously, the dma_addr_t parameter was wrongly used to reference these elements. Consequently, all unsolicited frame protocols were affected, particularly SATA-PIO and SMP, which prevented direct-attached SATA drives and expander-attached drives from being discovered. A patch has been provided to address this issue and SATA drives are now recognized correctly on 32-bit platforms.
BZ#755483
A previous patch introduced with BZ#732775 had the following unintended consequence: if no poll method was defined for files in the /proc/ directory, processes could become unresponsive while they were reading files from this directory. This update restores the default poll behaviour for files in /proc/ that do not have any poll method defined, thus fixing this bug.
Note that procfs files are not real files and unless they may specifically produce more data after a time (such as /proc/kmsg), they should not be polled for more data as some of them cannot be polled for reading. For the most part, all the data they can produce are instantly available.
BZ#754129
When directories mounted on a server are rearranged, they may then nest in a different order and clients may become unable to see or reassign the directories properly. Previously, the __d_unalias() and __d_materialise_dentry() functions did not provide loop prevention. As a consequence, NFS threads sometimes became unresponsive upon encountering a loop in the dentry tree. To fix this bug, this update adds additional loop checks and if a process tries to access a dentry that would otherwise cause the kernel to complete the loop, the ELOOP error code is returned and a message is logged.

Enhancements:

BZ#758024
With this update, the latest cciss driver has been provided, which adds support for new HP Smart Array controllers.
Users should upgrade to these updated packages, which contain backported patches to fix these issues and add this enhancement. The system must be rebooted for this update to take effect.

1.74.2. RHSA-2011:1479: Important: kernel security, bug fix, and enhancement update

Important

This update has already been released as the security errata RHSA-2011:1479.
Updated kernel packages that fix multiple security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)
A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate)
A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate)
A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low)
A NULL pointer dereference flaw was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains a specially-crafted HFS file system with a corrupted MDB extent record. (CVE-2011-2203, Low)
The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low)
Red Hat would like to thank Yogesh Sharma for reporting CVE-2011-3363; Peter Huewe for reporting CVE-2011-1162; Clement Lecigne for reporting CVE-2011-2203; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.

Bug fixes:

BZ#749459
Previously, when the iput() function was called while it held the nfs_access_lru lock could result in problems since iput() can sleep, and it can also attempt to allocate memory. This update removes an optimisation that is not present in the mainline kernel series. Now, iput() is never called while holding a spinlock in the nfs_access_cache_shrinker() function, thus preventing this bug.
BZ#750848
Under certain circumstances, a deadlock could occur between the khubd process of the USB stack and the modprobe of the usb-storage module. This was because the khubd process, when attempting to delete a USB device, waited for the reference count of knode_bus to be of value 0. However, modprobe, when loading the usb-storage module, scans all USB devices and increments the reference count, preventing the khubd process from continuing. With this update, the underlying source code has been modified to address this issue, and a deadlock no longer occurs in the described scenario.
BZ#745726
A previously applied patch (introduced as a fix in CVE-2011-1898) prevented PCI pass-through inside the assign_device domctl via a security check. Because the security check was not included in the test_assign_device domctl, qemu-dm could not handle any failures in the test_assign_device domctl, ultimately causing an HVM guest to have a partly accessible PCI device, which in come cases resulted in a crash of the host machine. With this update, the security check introduced in CVE-2011-1898 has been replicated in the test_assign_device domctl, thus fixing this issue.
BZ#741273
In error recovery, most SCSI error recovery stages send a TUR (Test Unit Ready) command for every bad command when a driver error handler reports success. When several bad commands pointed to a same device, the device was probed multiple times. When the device was in a state where it did not respond to commands even after a recovery function returned success, the error handler had to wait for the commands to time out. This significantly impeded the recovery process. With this update, SCSI mid-layer error routines to send test commands have been fixed to respond once per device instead of once per bad command, thus reducing error recovery time considerably.
BZ#750451
When an INIT_ACK packet is sent with no STATE COOKIE mandatory parameter, the expected abort error cause is Mandatory Parameter missing. Previously, the Invalid mandatory parameter error cause was given instead. With this update, a bug in the sctp_process_missing_param() function has been fixed and now, correct error cause value for missing parameters is set in the described scenario.
BZ#750457
When a COOKIE_ACK message with a packet length smaller then the chunk length defined was received, SCTP (Stream Control Transmission Protocol) sent an ABORT message with incorrectly encoded PROTOCOL VIOLATION error cause. With this update, the underlying code has been fixed and the ABORT message is now encoded properly in the described scenario.
BZ#750842
Due to a regression, the byte count on the wrong buffer was adjusted to account for endian differences. This resulted in the wrong buffer length being passed to the callers on big endian machines, which in turn resulted in data returned from the server being incorrectly rejected with "Invalid transact2 SMB: " error messages. This bug was first reported on the 64-bit PowerPC architecture. With this update, the correct buffer length is now passed in the described scenario.
BZ#750841
Previously, if a connect change occurs on a USB device, it is reported the same way as a disconnect. As a consequence, the "hub 1-1.6:1.0: Cannot enable port X. Maybe the USB cable is bad?" were issued by the dmesg utility when a low speed USB device was connected to port X. With this update, the port reset code in the hub driver has been changed, code of the usb_reset_device() function has been fixed to prevent the routine from futilely retrying the reset after a disconnect has occurred, and no error messages are now returned in the described scenario.
BZ#744700
The operational state of a network device, represented by the value in /sys/class/net/eth<X>/operstate, was not initialized by default and reported unknown when the network device was up and was using the tg3 driver. This update fixes the tg3 driver to properly set the operstate value.
BZ#750912
The be2net driver does not use lock-less Tx paths and its xmit() function is protected by the netif_tx_lock spinlock; as are the set_multicast_list() and set_rx_mode() functions. This configuration setup involves sending a message to the card firmware and getting a reply back, which involves delay up to several miliseconds long. As a consequence, the requeue counter increased by high numbers. With this update, the NETIF_F_LLTX feature has been enabled and locking of own Tx paths has been implemented. Now, only small portions of multicast configuration needs to be locked in the described scenario.
BZ#743611
Prior to this update, the ndisc_send_skb() function was using an incorrect macro to increment the ICMP6 statistics. As a result, an out-of-bound element in an array which resides in the size-128 slab pool was incremented, causing data corruption. If the array was near the end of the slab page, user data corruption could occur. This update fixes the above-mentioned function to use the correct macro for incrementing the ICMP6 statistics, and data corruption no longer occurs.
BZ#742282
A previously introduced patch reduced the size of the DMA zone under the Xen hypervisor. Consequently, drivers trying to allocate contiguous memory with the dma_alloc_coherent() API often had their requests fail. This resulted in BIOS update failures on some systems with large flash memory. With this update, the zone restriction in dma_alloc_coherent() is relaxed, thus fixing this issue.
BZ#747872
When the hangcheck timer expires and tries to reboot the machine, it stops all other CPUs in the configuration. However, the CPU that stops the other CPUs is still enabled for interrupts. Consequently, I/O or external interrupts might arrive at the local CPU and the corresponding interrupt handler might try to acquire a lock. Previously, if a remote CPU was holding the lock while the local CPU stopped it, the result was a deadlock. The system became unresponsive instead of performing a reboot. With this update, interrupts are disabled before stopping remote CPUs and the hangs no longer occur in the described scenario.
BZ#747876
On IBM System z, if a Linux instance with large amounts of anonymous memory runs into a memory shortage the first time, all pages on the active or inactive lists are considered referenced. This causes the memory management on IBM System z to do a full check over all page cache pages and start writeback for all of them. As a consequence, the system became temporarily unresponsive when the described situation occurred. With this update, only pages with active mappers are checked and the page scan now does not cause the hangs.
BZ#750477
Previously, kernel was allowed to reduce the number of unnecessary commit calls by skipping the commit when there was a large number of outstanding pages being written. However, that test did not properly handle the edge case when the number of commits (ncommit) was zero. Consequently, inodes sometimes remained on the sb->s_dirty list and could not be freed by the inode cache shrinker. As a result, the nfs_inode_cache structure grew very large over time. With this update, the call to the nfs_write_inode() function is immediately returned when commit == 0, thus fixing this bug.
BZ#750508
A previous kernel patch removed a call in the nfs_file_release() function to the filemap_fdatawrite() function. Consequently, data written to a NFS file, which had been mapped into memory via the mmap() function and not yet flushed to the backing device, were lost as soon as the file was closed. This update adds the filemap_fdatawrite() call back to the nfs_file_flush() function, which fixes this regression.
BZ#746600
The Xen network back-end driver was supposed to turn on all of its possible features until it negotiated with the front-end. However, after the negotiation, it did not disable the features declined by the front-end. This caused Windows guest using the xenpv-win network driver to not be able to transmit data to the host over TCP. This update properly disables the features which are not supported by the front-end.

Enhancement

BZ#743806
This update improves the performance of delete/unlink operations in a GFS2 file system containing large files by adding a layer of metadata read-ahead for indirect blocks.
Users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect.

1.74.3. RHSA-2011:1212: Important: kernel security and bug fix update

Important

This update has already been released as the security errata RHSA-2011:1212.
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important)
A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)
Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)
A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)
An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems. A privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2901, Moderate)
/proc/<PID>/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)
Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.

Bug fixes:

BZ#719746
Prior to this update, a race condition in TIPC's (Transparent Inter-process Communication) recv_msg function caused kernel panic. This update modifies TIPC's socket locking logic, and kernel panic no longer occurs.
BZ#722855
The RHSA-2009:1243 update introduced a regression in the way file locking on NFS (Network File System) was handled. This caused applications to hang if they made a lock request on a file on an NFS version 2 or 3 file system that was mounted with the sec=krb5 option. With this update, the original behavior of using mixed RPC authentication flavors for NFS and locking requests has been restored.
BZ#726625
An incorrect call to the nfs4_drop_state_owner function caused the NFSv4 state reclaimer thread to be stuck in an infinite loop while holding the Big Kernel Lock (BKL). With this update, the aforementioned call has been removed, thus, fixing this issue.
BZ#728163
Certain systems do not correctly set the ACPI FADT APIC mode bit. They set the bit to "cluster" mode instead of "physical" mode which caused these systems to boot without the TSC. With this update, the ACPI FADT check has been removed due to its unreliability, thus, fixing this issue.
BZ#712885
A bug was found in the way the x86_emulate() function handled the IMUL instruction in the Xen hypervisor. On systems without support for hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug could cause fully-virtualized guests to crash or lead to silent memory corruption. In reported cases, this issue occurred when booting fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups enabled on a Red Hat Enterprise Linux 5.7 host.
BZ#727592
The fix provided in CVE-2010-3432 information in sctp_packet_config(), which is called before appending data chunks to a packet, was no longer reset, ultimately causing performance issues. With this update, packet information is reset after a packet transmit, thus, fixing the aforementioned performance issues.
BZ#721300
Prior to this update, an attempt to use the vfree() function on a vmalloc()'ed area could result in a memory leak. With this update, the underlying source code has been modified to address this issue, and a memory leak no longer occurs.
BZ#727590
A problem with the XFS dio error handling was discovered. If a misaligned write I/O operation was issued, XFS would return -EINVAL without unlocking the inode's mutex. This caused any further operations on the inode to become unresponsive. This update adds a missing mutex_unlock operation to the dio error path, solving this issue.
BZ#726619
Older versions of be2net cards firmware may not recognize certain commands and return illegal/unsupported errors, causing confusing error messages to appear in the logs. With this update, the driver handles these errors gracefully and does not log them.
BZ#723552
This patch fixes the inability of the be2net driver to work in a kdump environment. It clears an interrupt bit (in the card) that may be set while the driver is probed by the kdump kernel after a crash.
BZ#726628
When a block device object was allocated, the bd_super field was not being explicitly initialized to NULL. Previous users of the block device object may have set the bd_super field to NULL when the object is released by calling the kill_block_super() function. Some third party file systems do not always use this function and as a result the bd_super field could have become uninitialized when the object was allocated again. This could cause a kernel panic in the blkdev_releasepage() function when the uninitialised bd_super field was dereferenced. With this update, the bd_super field is properly initialized in the bdget function, and kernel panic no longer occurs.
BZ#727835
Under some circumstances, error reports within the XFS file system could dereference a NULL pointer cause kernel panic. This update fixes the NULL pointer dereference, and kernel panic no longer occurs
BZ#719930
This update makes the size of the three DLM hash tables consistent: 1024 entries with a Red Hat Enterprise Linux 5-specific change to allocate the tables using vmalloc allowing a higher maximum size that can be allocated for these tables. This results in improved DLM/GFS performance when there are many locks being held (that is, many GFS files being used).
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix these bugs. The system must be rebooted for this update to take effect.

1.74.4. RHSA-2011:1065: Important Red Hat Enterprise Linux 5.7 kernel security and bug fix update

Important

This update has already been released as the security errata RHSA-2011:1065.
Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)
A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)
A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note: Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)

Bug Fixes:

BZ#704735
The be2iscsi driver passed a local variable in the request_irq function which lead to corruption in /proc/interrupts. All data in /proc/interrupts was correct except the device names. This update fixes the incorrect devices names in /proc/interrupts.
BZ#660871
Calling the mptctl_fasync() function to enable async notification caused the fasync_struct data structure, which was allocated, to never be freed. fasync_struct remained on the event list of the mptctl module even after a file was closed and released. After the file was closed, fasync_struct had an invalid file pointer which was dereferenced when the mptctl module called the kill_fasync() function to report any events. The use of the invalid file pointer could result in a deadlock on the system because the send_sigio() function tried to acquire the rwlock in the f_owner field of the previously closed file. With this update, a release callback function has been added for the file operations in the mptctl module. fasync_struct is now properly freed when a file is closed, no longer causing a deadlock.
BZ#665427
If an error occurred during I/O, the SCSI driver reset the megaraid_sas controller to restore it to normal state. However, on Red Hat Enterprise Linux 5, the waiting time to allow a full reset completion for the megaraid_sas controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset.
BZ#695493
On a Red Hat Enterprise Linux 5.7 system, it is advisable to update the firmware of the HP ProLiant Generation 6 (G6) controller's firmware to version 5.02 or later. Once the firmware is successfully updates, reboot the system and kdump will work as expected.
HP G6 controllers include: P410i, P411, P212, P712, and P812.
In addition, kdump may fail when using the HP Smart Array 5i Controller on a Red Hat Enterprise Linux 5.7 system.
BZ#696153
Under certain circumstances, a command could have been left unprocessed when using either the cciss or hpsa driver because the HP Smart Array controller considered those commands to be completed when, in fact, they were still waiting in the completion queue. This could have caused the file system to become read-only or panic, and the whole system to become unstable. This update adds an extra read operation to both the cciss and hpsa drivers, with the result that commands in the completion queue are properly processed.
BZ#646513
A call to the HP_GETHOSTINFO ioctl (I/O Control) in the mptctl module could result in the MPT (Message Passing Technology) fusion driver being reset due to erroneous detection of completed ioctl commands. With this update, the message context sent to the mptctl module is stored (previously, it was zeroed). When an ioctl command completes, the saved message context is used to recognize the completion of the message, thus resolving the faulty detection.
BZ#664592
Using the cciss driver, when a TUR (Test Unit Ready) was executed, the rq->bio pointer in the blk_rq_bytes function was of value null, which resulted in a null pointer dereference, and, consequently, kernel panic occurred. With this update, the rq->bio pointer is used only when the blk_fs_request(rq) condition is true; thus, kernel panic no longer occurs.
BZ#706244
Using the megaraid_sas driver, if a user configured 2 logical disks on a RAID volume whose disks are larger than 2 TB, with the start of the second logical disk after the 2 TB mark, and FastPath was enabled, FastPath read operations to the second logical disk were read from the incorrect location on disk. However, write operations were not affected and were always directed to the correct disk location. With this update, the driver detects if LBA > 0xffffffff & cdb_len < 16, then converts the cdb from the OS to a 16 byte CDB, before firing it as a FastPath I/O, fixing this issue.
BZ#656032
Due to incorrect ordering of glocks, a deadlock could occur in the code which reclaims unlinked inodes when multiple nodes were trying to deallocate the same unlinked inode. This update resolves the lock ordering issue, and unlinked inodes are now properly deallocated under all circumstances.
BZ#669527
The bnx2i driver could cause a system crash on IBM POWER7 systems. The driver's page tables were not set up properly on Big Endian machines, causing extended error handling (EEH) errors on PowerPC machines. With this update, the page tables are properly set up, and a system crash no longer occurs in the aforementioned case.
BZ#700203, BZ#673616
VDSO (Virtual Dynamically-linked Shared Object) kernel variables must be exported in vextern.h, otherwise they end up as undefined pointers. When calling the VDSO gettimeofday() function in Red Hat Enterprise Linux 5, a missing declaration lead to a segmentation fault. With this update, the sysctl_vsyscall system call is properly exported, and segmentation faults no longer occur.
BZ#660661
Due to an off-by-one error, gfs2_grow failed to take the very last rgrp parameter into account when adding up the new free space. With this update, the GFS2 kernel properly counts all the new resource groups and fixes the statfs file correctly.
BZ#683155
GFS2 (Global File System 2) keeps track of the list of resource groups to allow better performance when allocating blocks. Previously, when the user created a large file in GFS2, GFS2 could have run out of allocation space because it was confined to the recently-used resource groups. With this update, GFS2 uses the MRU (Most Recently Used) list instead of the list of the recently-used resource groups. The MRU list allows GFS2 to use all available resource groups and if a large span of blocks is in use, GFS2 uses allocation blocks of another resource group.
BZ#690555
Multiple GFS2 nodes attempted to unlink, rename, or manipulate files at the same time, causing various forms of file system corruption, panics, and withdraws. This update adds multiple checks for dinode's i_nlink value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.
BZ#694669
Prior to this update, a race in the GFS2 glock state machine could cause nodes to become unresponsive. Specifically, all nodes but one would hang, waiting for a particular glock. All the waiting nodes had the W (Waiting) bit set. The remaining node had the glock in the Exclusive Mode (EX) with no holder records. The race was caused by the Pending Demote bit, which could be set and then immediately reset by another process. With this update, the Pending Demote bit is properly handled, and GFS2 nodes no longer hang.
BZ#691460
Certain IBM storage arrays, such as the IBM 1745 and 1746, could have stopped responding or failed to load the device list of the scsi_dh_rdac kernel module. This occurred because the scsi_dh_rdac device list did not contain these storage arrays. With this update, the arrays have been added to the list, and they are now detected and operate as expected.
BZ#665197
Prior to this update, the following message was displayed when booting a Red Hat Enterprise Linux 5 system on a virtual guest:
WARNING calibrate_APIC_clock: the APIC timer calibration may be wrong.
This was due to the MAX_DIFFERENCE parameter value (in the APIC calibration loop) of 1000 cycles being too aggressive for virtual guests. APIC (Advanced Programmable Interrupt Controllers) and TSC (Time Stamp Counter) reads normally take longer than 1000 cycles when performed from inside a virtual guest, due to processors being scheduled away from and then back onto the guest. With this update, the MAX_DIFFERENCE parameter value has been increased to 10,000 for virtual guests.
BZ#675727
Prior to this update, a segmentation fault occurred when an application called VDSO's gettimeofday() function due to erroneous exporting of the wall_to_monotonic construct. With this update, the wall_to_monotonic construct is correctly exported, and a crash no longer occurs.
BZ#675793
A cpu mask that is being waited on after an IPI call was not the same cpu mask that was being passed into the IPI call function. This could result in not up-to-date values being stored in the cache. The loop in the flush_tlb_others() function waited for the cpu mask to be cleared, however, that cpu mask could have been incorrect. As a result, the system could become unresponsive. With this update, the cpu mask being waited on is the same cpu mask used in the IPI call function, and the system no longer hangs.
BZ#659594
A bug was discovered in the bonding driver that occurred when using netpoll and changing, adding or removing slaves from a bond. The misuse of a per-cpu flag in the bonding driver during these operations at the wrong time could lead to the detection of an invalid state in the bonding driver, triggering kernel panic. With this update, the use of the aforementioned per-cpu flag has been corrected and a kernel panic no longer occurs.
BZ#692921
The kdump kernel could fail when handling an IPI (Inter-processor interrupt) that was in-flight as the initial kernel crashed. This was due to an IPI-related data structure within kdump's kernel not being properly initialized, resulting in a dereference of an invalid pointer. This update addresses this issue, and the kdump kernel no longer fails upon encountering an in-flight IPI.
BZ#669961
For a device that used a Target Portal Group (TPG) ID which occupied the full 2 bytes in the RTPG (Report Target Port Groups) response (with either byte exceeding the maximum value that may be stored in a signed char), the kernel's calculated TPG ID would never match the group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the AAS (Asymmetric Access State) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.
BZ#673058
A race could occur when an internal multipath structure (pgpath) was freed before it was used to signal the path group initialization was complete (via pg_init_done). This update includes a number of fixes that address this issue. multipath is now increasingly robust when multipathd restarts are combined with I/O operations to multipath devices and storage failures.
BZ#680561
The event device (evdev) failed to lock data structures when adding or removing input devices. As a result, kernel panic occurred in the evdev_release function during a system restart. With this update, locking of data structures works as expected, and kernel panic no longer occurs.
BZ#670373
Prior to this update, kernel panic occurred in the kfree() due to a race condition in the acpi_bus_receive_event() function. The acpi_bus_receive_event() function left the acpi_bus_event_list list attribute unlocked between checking it whether it was empty and calling the kfree() function on it. With this update, a check was added after the lock has been lifted in order to prevent the race and the calling of the kfree() function on an empty list.
BZ#677703
Running a reboot test on an iSCSI root host resulted in kernel panic. When the iscsi_tcp module is destroying a connection it grabs the sk_callback_lock and clears the sk_user_data/conn pointer to signal that the callback functions should not execute the operation. However, some functions were not grabbing the lock, causing a NULL pointer kernel panic when iscsi_sw_tcp_conn_restore_callbacks was called and, consequently, one of the callbacks was called. With this update, the underlying source code has been modified to address this issue, and kernel panic no longer occurs.
BZ#664931
Prior to this update, a multi-threaded application, which invoked popen(3) internally, could cause a thread stall by FILE lock corruption. The application program waited for a FILE lock in glibc, but the lock seemed to be corrupted, which was caused by a race condition in the COW (Copy On Write) logic. With this update, the race condition was corrected and FILE lock corruption no longer occurs.
BZ#667673
The ext4 file system could end up corrupted after a power failure occurred even when file system barriers and local write cache was enabled. This was due to faulty barrier flag setting in WRITE_SYNC requests. With this update, this issue has been fixed, and ext4 file system corruption no longer occurs.
BZ#627496
When selecting a new window, the tcp_select_window() function tried not to shrink the offered window by using the maximum of the remaining offered window size and the newly calculated window size. The newly calculated window size was always a multiple of the window scaling factor, however, the remaining window size was not since it depended on rcv_wup/rcv_nxt. As a result, a window was shrunk when it was scaled down. With this update, aligning the remaining window to the window scaling factor assures a window is no longer shrunk.
BZ#695369
Configuring a network bridge with no STP (Spanning Tree Protocol) and a 0 forwarding delay could result in the flooding of all packets on the link for 20 seconds due to various issues in the source code. With this update, the underlying source code has been modified to address this issue, and a traffic flood on the network bridge no longer occurs.
BZ#646816
Prior to this update, the /proc/diskstats file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.
BZ#643441
If an application opened a file with the O_DIRECT flag on an NFS client and performed write operations on it of size equal to wsize (size of the blocks of data passed between the client and the server), the NFS client sent two RPCs (Remote Procedure Calls) when only one RPC needed to be send. Write operations of size smaller than wsize worked as expected. With this update, write operations of size equal to wsize now work as expected and no longer cause the NFS client to send out unnecessary RPCs.
BZ#653286
Under certain circumstances, a crash in the kernel could occur due to a race condition in the lockd_down function, which did not wait for the lockd process to come down. With this update, the lockd_down function has been fixed, and the kernel no longer crashes.
BZ#671595
Prior to this update, the be2net driver failed to work with bonding, causing flapping errors (the interface switches between states up and down) in the active interface. This was due to the fact that the netdev->trans_start pointer in the be_xmit function was not updated. With this update, the aforementioned pointer has been properly updated and flapping errors no longer occur.
BZ#664705, BZ#664707
For certain NICs, the operstate state (stored in, for example, the /sys/class/net/eth0/operstate file) was showing the unknown state even though the NIC was working properly. This was due to the fact that at the end of a probe operation, the netif_carrier_off was not being called. With this update, the netif_carrier_off is properly called after a probe operation, and the operstate state now correctly displays the operational state of an NIC.
BZ#506630
RHEL5.7 has introduced the new multicast snooping feature for virt bridge. The feature is disabled by default in order to not break any existing configurations. To enable the feature, please set the tunnable parameter below to 1:
/sys/class/net/breth0/bridge/multicast_snooping
Please also note that with multicast snooping enabled, it may caused a regression with some switches where it causes a break in the multicast forwarding for some peers.
BZ#661110
Outgoing packets were not fragmented after receiving the icmpv6 pkt-too-big message when using the IPSecv6 tunnel mode. This was due to the lack of IPv6 fragmentation support over an IPsec tunnel. With this update, IPv6 fragmentation is fully supported and works as expected when using the IPSecv6 tunnel mode.
BZ#667234
The fix introduced with BZ#560013 added a check for detection of the northbridge device into the amd_fixup_dcm() function to make Red Hat Enterprise Linux 5 guests boot on a 5.4.z Xen hypervisor. However, the added check caused a kernel panic due to missing multi-node CPU topology detection on AMD CPU family 0x15 systems. To preserve backwards compatibility, the check has not been removed but is triggered only on AMD Family 15h systems (code-named "Magny-Cours"). AMD family 0x15 systems do not require the aforementioned check because they are not supported as 5.4 Xen Hypervisor hosts. For Xen Hypervisor 5.5, this issue has been fixed, which makes the check obsolete.
BZ#675258
Booting a Red Hat Enterprise Linux 5.4 or later kernel failed (the system became unresponsive) due to the zeroing out of extra bytes of memory of the reset vector. The reset vector is comprised of two 16-bit registers (high and low). Instead of zeroing out 32-bits, the kernel was zeroing out 64-bits. On some machines this overwritten memory was used during the boot process, resulting in a hang. With this update, the long data type has been changed to the unsigned 32-bit data type; thus, resolving the issue. The Red Hat Enterprise Linux 5.4 and later kernel now boot as expected on the machines affected by this bug.
BZ#678074
Setting the capture levels on the Line-In capture channel when using an ARX USB I/O sound card for recording and playback did not work properly. The set values were not persistent. With this update, the capture values are now cached in the usb-audio driver leaving the set capture levels unchanged.
BZ#688926
This update fixes a bug in the way isochronous input data was returned to user space for usbfs (USB File System) transfers, resolving various audio issues.
BZ#645431
The Red Hat Enterprise Linux kernel can now be tainted with a tech preview status. If a kernel module causes the tainted status, then running the command cat /proc/modules will display a (T) next to any module that is tainting the kernel.
For more information about Technology Previews, refer to:
Important: Running a kernel with the tainted flag set may limit the amount of support that Red Hat can provide for the system.
BZ#525898
Previously, paravirtualized Xen guests allocated all low memory (all memory for 64-bit) to ZONE_DMA, rather than using ZONE_DMA32 and ZONE_NORMAL. The guest kernels now use all three zones the same way natively running kernels do.
BZ#651512
While bringing down an interface, the e1000 driver failed to properly handle IRQs (Interrupt Requests), resulting in the reception of the following messages:
irq NN: nobody cared...
With this update, the driver's down flag is set later in the process of bringing down an interface, specifically, after all timers have exited, preventing the IRQ handler from being called and exiting early without handling the IRQ.
BZ#651837
By default, libsas defines a wideport based on the attached SAS address, rather than the specification compliant strict definition of also considering the local SAS address. In Red Hat Enterprise Linux 5.7, only the default loose definition is available. The implication is that if an OEM configures an SCU controller to advertise different SAS addresses per PHY, but hooks up a wide target or an expander to those PHYs, libsas will only create one port. The expectation, in the strict case, is that this would result in a single controller multipath configuration.
It is not possible to use a single controller multipath without the strict_wide_port functionality. Multi-controller multipath should behave as a expected.
A x8 multipath configuration through a single expander can still be obtained under the following conditions:
  1. Start with an SCU SKU that exposes (2) x4 controllers (total of 8 PHYs)
  2. Assign sas_address1 to all the PHYs on controller1
  3. Assign sas_address2 to all the PHYs on controller2
  4. Hook up the expander across all 8 PHYs
  5. Configure multipath across the two controller instances
It is critical for controller1 to have a distinct address from controller2, otherwise the expander will be unable to correctly route connection requests to the proper initiator.
BZ#673242
Previously, on VMware, the time ran too fast on virtual machines with more than 4GHz TSC (Time Step Counter) processor frequency if they were using PIT/TSC based timekeeping. This was due to a calculation bug in the get_hypervisor_cycles_per_sec function. This update fixes the calculation, and timekeeping works correctly for such virtual machines.
BZ#661478
A formerly introduced patch that provided extended PCI config space access on AMD systems caused the lpfc driver to fail when it tried to initialize hardware. On kernel-xen, Hypervisor trapped the aforementioned accesses and truncated them, causing the lpfc driver to fail to initialize hardware. Note that this issue was only observed when using the lpfc driver with the following parameters: Vendor_ID=0x10df, Device_ID=0xf0e5. With this update, the part of the patch related to kernel-xen that was causing the failures was removed and the lpfc driver now works as expected.
BZ#698879
Hot removing a PCIe device and, consequently, hot plugging it again caused kernel panic. This was due to a PCI resource for the SR-IOV Virtual Function (vf) not being released after the hot removing, causing the memory area in the pci_dev struct to be used by another process. With this update, when a PCIe device is removed from a system, all resources are properly released; kernel panic no longer occurs.
BZ#672368, BZ#695490
In a four node cluster environment, a deadlock could occur on machines in the cluster when the nodes accessed a GFS2 file system. This resulted in memory fragmentation which caused the number of network packet fragments in requests to exceed the network hardware limit. The network hardware firmware dropped the network packets exceeding this limit. With this update, the network packet fragmentation was reduced to the limit of the network hardware, no longer causing problems during memory fragmentation.
BZ#674298
Prior to this update, if a CT/ELS pass-through command timed out, the QLogic 8Gb Fibre Channel adapter created a firmware dump. With this update, firmware dumps are no longer created when CT/ELS pass-through requests time out as a firmware dump is not necessary in this case.
BZ#695357
Setting a DASD (Direct Access Storage Device) device offline while another process is trying to open that device caused a race in the dasd_open function. The dasd_open function tried to read a pointer from the private_data field after the structure has already been freed, resulting in a dereference of an invalid pointer. With this update, the aforementioned pointer is now stored in a different structure; thus, preventing the race condition.
BZ#666080
Deleting a file on a GFS2 file system caused the inode, which the deleted file previously occupied, to not be freed. Specifically, this only occurred when a file was deleted on a particular node while other nodes in the cluster were caching that same inode. The mechanism for ensuring that inodes are correctly deallocated when the final close occurs was dependent on a previously corrected bug (BZ#504188 ). In order to ensure that iopen glocks are not cached beyond the lifetime of the inode, and thus prevent deallocation by another inode in the cluster, this update marks the iopen glock as not to be cached during the inode disposal process.
BZ#610093
In some cases the NFS server fails to notify NFSv4 clients about renames and unlinks done by non-NFS users of the server. An application on a client may then be able to open the file at its old location (read old cached data from it and perform read locks on it), long after the file no longer exists at that location on the server. To work around this issue, use NFSv3 instead of NFSv4. Alternatively, turn off support for leases by writing the value 0 to the /proc/sys/fs/leases-enable file (ideally on boot, before the NFS server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance.
BZ#662102
Booting Red Hat Enterprise Linux 5 with the crashkernel=X parameter enabled for the kdump kernel does not always succeed. This is because the kernel may not be able to find a suitable memory range for the crashkernel due to the fragmentation of the physical memory. Similarly, if a user specifies the starting address of the reserved memory, the specified memory range may be occupied by other parts of the kernel (in this case, the initrd, i.e. initial ramdisk). This update adds two debugging kernel parameters (bootmem_debug and ignore_loglevel) which allow to diagnose what causes the crashkernel to not be assigned enough memory.
BZ#698873
In Red Hat Enterprise Linux 5.7 netconsole was enabled to work with software network bridges. This disables previous workaround used by RHEV Manager Agent (VDSM) to use ethernet network interface directly.
Customers wishing to continue using netconsole logging on the RHEL 5.7 nodes registered with RHEV Manager, should modify the /etc/sysconfig/netconsole file and change the line where the DEV variable is set to:
DEV=rhevm
and restart the netconsole service with:
# service netconsole restart
BZ#669909
Prior to this update, a rhev-agent could not be started due to missing a /dev/virtio-ports/ directory. This was due to the fact that the udev utility does not parse the KOBJ_CHANGE event. With this update, the KOBJ_ADD event is invoked instead so that symlinks in /dev/virtio-ports are created when a port name is obtained.
BZ#673459
Using a virtio serial port from an application, filling it until the write command returns -EAGAIN and then executing a select command for the write command caused the select command to not return any values, when using the virtio serial port in a non-blocking mode. When used in a blocking mode, the write command waited until the host indicated it used up the buffers. This was due to the fact that the poll operation waited for the port->waitqueue pointer, however, nothing woke the waitqueue when there was room again in the queue. With this update, the queue is woken via host notifications so that buffers consumed by the host can be reclaimed, the queue freed, and the application write operations may proceed again.
BZ#653236
Prior to this update, a FW/SW semaphore collision could lead to an link establishment failure on an SFP+ (Small Form-factor Pluggable) transceiver module. With this update, the underlying source code has been modified to address this issue, and SFP+ modules work as expected.
BZ#680531
Enabling the Header Splitting mode on all Intel 82599 10 Gigabit Ethernet hardware could lead to unpredictable behavior. With this update, the Header Splitting mode is never enabled on the aforementioned hardware. Additionally, this update fixes VM pool allocation issues based on MAC address filtering, and limits the scope of VF access to promiscuous mode.
BZ#657166
Using an XFS file system, when an I/O error occurred during an intermediate commit on a rolling translation, the xfs_trans_commit() function freed the structure of the transaction and the related ticket. However, the duplicate transaction, which is used when the transaction continues, still contained a pointer to the freed ticket. Therefore, when the second transaction was canceled, the ticked was freed for the second time, causing kernel panic. This update adds reference counting to the ticket to avoid multiple freeing of a ticket when a commit error occurs.
BZ#616125
A spurious BUG_ON() call caused the module_refcount variable to not be always accurate outside of the atomic state within the stop_machine function, observed mainly under heavy network load. This update removed the BUG_ON() call, fixing this issue.
BZ#695197
A previously introduced patch added support for displaying the temperature of application-specific integrated circuits (ASIC). However, a missing increment of the work_counter variable in the be_worker function caused the be_cmd_get_die_temperature function to be called every 1 second (instead of the 32 seconds it should be), and the be_cmd_get_die_temperature function to be called even when it was not supported. This update fixes this issue.
BZ#695168
Prior to this update, the stat.st_blksize parameter was always set to PAGE_CACHE_SIZE, causing performance issues. With this update, the underlying source code has been modified to address this issue, and Red Hat Enterprise Linux 5 systems no longer suffer from performance issues caused by the aforementioned parameter.
BZ#710584
Broken scatterlist handling during command construction caused SMP commands to fail, resulting in the SCU driver not detecting drives behind expanders. This update fixes the SCU driver to detect drives placed behind expanders.
BZ#658012
Kernel panic occurred when a non-maskable interrupt was issued during a forced shutdown of the XFS file system. This was due to a spinlock occurring in various functions. With this update, the spinlocks have been removed, and kernel panic no longer occurs. Additionally, the CONFIG_XFS_DEBUG option is disabled by default on kernel-debug.
BZ#663123
Prior to this update, the /proc/partitions file was not being updated after LUNs were created using the hpacucli utility (which adds, deletes, identifies, and repairs logical and physical disks). This issue has been fixed via the update of the CCISS driver to version 3.6.26-5, as noted in BZ#635143.
BZ#704963
When the ibmvscsi driver reset its CRQ and attempted to re-register the CRQ, it received an H_CLOSED response, indicating that the Virtual I/O Server is not yet ready to receive commands. As a result, the ibmvscsi driver caused the VSCSI adapter to go offline and fail to recover. This update re-enables interrupts so that when the Virtual I/O Server is ready and sends the CRQ initialization request, it is properly received and processed.
BZ#710477
This update ensures that all remote ports are deleted when a Virtual I/O Server fails in a dual Virtual I/O Server multipath configuration, so that a path failover works as expected and the ibmvfc driver no longer becomes unresponsive. For a single path configuration, the remote ports go into a devloss state.
BZ#717742
Installation of HVM guests failed on AMD hosts. This update provides a number of patches which resolve this issue, and HVM guests can be installed on AMD hosts as expected.
BZ#710498
Using iSCSI offload resulted in EEH (Enhanced Error Handling) errors caused by missing programming of the page sizes on systems which do not use the 4K PAGE_SIZE. With this update, the underlying source code has been modified to address this issue, and EEH errors no longer occur when using iSCSI offload.
BZ#700546
File system corruption could occur on a file system with the qla2xxx driver due to missing block I/O back/front segment size setting. This update adds the block I/O back/front segment size setting, resolving this issue.

Enhancements:

BZ#696182, BZ#696182, BZ#707299
The tg3 network driver has been updated to support the Broadcom 5720 Network Interface Controller. Additionally, the tg3 network driver includes a number of fixes to support the Broadcom 5719 Network Interface Controller.
BZ#684842
The mpt2sas driver now allows customer specific display support.
BZ#689047
Support for DMI OEM flags to set pci=bfsort has been added.
BZ#651429
The ipr driver now supports the SAS VRAID capability on the new CRoC-based SAS adapters on IBM POWER7 systems.
BZ#684361
The AHCI driver has been updated to support for SATA RAID on future Intel chipsets.
BZ#570366
The ixgbe driver now provides support for PCIe AER (Advanced Error Reporting).
These updated kernel packages also upgrade a number of kernel device drivers. A list of these updated drivers can be found in the Red Hat Enterprise Linux 5.7 Release Notes.
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.74.5. RHSA-2011:0927: Important kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)
* A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. (CVE-2011-0695, Important)
* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl "net.sctp.addip_enable" variable was turned on (it is off by default). (CVE-2011-1573, Important)
* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)
* An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)
* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)
* An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)
* A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)
* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)
* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)
* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)
* A missing validation check was found in the signals implementation. A local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)
* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially-crafted partition tables. (CVE-2011-1776, Low)
* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)
Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695; Vasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492.
This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements is available in the Red Hat Enterprise Linux 5.6 Technical Notes.
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

1.74.6. RHSA-2011:0833: Important kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)
* Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)
* A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)
* Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)
* A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. A privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate)
* The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)
* A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak. (CVE-2011-1078, Low)
* A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)
* A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low)
* Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)
* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577.
This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements is available in the Red Hat Enterprise Linux 5.6 Technical Notes.
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

1.74.7. RHSA-2011:0429: Important kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* A missing boundary check was found in the dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important)
* An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share. (CVE-2011-1090, Moderate)
* A NULL pointer dereference flaw was found in the Generic Receive Offload (GRO) functionality in the Linux kernel's networking implementation. If both GRO and promiscuous mode were enabled on an interface in a virtual LAN (VLAN), it could result in a denial of service when a malformed VLAN frame is received on that interface. (CVE-2011-1478, Moderate)
* A missing security check in the Linux kernel's implementation of the install_special_mapping() function could allow a local, unprivileged user to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)
* An information leak was found in the Linux kernel's task_show_regs() implementation. On IBM S/390 systems, a local, unprivileged user could use this flaw to read /proc/[PID]/status files, allowing them to discover the CPU register values of processes. (CVE-2011-0710, Low)
* A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partitions. (CVE-2011-1010, Low)
Red Hat would like to thank Ryan Sweat for reporting CVE-2011-1478; Tavis Ormandy for reporting CVE-2010-4346; and Timo Warns for reporting CVE-2011-1010.
This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements is available in the Red Hat Enterprise Linux 5.6 Technical Notes.
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

1.74.8. RHSA-2011:0303: Moderate kernel security and bug fix update

Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* A flaw was found in the Linux kernel's garbage collector for AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service (out-of-memory condition). (CVE-2010-4249, Moderate)
* A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, Moderate)
* A missing initialization flaw was found in the ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low)
Red Hat would like to thank Vegard Nossum for reporting CVE-2010-4249, and Kees Cook for reporting CVE-2010-4655.
This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements is available in the Red Hat Enterprise Linux 5.6 Technical Notes.
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

1.74.9. RHSA-2011:0163: Important kernel security and bug fix update

Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issue:
* A flaw was found in the sctp_icmp_proto_unreachable() function in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-4526, Important)
This update also fixes the following bugs:
* Due to an off-by-one error, gfs2_grow failed to take the very last "rgrp" parameter into account when adding up the new free space. With this update, the GFS2 kernel properly counts all the new resource groups and fixes the "statfs" file correctly. (BZ#666792)
* Prior to this update, a multi-threaded application, which invoked popen(3) internally, could cause a thread stall by FILE lock corruption. The application program waited for a FILE lock in glibc, but the lock seemed to be corrupted, which was caused by a race condition in the COW (Copy On Write) logic. With this update, the race condition was corrected and FILE lock corruption no longer occurs. (BZ#667050)
* If an error occurred during I/O, the SCSI driver reset the "megaraid_sas" controller to restore it to normal state. However, on Red Hat Enterprise Linux 5, the waiting time to allow a full reset completion for the "megaraid_sas" controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset. (BZ#667141)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.74.10. RHSA-2011:1386: Important: kernel security, bug fix, and enhancement update

Important

This update has already been released as the security errata RHSA-2011:1386.
Updated kernel packages that fix multiple security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes

The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)
IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important)
A malicious CIFS (Common Internet File System) server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important)
A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be installed. (CVE-2011-1833, Moderate)
A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)
Mapping expansion handling could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2496, Moderate)
GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)
RHSA-2011:1065 introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate)
A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate)
IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random. (CVE-2011-3188, Moderate)
A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate)
Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate)
A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially-crafted USB device. (CVE-2009-4067, Low)
A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space. (CVE-2011-1160, Low)
A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low)
Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699; Darren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team for reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting CVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath Kotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting CVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833.

Bug Fixes

BZ#739823
A previously applied patch to help clean-up a failed nmi_watchdog check by disabling various registers caused single-vcpu Xen HVM guests to become unresponsive during boot when the host CPU was an Intel Xeon Processor E5405 or an Intel Xeon Processor E5420, and the VM configuration did not have the apic = 1 parameter set. With this update, NMI_NONE is the default watchdog on AMD64 HVM guests, thus, fixing this issue.
BZ#730686
A previously introduced patch forced the ->flush and ->fsync operations to wait on all WRITE and COMMIT remote procedure calls (RPC) to complete to ensure that those RPCs were completed before returning from fsync() or close(). As a consequence, all WRITEs issued by nfs_flush_list were serialized and caused a performance regression on NFS clients. This update changes nfs_flush_one and nfs_flush_multi to not wait for WRITEs issued when the FLUSH_SYNC parameter is set, resolving performance issues on NFS clients.
BZ#733665
When setting the value in the /proc/sys/vm/dirty_writeback_centisecs file via echo, the actual saved value was always one less than the given value (for example, setting 500 resulted in 499 being set). This update fixes this off-by-one error, and values in /proc/sys/vm/dirty_writeback_centisecs are now correctly set.
BZ#732775
When reading a file from a subdirectory in /proc/bus/pci/ while hot-unplugging the device related to that file, the system would crash. With this update, the kernel correctly handles the simultaneous removal of a device, and access to the representation of that device in the proc file system.
BZ#738389
Prior to this update, MTU was constrained to 1500 unless Scatter/Gather I/O (SG) was supported by the NIC; in the case of netback, this would mean unless SG was supported by the front-end. Because the hotplugging scripts ran before features have been negotiated with the front-end, at that point SG would still be disabled, breaking anything using larger MTUs, (for example, cluster communication using that NIC). This update inverts the behavior and assumes SG to be present until negotiations prove otherwise (in such a case, MTU is automatically reduced).
BZ#734157
A previously applied patch introduced a regression for 3rd party file systems that do not set the FS_HAS_IODONE2 flag, specifically, the Oracle Cluster File System 2 (OCFS2). The patch removed a call to the aio_complete function, resulting in no completion events being processed, causing userspace applications to become unresponsive. This update reintroduces the aio_complete function call, fixing this issue.
BZ#732946
This update fixes a race between TX and MCC events where an MCC event could kill a NAPI schedule by a succeeding TX event, which resulted in network transfer pauses.
BZ#730685
Previously, when the Xen Hypervisor split a 2 MB page into 4 KB pages, it linked the new page from the PDE (Page Directory Entry) before it filled entries of the page with appropriate data. Consequently, when doing a live migration with EPT (Extended Page Tables) enabled on a non-idle guest running with more than two virtual CPUs, the guest often terminated unexpectedly. With this update, the Xen Hypervisor prepares the page table entry first, and then links it in, fixing this bug.
BZ#730682
This update adds a missing patch that enables WOL (Wake-on-LAN) on the second port of a Intel Ethernet Server Adapter I350.
BZ#736275
Kernel panic occurred on a Red Hat Enterprise Linux 5.7 QLogic FCoE host during I/O operations with fabric faults due to a NULL fcport object dereference in the qla24xx_queuecommand function. This update adds a check that returns DID_NO_CONNECT if the fcport object is NULL.
BZ#732945
Packet statistics in /proc/net/dev occasionally jumped backwards. This was because the cat /proc/net/dev command was processed while the loop updating the counter was running, sometimes resulting in partially updated counter (causing the statistics to be incorrect). This update fixes this bug by using a temporary variable while summing up all the RX queues, and only then updating the /proc/net/dev statistics, making the whole operation atomic. Additionally, this update provides a patch that fixes a problem with the 16-bit RX dropped packets HW counter by maintaining a 32-bit accumulator in the driver to prevent frequent wraparound.
BZ#734772
Prior to this update, the nosharecache NFS mount option was not always honored. If two mount locations specified this option, the behavior would be the same as if the option was not specified. This was because of missing checks that enforced this option. This update adds the missing checks, resolving this issue.
BZ#728521
When kdump was triggered under a heavy load, the system became unresponsive and failed to capture a crash dump. This update fixes interrupt handling for kdump so that kdump successfully captures a crash dump while under a heavy load.
BZ#732440
Previously, configurations where Max BW was set to 0 produced the following message:
Illegal configuration detected for Max BW - using 100 instead.
With this update, such message is produced only when debugging is enabled, and such configuration is no longer called Illegal.
BZ#733152
If the be2net driver could not allocate new SKBs in the RX completion handler, it returned messages to the console and dropped packets. With this update, the driver increases the netdevice rx_dropped counter instead, and no longer produces messages in the console.
BZ#734761
If iSCSI was not supported on a bnx2 device, the bnx2_cnic_probe() function returned NULL and the cnic device was not be visible to bnx2i. This prevented bnx2i from registering and then unregistering during cnic_start() and caused the following warning message to appear:
bnx2 0003:01:00.1: eth1: Failed waiting for ULP up call to complete
BZ#737475
Prior to this update, failures to bring up the Broadcom BCM57710 Ethernet Controller occurred and the following error messages:
eth0: Something bad had happen! Aii!
[bnx2x_release_hw_lock:1536(eth0)]Releasing a lock on resource 8
eth0: Recovery flow hasn't been properly completed yet. Try again later. If u
still see this message after a few retries then power cycle is required.
With this update, the underlying source code has been modified to address this issue, and the Broadcom BCM57710 Ethernet Controller no longer fails to start.
BZ#738392
This update introduces support for jumbo frames in the Xen networking backend. However, old guests will still revert to a 1500-byte MTU after migration. This update also changes how the guest will probe the backend's Scatter/Gather I/O functionality. As long as a recent enough kernel is installed in the destination host, this will ensure that the guest will keep a large MTU even after migration.
BZ#736742
Previously, the inet6_sk_generic() function was using the obj_size variable to compute the address of its inner structure, causing memory corruption. With this update, the sk_alloc_size() is called every time there is a request for allocation, and memory corruption no longer occurs.
BZ#728518
Prior to this update, Xen did not implement certain ALU opcodes. As a result, when a driver used the missing opcodes on memory-mapped I/O areas, it caused the guest to crash. This update adds all the missing opcodes. In particular, this fixes a BSOD crash from the Windows e1000 driver.

Enhancements

BZ#732377
With this update, the JSM driver has been updated to support the Bell2 (with PLX chip) 2-port adapter on IBM POWER7 systems. Additionally, EEH support has been added to JSM driver.
Users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect.

1.75. kexec-tools

1.75.1. RHBA-2011:0382: kexec-tools bug fix update

An updated kexec-tools package that fixes one bug is now available for Red Hat Enterprise Linux 5 Extended Update Support.
The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. The kexec-tools package provides the /sbin/kexec binary and ancillary utilities that form the user-space component of the kernel's kexec feature.
This update fixes the following bug:
* On certain hardware, the kexec kernel incorrectly attempted to use a reserved memory range, and failed to boot with an error. This update adapts the underlying source code to determine the size of a backup region dynamically. As a result, kexec no longer attempts to use the reserved memory range, and boots as expected. (BZ#682085)
All users of kexec-tools are advised to upgrade to this updated package, which fixes this bug.

1.75.2. RHBA-2011:0505: kexec-tools bug fix update

An updated kexec-tools package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. The kexec-tools package provides the /sbin/kexec binary and ancillary utilities that form the user-space component of the kernel's kexec feature.
This update fixes the following bug:
* On x86 systems with a Physical Address Extension (PAE) kernel, the previous version of kexec-tools incorrectly attempted to use a reserved memory range and failed to create a valid core dump. This rendered the crash utility unable to read vmalloc addresses, and any attempt to analyze such a dump file caused the utility to display the following message:
WARNING: cannot access vmalloc'd module memory
This update applies a patch that prevents kexec-tools from incorrectly accessing a reserved memory range. Now, kexec-tools can generate core dump files that the crash utility can handle. (BZ#696547)
All users of kexec-tools are advised to upgrade to this updated package, which fixes this bug.

1.75.3. RHEA-2011:0146: kexec-tools enhancement update

An updated kexec-tools package that adds one enhancement is now available for Red Hat Enterprise Linux 5.
kexec-tools provides the /sbin/kexec binary that facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. This package contains the /sbin/kexec binary and ancillary utilities that together form the userspace component of the kernel's kexec feature.
This update adds the following enhancement:
* Red Hat Enterprise Linux 5 now fully supports the ext4 filesystem, but kdump fails to dump the vmcore on ext4 file systems. This update adds support to the ext4 file system so that users can dump the vmcore to an ext4 filesystem.
All users are advised to upgrade to this updated kexec-tools package, which adds this enhancement. (BZ#667966)

1.76. krb5

1.76.1. RHSA-2011:0199: Important krb5 security update

Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).
A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially-crafted request. (CVE-2011-0282)
A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially-crafted request. (CVE-2011-0281)
Red Hat would like to thank the MIT Kerberos Team for reporting these issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue.
All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically.

1.76.2. RHBA-2011:1031: krb5 bug fix and enhancement update

Updated krb5 packages that fix multiple bugs and add one enhancement are now available for Red Hat Enterprise Linux 5.
Kerberos is a network authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, a KDC.
This update fixes the following bugs:
* Prior to this update,the lock of the realm database could, under certain circumstances, not be released. Due to this problem, the lock could not be acquired until the clearing process was stopped or restarted. With this update, the realm database is successfully locked. (BZ#586032)
* Prior to this update,the Kerberos-aware FTP server did not parse the "restrict" keyword correctly when it was used in /etc/ftpusers. This update modifies the code so that the server parses the "restrict" keyword correctly. (BZ#644215)
* Prior to this update,the Kerberos-aware FTP client did not correctly display the size of a transferred file on 32-bit systems if the size of the file exceeded 4GB. This update modifies the type of the variable used to track the number of bytes transferred. (BZ#648404)
* Prior to this update, the client libraries failed, under certain circumstances, to parse an error reply message from the server when trying to change passwords. With this update, the client library can parse the message and correctly returns the reported error to its caller. (BZ#658871)
* Prior to this update, Kerberos-aware servers leaked memory when replay caching was disabled. This update modifies the code so that no more memory leaks occur. (BZ#678205)
* Prior to this update, the SELinux label was not maintained for replay cache files when expired entries were expunged. This update maintains the reply cache files in such a case. (BZ#712453)
This update also adds the following enhancement:
* Prior to this update, the Kerberos-aware FTP client was not able to parse user commands if the length of the command exceeded the limit of 500 characters. This update allows for the Kerberos-aware FTP client to parse user commands without character limit. (BZ#665833)
All Kerberos users are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

1.76.3. RHBA-2011:0904: krb5 bug fix update

Updated krb5 packages that fix a bug are now available for Red Hat Enterprise Linux 5.
Kerberos is a network authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, a KDC (Key Distribution Center).
This update fixes the following bug:
* When expired entries are being expunged from cache, Kerberos creates a temporary file, copies valid entries into it and then renames it back to set it as a new cache file. Prior to this update, the SELinux label was not set correctly for the temporary file. Subsequently, user identities could not be properly verified. With this update, a newer version of the patch addressing this issue has been provided, the temporary file now gets the correct SELinux label and applications that modify the replay cache file continue to work properly in the described scenario. (BZ#714188)
Users of krb5 are advised to upgrade to these updated packages, which fix this bug.

1.77. ksh

1.77.1. RHBA-2011:0304: ksh bug fix update

An updated ksh package that fixes multiple bugs is now available for Red Hat Enterprise Linux 5.
KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell Laboratories. KornShell is a shell programming language which is also compatible with sh, the original Bourne Shell.
This update fixes the following bugs:
* Due to a memory leak in the ksh executable, the performance of long running scripts could decrease significantly over the time. With this update, the underlying source code has been modified to prevent this memory leak, and the execution of long running scripts is no longer slowed down. (BZ#674552)
* When a ksh script contained the "trap" command to capture a "SIGPIPE" signal, sending this signal by using the built-in "echo" command could cause its output to be incorrectly added to the redirected output of an external command. This error has been fixed, and ksh now flushes the output buffer before redirecting output streams. (BZ#675128)
* Due to incorrect signal handling, receiving a signal while still processing the same one caused ksh to terminate unexpectedly with a segmentation fault. With this update, the subsequent signals are deferred until the current one is processed, and ksh no longer crashes. (BZ#675130)
* Previously, assigning a value to an array variable during the execution of the "typeset" command could cause the shell to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command, and ksh no longer crashes. (BZ#675135)
All users of ksh are advised to upgrade to this updated package, which resolves these issues.

1.77.2. RHBA-2011:0385: ksh bug fix update

An updated ksh package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell Laboratories. KornShell is a shell programming language which is also compatible with sh, the original Bourne Shell.
This update fixes the following bugs:
* The KornShell's "IFS" variable contains a list of field separators and is used to separate the results of command substitution, parameter expansion, or separate fields with the "read" built-in command. Previously, ksh did not protect this variable from being freed. Consequent to this, when a user attempted to unset the "IFS" variable from within a function, ksh terminated unexpectedly with a segmentation fault. With this update, an upstream patch has been applied to address this issue, and using the "unset IFS" command inside a function body no longer causes ksh to crash. (BZ#684829)
* When a ksh script created a file and immediately opened it after the creation, the operation failed. This happened because the created file, in some cases, did not exist yet. With this update, this race condition has been fixed and once a file is created, it is immediately available for any following commands. (BZ#684831)
* Prior to this update, ksh did not close a file containing an auto-loaded function definition. After loading several functions, ksh could have easily exceeded the system's limit on the number of open files. With this update, files containing auto-loaded functions are properly closed, thus, the number of opened files no longer increases with usage. (BZ#684832)
All users of ksh are advised to upgrade to this updated package, which resolves these issues.

1.77.3. RHBA-2011:0513: ksh bug fix update

An updated ksh package that fixes one bug is now available for Red Hat Enterprise Linux 5.
KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell Laboratories. KornShell is a shell programming language which is also compatible with sh, the original Bourne Shell.
This update fixes the following bug:
* When running a script, the previous version of ksh could incorrectly consider the "eval" command to be the last in the script, and did not run it in a separate process. Consequent to this, using "eval" or executing commands from another file (that is, by using the "." built-in command) may have prevented ksh from executing any subsequent commands. With this update, the underlying source code has been adapted to determine whether a script contains other commands, and perform the selected action in a separate process if it does. As a result, ksh now executes all commands in a script as expected. (BZ#702364)
All users of ksh are advised to upgrade to this updated package, which fixes this bug.

1.77.4. RHBA-2011:0939: ksh bug fix update

An updated ksh package that fixes one bug is now available for Red Hat Enterprise Linux 5.
KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell Laboratories. KornShell is a shell programming language which is also compatible with sh, the original Bourne Shell.
This update fixes the following bug:
* Previously, ksh treated an array declaration as a definition. Consequently, the array contained one element after the declaration. This bug has been fixed, and now an array is correctly reported as empty after a declaration. (BZ#716375)
All users of ksh are advised to upgrade to this updated package, which fixes this bug.

1.78. kvm

1.78.1. RHBA-2011:1068: kvm bug fix update

Updated kvm packages that fix various bugs are now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1068 — kvm bug fix update.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on hardware containing virtualization extensions (i.e. nearly all modern hardware). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

Bug Fixes:

BZ#561224
When the Sandra multi-media benchmark utility was run on a Windows guest, the guest terminated unexpectedly when the utility tried to access the Model Specific Register 0x480 (IA32_VMX_BASIC). A patch has been provided to address this issue and the benchmark utility no longer causes a Windows guest to crash.
BZ#666225, BZ#693918
When a migration was attempted during the early boot stage in a virtual machine running Windows XP, the virtual machine failed to boot correctly. This bug has been fixed, and the virtual machine now boots properly in the described scenario.
BZ#713389
When a host with a floppy drive attached and Red Hat Enterprise Linux 5.7 installed was being migrated to another host with kernel version 2.6.18-238.14.1 installed, the migration process failed and the host was left in a stopped state. A patch has been provided to address this issue and the migration now finishes successfully in the described scenario.
BZ#713392
Due to a regression, when the values for maximum downtime or maximum speed were increased during a migration, the guests experienced heavy stalls and the migration did not finish in a reasonable time. With this update, a patch has been provided and the migration process finishes successfully in the described scenario.
BZ#508949
When an iSCSI server was configured and the block device was shared on a host, if a guest on another host performed a write operation on the shared device and the iSCSI server was restarted, the standard output of the QEMU monitor on the source host was flooded with redundant error messages. With this update, calls to write out these messages have been removed from the code, thus fixing this bug.
BZ#641854
Previously, when a CD image with a read-only flag set was ejected from a drive on a guest, the read-only flag was preserved. Consequently, the image could not be re-attached to the drive. A patch has been provided to address this issue, and the read-write flag is now set correctly when an image is ejected from a drive, allowing CD images to be changed on-the-fly.
BZ#644706
Previously, the QEMU monitor used an incorrect handler to process passwords to encrypted images. Consequently, the monitor became unresponsive on the first command when attempting to start a guest with an encrypted qcow2 (QEMU Copy-on-Write) image. With this update, the command handler and the password handler are used properly, and the guest now starts successfully in the described scenario.
BZ#644793
In hot plug mode, when a PCI device was being attached to a QEMU guest with the -no-kvm command line option, the qemu-kvm utility terminated with a segmentation fault. This bug has been fixed, and qemu-kvm now exits properly and returns appropriate error messages in the described scenario.
BZ#581555
When the cont command of the QEMU monitor was used to restore a domain saved to a file via the virsh utility, if an incoming migration had been specified for the virtual machine, cont sometimes took effect before the migration was complete. As a consequence, the restore process or the migration sometimes failed. This bug has been fixed, and now the cont command is only accepted after the incoming migration has successfully finished.
BZ#652135
Due to flaws in the IDE CD-ROM emulation, the guest kernel and the anaconda installer sometimes failed to recognize the installation media after the optional testing of installation media had been made. Consequently, the installation process became unresponsive and could not continue. With this update, a memory leak in the bdrv_close() function has been fixed, the installation process no longer gets stuck and the retry function can now be properly used if the installation medium is not recognized the first time.
BZ#657149
When a system_reset signal was sent to a guest with a pass-through NIC (Network Interface Card) attached, a kernel panic occurred in the guest. This bug has been fixed, and the guest now reboots properly in the described scenario.
BZ#659172
When the CHAOS-Concurrent Hardware And OS test job was run in the WHQL (Windows Hardware Quality Labs) test environment on a Windows guest, the run pwrtest child job failed even though the main CHAOS job passed. This bug has been fixed in the KVM BIOS, and the run pwrtest job now passes successfully in the described scenario.
BZ#665023
The QEMU emulator did not enqueue mouse events; it simply records the latest mouse state. Prior to this update, double click or dragging mouse events were sometimes lost, especially on high-latency connections. Now, the code for mouse descriptors has been fixed, and lost mouse events occur much less frequently.
Users of kvm are advised to upgrade to these updated packages, which fix these bugs.

1.78.2. RHBA-2011:0499: kvm bug fix update

Updated kvm packages that fix one bug are now available for Red Hat Enterprise Linux 5.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.
This update fixes the following bug:
* Due to a regression introduced in Red Hat Enterprise Linux 5.6, duplicate pages may have been transferred during a live migration of a KVM virtual machine. Consequent to this, when a system was under heavy load, such a migration may have failed to complete in some scenarios. This update applies a patch that reverts this regression. As a result, the live migration is now more efficient and no longer fails to complete under heavy load. (BZ#696155)
All users of kvm are advised to upgrade to these updated packages, which fix this bug. Note that the procedure in the Solution section must be performed before this update will take effect.

1.79. lapack

1.79.1. RHBA-2011:0442: lapack bug fix update

Updated lapack packages that fix one bug are now available for Red Hat Enterprise Linux 5.
LAPACK (Linear Algebra PACKage) is a standard library for numerical linear algebra written in FORTRAN 77. It provides routines for solving systems of simultaneous linear equations, least-squares solutions of linear systems of equations, eigenvalue problems, and singular value problems.
This update fixes the following bug:
* Prior to this update, the "DLALSD" function incorrectly modified the value of the "RCOND" argument. Consequent to this, an attempt to call this function with a literal value such as "-1.D0" as the "RCOND" argument caused the calling program to terminate unexpectedly with a segmentation fault. With this update, a patch has been applied to prevent "DLALSD" from modifying the value of "RCOND", and the use of a literal value no longer causes the program to crash. (BZ#608039)
All users of lapack are advised to upgrade to these updated packages, which fix this bug.

1.80. libdhcp

1.80.1. RHBA-2011:1027: libdhcp bug fix update

Updated libdhcp packages that fix one bug are now available for Red Hat Enterprise Linux 5.
libdhcp enables programs to invoke and control the Dynamic Host Configuration Protocol (DHCP) clients: the Internet Software Consortium (ISC) IPv4 DHCP client library, libdhcp4client, and the IPv6 DHCPv6 client library, libdhcp6client.
This update fixes the following bug:
* Prior to this update, the libdhcp4client client library did not support IP over InfiniBand (IPoIB) devices. With this update, libdhcp is rebuilt against the latest libdhcp4client packages, which add support for IPoIB devices. (BZ#694570)
All users of libdhcp are advised to upgrade to these updated packages, which fix this bug.

1.81. libmlx4

1.81.1. RHBA-2011:1057: libmlx4 enhancement update

Updated libmlx4 packages that add one enhancement are now available for Red Hat Enterprise Linux 5.
libmlx4 is the hardware driver library for Mellanox ConnectX architecture devices for use with the libibverbs user space verbs access library.
This update adds the following enhancement:
* This update adds new PCI IDs to the library to allow libmlx4 to work with recently released devices. (BZ#670887)
Users who require Mellanox InfiniBand hardware are advised to upgrade to these updated packages, which add this enhancement.

1.82. libtdb

1.82.1. RHBA-2011:1050: libtdb bug fix update

Updated libtdb packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The libtdb library implements the small Trivial Database (TDB).
This update fixes the following bug:
* Prior to this update, the built-in logic in TDB for automatic resizing did not allow for databases with very large records. Due to this issue, the database allocated far more memory than required when a large record was entered into the database, which forced a resize. With this update, the size of the records are taken into consideration when resizing the database. Now, only the required amount of memory is allocated. (BZ#693785)
All users of libtdb are advised to upgrade to these updated packages, which fix this bug.

1.83. libtiff

1.83.1. RHSA-2011:0392: Important libtiff security and bug fix update

Updated libtiff packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167)
This update also fixes the following bug:
* The RHSA-2011:0318 libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825)
All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.

1.83.2. RHSA-2011:0318: Important libtiff security update

Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192)
Red Hat would like to thank Apple Product Security for reporting this issue.
All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect.

1.84. libuser

1.84.1. RHSA-2011:0170: Moderate libuser security update

Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages.
It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002)
Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary.
Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue.

1.85. libvirt

1.85.1. RHSA-2011:0478: Moderate libvirt security update

Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.
A flaw was found in the way libvirtd handled error reporting for concurrent connections. A remote attacker able to establish read-only connections to libvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486)
All libvirt users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect.

1.85.2. RHSA-2011:0391: Important libvirt security update

Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.
It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a denial of service or privilege escalation. (CVE-2011-1146)
Note: Previously, using rpmbuild without the '--define "rhel 5"' option to build the libvirt source RPM on Red Hat Enterprise Linux 5 failed with a "Failed build dependencies" error for the device-mapper-devel package, as this -devel sub-package is not available on Red Hat Enterprise Linux 5. With this update, the -devel sub-package is no longer checked by default as a dependency when building on Red Hat Enterprise Linux 5, allowing the libvirt source RPM to build as expected.
All libvirt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect.

1.85.3. RHSA-2011:1019: Moderate libvirt security, bug fix, and enhancement update

Updated libvirt packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash. (CVE-2011-2511)
This update fixes the following bugs:
* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat Enterprise Linux 5.6. A code audit found a minor API change that effected error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1 – 0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2 client saw a "Timed out during operation" message where it should see an "Invalid network filter" error. This update adds a backported patch that allows libvirt 0.8.2 clients to interoperate with the API as used by libvirt 0.7.x servers, ensuring correct error messages are sent. (BZ#665075)
* libvirt could crash if the maximum number of open file descriptors (_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed file descriptors outside the bounds of the set. With this update the maximum number of open file descriptors can no longer grow larger than the FD_SETSIZE value. (BZ#665549)
* A libvirt race condition was found. An array in the libvirt event handlers was accessed with a lock temporarily released. In rare cases, if one thread attempted to access this array but a second thread reallocated the array before the first thread reacquired a lock, it could lead to the first thread attempting to access freed memory, potentially causing libvirt to crash. With this update libvirt no longer refers to the old array and, consequently, behaves as expected. (BZ#671569)
* Guests connected to a passthrough NIC would kernel panic if a system_reset signal was sent through the QEMU monitor. With this update you can reset such guests as expected. (BZ#689880)
* When using the Xen kernel, the rpmbuild command failed on the xencapstest test. With this update you can run rpmbuild successfully when using the Xen kernel. (BZ#690459)
* When a disk was hot unplugged, "ret >= 0" was passed to the qemuAuditDisk calls in disk hotunplug operations before ret was, in fact, set to 0. As well, the error path jumped to the "cleanup" label prematurely. As a consequence, hotunplug failures were not audited and hotunplug successes were audited as failures. This was corrected and hot unplugging checks now behave as expected. (BZ#710151)
* A conflict existed between filter update locking sequences and virtual machine startup locking sequences. When a filter update occurred on one or more virtual machines, a deadlock could consequently occur if a virtual machine referencing a filter was started. This update changes and makes more flexible several qemu locking sequences ensuring this deadlock no longer occurs. (BZ#697749)
* qemudDomainSaveImageStartVM closed some incoming file descriptor (fd) arguments without informing the caller. The consequent double-closes could cause Domain restoration failure. This update alters the qemudDomainSaveImageStartVM signature to prevent the double-closes. (BZ#681623)
This update also adds the following enhancements:
* The libvirt Xen driver now supports more than one serial port. (BZ#670789)
* Enabling and disabling the High Precision Event Timer (HPET) in Xen domains is now possible. (BZ#703193)
All libvirt users should install this update which addresses this vulnerability, fixes these bugs and adds these enhancements. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect.

1.85.4. RHBA-2011:0142: libvirt bug fix update

Updated libvirt packages that fix a bug are now available for Red Hat Enterprise Linux 5.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.
This update fixes the following bug:
* Previously, when users ran libvirtd on a system with a larger limit for maximum open file descriptors than the default Red Hat Enterprise Linux case of 1024, libvirtd could be aborted with a segmentation fault. This update resolves this issue and the daemon libvirtd behaves as expected. (BZ#667142)
All libvirt users are advised to upgrade to these updated packages, which resolve this issue.

1.86. libxml2

1.86.1. RHBA-2011:1053: libxml2 bug fix update

Updated libxml2 packages that fixes several bugs are now available for Red Hat Enterprise Linux 5.
The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standard is XML Schemas, which allow complex validation and checking of document conforming to a schemas describing the allowed structure and content of the document. Another one is XPath, which is a language for addressing parts of an XML document.
This update fixes the following bugs:
* Due to an uninitialized field in one of the private libxml2 XPath data structures, the XPath evaluation could have returned incorrect results. This error has been fixed, the field is now initialized properly, and XPath evaluation returns expected results. (BZ#613860)
* Prior to this update, there were several problems present in the XML Schemas validation component of libxml2. As a result, validating a document against a schema could have been aborted and an error message similar to "xmllint: free(): invalid next size (fast)" could have been displayed under certain circumstances. With this update, the XML Schemas validation component has been fixed so that it works as expected. (BZ#644312)
All users of libxml2 are advised to upgrade to these updated packages, which fix these bugs.

1.87. linuxwacom

1.87.1. RHEA-2011:1063: linuxwacom enhancement update

An updated linuxwacom package that adds one enhancement is now available for Red Hat Enterprise Linux 5.
The Linux Wacom Project manages the drivers, libraries, and documentation for configuring and running Wacom tablets under the Linux operating system. It contains diagnostic applications as well as X.Org XInput drivers.
This update adds the following enhancement:
* The linuxwacom package has been updated to support Wacom Cintiq DTU-2231 devices. (BZ#713166)
All users of linuxwacom are advised to upgrade to this updated package, which adds this enhancement.

1.88. logrotate

1.88.1. RHBA-2011:0816: logrotate bug fix update

An updated logrotate package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files.
This update fixes the following bugs:
* When the logrotate.status file was corrupted, the logrotate utility correctly displayed an error message, but did not return a non-zero exit code to indicate a failure. With this update, a patch has been applied to address this issue, and a corrupted logrotate.status file now causes logrotate to terminate with error code 1 as expected. (BZ#461494)
* The "size" configuration option allows a user to specify the minimum size a particular file must reach in order for logrotate to start rotating it. Prior to this update, the maximum supported value of this option was limited to 4 gigabytes. With this update, this limit has been increased to 16 exabytes. (BZ#484075)
* When used to rotate the /var/log/btmp file, previous versions of the logrotate utility incorrectly changed the permissions of this file to "0644". With this update, a default configuration entry for the /var/log/btmp file has been added to ensure the permissions are correctly set to "0600". (BZ#485553)
* The "missingok" configuration option allows a user to prevent the logrotate utility from reporting an error when a particular log file is missing. Previously, the presence of a wildcard character (typically "*") in a file name caused logrotate to ignore this option. With this update, a patch has been applied to address this issue, and the use of the wildcard characters in the file names no longer causes logrotate to ignore the "missingok" option. (BZ#540119)
* Prior to this update, when the logrotate utility failed to rename a log file, it did not detect this error and incorrectly overwrote or even deleted the original file. To prevent a loss of potentially important logs, this update adapts the utility not to rotate files that cannot be renamed. (BZ#567365)
* Previously, a recursive use of the "include" directive in a configuration file caused the logrotate utility to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that limits the maximum level of recursion, and the recursive use of the "include" directive no longer causes logrotate to crash. (BZ#574784)
* Due to an error in the application logic, the logrotate utility passed an argument with a wildcard to the prerotate and postrotate scripts even when the "sharedscripts" configuration option was specified. With this update, this error no longer occurs, and specifying the "sharedscripts" option now causes logrotate to correctly pass a full path to a particular log. (BZ#579680)
* Previously, the logrotate(8) manual page did not provide a description of the arguments that are passed to the prerotate and postrotate scripts. This update extends the manual page to include this information. (BZ#474013)
* Previously, the "AUTHORS" section of the logrotate(8) manual page did not include the current maintainer of the logrotate utility. This error has been fixed, and logrotate(8) now contains an up-to-date list of authors. Additionally, the manual page now provides a link to the project homepage. (BZ#622059)
* In the logrotate(8) manual page, the description of the "size" configuration option stated that log files are rotated when they grow bigger than the specified file size. Since this description was rather vague, this update corrects the manual page to provide a more accurate description of this option. (BZ#638591)
* Previously, the logrotate(8) manual page did not provide a description of the "-?", "--help", "--verbose", and "--debug" command line options. This error has been fixed, and the manual page now covers all supported command line options as expected. (BZ#642936)
All users of logrotate are advised to upgrade to this updated package, which fixes these bugs.

1.89. logwatch

1.89.1. RHSA-2011:0324: Important logwatch security update

An updated logwatch package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.
A flaw was found in the way Logwatch processed log files. If an attacker were able to create a log file with a malicious file name, it could result in arbitrary code execution with the privileges of the root user when that log file is analyzed by Logwatch. (CVE-2011-1018)
Users of logwatch should upgrade to this updated package, which contains a backported patch to resolve this issue.

1.90. lvm2

1.90.1. RHBA-2011:1071: lvm2 bug fix and enhancement update

An updated lvm2 package that fixes a number of bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1071 — lvm2 bug fix and enhancement update.
The lvm2 package contains support for Logical Volume Management (LVM).

Bug Fixes:

BZ#640051
Previously, it was possible to issue a single "lvconvert" command that both allocated and freed the supplied physical extents. This update logically splits this functionality so that an lvconvert command can either allocate or free physical extents, but disallows performing both operations in a single command, with the result that lvcreate is more consistent and easier to use.
BZ#643500
The entire /proc/self/maps file is now read before maps entries are operated upon.
BZ#653643
The command "vgextend --restoremissing" reported success even in the case of partial failure of an operation, which was potentially confusing. Partial failures are now reported as such.
BZ#656394
The default permissions on the /etc/lvm/ directory have been changed to allow non-root users to use required functionality.
BZ#667174
The "lvchange --test" command now exits cleanly.
BZ#671459
An unnecessary and harmless "File-based locking initialization failed." error message that may have occurred during system startup has been removed.
BZ#672816
O_DIRECT is now always used when opening block devices to check for partitioning.
BZ#710618
Reducing a striped logical volume converted to a mirror could have resulted in corruption. This update fixes the rounding operations in striped volume reduction, and a mirror over a striped volume is now reduced successfully.
BZ#709388
The lvmdump command now works properly with the SELinux's Multi-Level Security policy.
BZ#697959
The vgimportclone script triggered a code path in the "lvm" command which accessed already-released memory when a duplicate physical volume (PV) was found. Problematic strings are now saved to a temporary buffer, and this issue no longer occurs.
BZ#651590
If a transient error occurred while a mirror was being repaired, such as a failing device re-appearing, the repair could have failed and a locking error reported. With this update, the mirror repair operation successfully completes in the described situation.
BZ#680961
The lvm2 package has been upgraded to upstream version 2.02.84, which provides a number of bug fixes over the previous version. Those bug fixes also include:
  • A possible overflow in maximum stripe size and physical extent has been fixed.
  • pvmove polling no longer fails if another process has already cleaned up.
  • Error messages issued by the lvcreate command now refer to "free space" rather than "extents".
  • A memory leak in the persistent filter creation error path has been plugged.
  • The label cache is no longer revalidated immediately after scanning.
  • VG (volume group) allocation policy in metadata being invalid could have caused a memory leak, which has been plugged.
  • An unrecognized allocation policy in metadata is now ignored rather than aborting the executed command.
  • The redundant "No PV label" error message is now suppressed when several PVs are removed without MDAs.
  • The vgchange command now only updates VG metadata once when making multiple changes.
  • The vgchange command now processes the "-a", "--refresh", "--monitor" and "--poll" options like lvchange does.
  • The vgchange command no longer takes a write lock when the "--refresh", "--poll" or "--monitor" options are supplied.
  • The lvconvert command now respects the "--yes" and "--force" options when converting an active log.
  • If lvm1 metadata is used, partial mode is limited in operation to prevent a crash for operations not yet supported.

Enhancements:

BZ#189462
Invalidated snapshots are now automatically unmounted by dmeventd.
BZ#213942
Tag length restrictions have been removed, and certain punctuation characters, namely / = ! : # and &, are now accepted.
BZ#427298
This update makes it possible to set up a policy of automatic snapshot extension whenever remaining snapshot space drops below a threshhold defined by the new "snapshot_autoextend_threshold" option in the /etc/lvm/lvm.conf configuration file. With this option set, a snapshot either becomes invalidated, as per the previous behavior, or it is extended and automatically continues to function as long as long as free Volume Group space permits.
BZ#433768
The cling allocation policy has been extended to recognize PV (physical volume) tags in the "cling_by_tags" option in lvm.conf.
BZ#644578
A new configurable option, "pv_min_size", has been added to the lvm.conf configuration file. This option can be used to improve performance of commands that scan all devices by setting the pv_min_size value to skip device reading below a certain predefined level.
BZ#659264
The man pages for the pvmove, pvcreate, pvremove, pvresize, pvscan and lvscan commands have been updated and improved.
BZ#644079, BZ#640101
Converting a mirror log type from disk to mirrored is now supported.
BZ#708492
Striped mirrors are now supported.
BZ#680961
The lvm2 package has been upgraded to upstream version 2.02.84, which provides a number of enhancements over the previous version. Those enhancements include:
  • Multiple "--addtag" and "--deltag" options can now be supplied as parameters.
  • Independent vgchange arguments can now be used together.
  • The output from "dmsetup ls --tree" has been added to lvmdump.
  • Command processing has been sped up by caching the resolved configuration tree.
  • Multiple pvchange command line options can now be specified simultaneously.
  • An unnecessary call to unlock during volume deactivation has been eliminated.
  • "Fusion-io" is now accepted in the device type filter.
  • The "metadata_read_only" option has been added to the global section of the lvm.conf configuration file. If this option is enabled, no operations that change on-disk metadata will be permitted, including automatic repairs of metadata in read-only mode.
  • device-mapper devices are now skipped during scans if they contain only error targets or are pseudo-terminal devices.
  • The unquoting of quoted double-quotes and backslashes has been sped up.
  • CRC32 calculations have been sped up by using a larger lookup table.
Users are advised to upgrade to this updated lvm2 package, which resolves these issues and adds these enhancements.

1.90.2. RHBA-2011:0287: lvm2 bug fix update

An updated lvm2 package that resolves several issues is now available.
The lvm2 package contains support for Logical Volume Management (LVM).
This updated lvm2 package provides fixes for the following bugs:
* With this update, the "File-based locking initialization failed." warning, which was displayed during the system start-up, is now suppressed. (BZ#673975)
* Under certain circumstances, mainly on shared storage systems, the buffered read of a device was used instead of a direct device access. This could result in the use of outdated metadata values. This update ensures that all device scan operations use the direct device access. (BZ#673981)
* This update fixes a faulty initialization which in certain cases lead to a full unconditional rescan of devices. As a result, all lvm operations were slowed down and exhibited poor performance. (BZ#673986)
All users of lvm2 are advised to upgrade to this updated package, which resolves these issues.

1.91. lvm2-cluster

1.91.1. RHBA-2011:0986: lvm2-cluster bug fix and enhancement update

An updated lvm2-cluster package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5.
The lvm2-cluster packages contain support for Logical Volume Management (LVM) in a clustered environment.
This updated lvm2-cluster package ensures that the fixes provided with the Red Hat Enterprise Linux lvm2 advisory are also fixed in a clustered environment. The full list of changes is detailed in the WHATS_NEW file located in the /usr/share/doc/lvm2-[version]/ directory.
This package also provides fixes for the following bugs:
* Wrongly-paired unlocking in the pvchange command has been fixed. (BZ#667517)
* O_DIRECT is now always used when block devices are opened to check for partitioning. (BZ#673615)
* The clvmd daemon now respects the settings in the lvm.conf configuration file when it initializes syslog.
* The exclusive lock now remains unchanged when a device is suspended by the clvmd daemon.
* The clvmd daemon now properly increments the DLM lockspace reference count.
* The clvmd daemon now creates the /var/run/lvm/ directory during initialization if it is missing.
In addition, this updated package provides the following enhancements:
* Activating snapshots of clustered logical volumes is now supported. (BZ#501437)
* The clvmd daemon now supports the "--help" option, and returns proper exit status codes upon exit. (BZ#666991)
* The clvmd daemon now supports the "-f" option, which prevents it from forking, and the description for the "clvmd -d[number]" command has been improved.
Users are advised to upgrade to this updated lvm2-cluster package, which resolves these issues and adds these enhancements.

1.91.2. RHBA-2011:0288: lvm2-cluster bug fix update

An updated lvm2-cluster package that fixes a bug is now available.
The lvm2-cluster package contains support for Logical Volume Management (LVM) in a clustered environment.
This update ensures that bugs fixed by the lvm2 bug fix update advisory are also fixed in a clustered environment, namely the following bug:
* Under certain circumstances, mainly on shared storage systems, the buffered read of a device was used instead of a direct device access. This could result in the use of outdated metadata values. This update ensures that all device scan operations use the direct device access. (BZ#673980)
All users of lvm2-cluster are advised to upgrade to this updated package, which resolves this issue.

1.92. m2crypto

1.92.1. RHBA-2011:1058: m2crypto bug fix update

An updated m2crypto package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
m2crypto allows OpenSSL functions to be called from Python scripts.
This updated m2crypto package includes fixes for the following bugs:
* Prior to this update, the AES_crypt() function did not free a temporary buffer. This caused a memory leak when the function was called repeatedly. This problem has been fixed and the AES_crypt() function now frees memory correctly. (BZ#659881) * Previously, calling the m.2asn1_INTEGER_get() function resulted in an incorrect numerical value for the serial number due to a data type mismatch. As a consequence, the subscription-manager application displayed an error message about the serial number being less than zero. Serial numbers are now handled correctly and no error message appears. (BZ#703648)
All users of m2crypto are advised to upgrade to this updated package, which resolves these bugs.

1.93. mailman

1.93.1. RHSA-2011:0307: Moderate mailman security update

An updated mailman package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Mailman is a program used to help manage email discussion lists.
Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2008-0564, CVE-2010-3089)
Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and CVE-2010-3089 issues.
Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues.

1.94. man

1.94.1. RHEA-2011:0994: man bug fix and enhancement update

An updated man package that fixes one bug and adds one enhancement is now available for Red Hat Enterprise Linux 5.
The man package provides the man, apropos, and whatis tools for finding information and documentation about your Linux system.
This update fixes the following bug:
* Prior to this update, the variable name TMPFILEDIR was not defined in the makewhatis script. Due to this problem, users could lose their entire file system if they defined TMPFILEDIR=/ in the environment. In case of TMPFILEDIR=/tmp, the tmp folder could be lost. This update defines the variable TMPFILEDIR in the makewhatis and no more loss of files occur. (BZ#560585)
This update also adds the following enhancement:
* Prior to this update, the man package did not support the man-pages-overrides subdirectory. Due to this lack, the man-pages-overrides package did not work correctly. This update adds this subdirectory. Now, man-pages-overrides works as expected.(BZ#558732)
All man users are advised to upgrade to this updated package, which fixes this bug and adds this enhancement.

1.95. mcelog

1.95.1. RHBA-2011:0512: mcelog bug fix update

An updated mcelog package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The mcelog package contains a daemon that collects and decodes Machine Check Exception (MCE) data on AMD64 and Intel 64 machines.
* On some systems, mcelog was able to read beyond the last page of the SMBIOS tables. This caused a failure in the mmap() call, the "Cannot mmap SMBIOS tables" error message was issued and the user was unable to run mcelog further. Now, the range for the mmap() calls has been lowered and the bug no longer occurs. (BZ#698122)
Users of mcelog are advised to upgrade to this updated package, which fixes this bug.

1.95.2. RHBA-2011:0377: mcelog bug fix update

An updated mcelog package that fixes a bug is now available for Red Hat Enterprise Linux 5.
The mcelog daemon collects and decodes Machine Check Exception (MCE) data on 64-bit x86 machines.
This update fixes the following bug:
* The mcelog daemon shipped with Red Hat Enterprise Linux 5 does not support all processors. Previously, mcelog did not check whether the system is supported or not before adding a cronjob. Consequent to this, an attempt to use it on an unsupported system caused the following email message to be sent to a system administrator every hour:
mcelog: Unknown Intel CPU type family [cpu_family] model [model]
With this update, mcelog has been adapted to ensure that the system is supported before adding a cronjob, so that system administrators no longer receive these messages. (BZ#621669)
Users of mcelog are advised to upgrade to this updated package, which resolves this issue.

1.96. mkinitrd

1.96.1. RHBA-2011:1017: mkinitrd bug fix update

Updated mkinitrd packages that fix two bugs are now available for Red Hat Enterprise Linux 5.
The mkinitrd utility creates file system images for use as initial RAM disk (initrd) images.
This update fixes the following bugs:
* Prior to this update, modules and options contained in the configuration files (*.conf) in the /etc/modprobe.d/ directory were ignored when generating a new initrd image. This update resolves the problem by adding the configuration files to the list of files checked for modules and options during the initrd image creation. (BZ#564392)
* Prior to this update, the cryptomgr module was not installed in the initrd image. As a result, because the Linux kernel versions 2.6.18-258 and later require cryptomgr to be installed in the initrd image when using the dm-crypt subsystem, it was not possible to decrypt any Linux Unified Key Setup (LUKS) partition when dm-crypt was used. This update resolves the problem by adding cryptomgr to the initrd image when dm-crypt is used so that decrypting LUKS partitions now works as expected. (BZ#694534)
All mkinitrd users are advised to upgrade to these updated packages, which fix these bugs.

1.96.2. RHBA-2011:0430: mkinitrd bug fix update

Updated mkinitrd packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The initrd image is an initial RAM disk that is loaded by a boot loader before the Linux kernel is started. The mkinitrd utility creates the initrd file system image.
This update fixes the following bug:
* When creating the initrd file, the mkinitrd utility reads the configuration to determine what kernel modules to load and which module options to use. Previously, the mkinitrd utility only read the /etc/modprobe.conf configuration file. This update corrects this error, and when the /etc/modprobe.conf file does not exist, mkinitrd now attempts to read the configuration from the files located in /etc/modprobe.d/ instead. (BZ#694052)
All users of mkinitrd are advised to upgrade to these updated packages, which fix this bug.

1.97. mod_authz_ldap

1.97.1. RHBA-2011:0482: mod_authz_ldap bug fix update

An updated mod_authz_ldap package that fixes one bug is now available for Red Hat Enterprise Linux 5.
mod_authz_ldap is a module for the Apache HTTP Server. This module provides support for authenticating users against an LDAP database.
This update fixes the following bug:
* Previously, the RPM spec file did not mark /etc/httpd/conf.d/authz_ldap.conf as a configuration file, which allowed any subsequent update to this package to overwrite this file regardless of its local changes. With this update, the spec file has been corrected to mark /etc/httpd/conf.d/authz_ldap.conf as "%config(noreplace)", so that the file is no longer overwritten upon an update. (BZ#533837)
All users of mod_authz_ldap are advised to upgrade to this updated package, which fixes this bug.

1.98. mod_nss

1.98.1. RHBA-2011:0411: mod_nss bug fix update

An updated mod_nss package that fixes NSS database permissions when upgrading is now available for Red Hat Enterprise Linux 5.
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.
This update addresses the following bug:
* The NSS database initializing sequence changed in mod_nss 1.0.8. As of this version, the database is initialized in each Apache child rather than in the main process. This change adheres to the PKCS #11 specification which does not allow forking after a token is initialized. As a result the NSS database needs to be readable by the user that Apache runs as. When mod_nss 1.0.8 is newly installed, it generates a new database and ensures file ownership is correct (ie is root:apache, mode 0640).
Previously, however, a bug in the %postinstall script meant the necessary read permissions were not added correctly when upgrading from mod_nss 1.0.3 to 1.0.8. As a consequence, after upgrading from mod_nss 1.0.3 to mod_nss 1.0.8, the Apache server failed to start. This update corrects the error in the %postinstall script and upgrading from mod_install 1.0.3 to 1.0.8 now adds the necessary read permissions (and Apache starts as expected after upgrading).
Note: as described above, this bug only presented when upgrading from mod_install 1.0.3 to 1.0.8. New installs of 1.0.8 were not affected by this bug. (BZ#679748)
All mod_nss users are advised to upgrade to this updated package, which resolves this issue.

1.99. mysql

1.99.1. RHBA-2011:0494: mysql bug fix update

Updated mysql packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
MySQL is a multi-user, multithreaded SQL database server.
These updated mysql packages provide fixes for the following bugs:
* Resolving queries containing a subquery with the DISTINCT and ORDER BY subclauses could have triggered a memory leak causing the query resolution to fail or the server to terminate unexpectedly if it had to process an extensive number of rows. With this update, the respective upstream patch has been applied and the queries are resolved correctly. (BZ#692953)
* Previously, the MySQL client could have corrupted input lines exceeding one megabyte due to errors in the code for handling the line splitting. This update changes the underlying code and the client saves such input lines correctly. (BZ#700497)
All users of mysql are advised to upgrade to these updated packages, which fix these bugs.

1.100. nautilus

1.100.1. RHBA-2011:0440: nautilus bug fix update

Updated nautilus packages that fix two bugs are now available for Red Hat Enterprise Linux 5.
The Nautilus file manager integrates access to files, applications, media, and the Internet, and is a core component of the GNOME desktop project.
This update fixes the following bugs:
* Previously, Nautilus did not check input events correctly. Due to this problem, folders were opened twice if the user double-clicked already selected folders. This update adds additional checks to determine whether the same or another item is clicked. Now, double-clicking these items behaves as expected. (BZ#427580)
* Previously, Nautilus did not respect the environment umask setting. Due to this problem, newly created files which were internally copied from templates, inherited permissions from the original file. This update adds a flag to respect the umask setting. Now, newly created files, which are internally copied from templates, have the correct permissions according to the desired umask. (BZ#459687)
All nautilus users are advised to upgrade to these updated packages, which fix these bugs.

1.101. net-snmp

1.101.1. RHBA-2011:1076: net-snmp bug fix and enhancement update

Updated net-snmp packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1076 — net-snmp bug fix and enhancement update.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl management information base (MIB) browser.

Bug Fixes:

BZ#554956
When running on a machine with an aliased network interface, a small memory leak may have occurred and the snmpd daemon may have incorrectly spammed syslog with the following message:
error on subcontainer '' insert (-1)
Although the message itself is completely harmless, it may have filled the system log. This update adapts the underlying source code to make sure the snmpd no longer leaks memory or produces the aforementioned message when processing aliased interfaces.
BZ#556824
When running on a big-endian machine, the snmpd daemon incorrectly mixed pointers to integers of a different size, and reported wrong indexes of the UDP-MIB::udpTable table. With this update, this error no longer occurs, and snmpd now reports correct indexes.
BZ#557758
When loading a list of installed RPM packages for the HOST-RESOURCE::hrSWInstalledTable table, a rare race condition may have occurred if an RPM package was being updated, installed, or removed at the same time, causing the snmpd daemon to terminate unexpectedly with a segmentation fault. With this update, snmpd has been adapted to recover from such a situation, and no longer crashes in this scenario.
BZ#561875
When retrieving data for the Remote Network Monitoring Management Information Base (RMON-MIB), the snmpd daemon may have leaked file descriptors. As a result, the file descriptors available to the snmpd process may have been exhausted, rendering the daemon unable to respond to SNMP requests. With this update, all unnecessary file descriptors are appropriately closed, and snmpd now works as expected.
BZ#561882
When a network interface was not active and the snmpd service was unable to obtain its real speed from the kernel, it incorrectly reported an erroneous value of the IF-MIB::ifSpeed object. This update corrects the snmpd daemon to report the correct speed if the kernel provides it, and not to report the speed of a disabled network at all if it cannot be obtained.
BZ#562376, BZ#653780
Prior to this update, the snmpd daemon did not initialize the structures for the IP-MIB::ipSystemStatsTable and IP-MIB::ipIfStatsTable tables properly. Consequent to this, when a counter in these tables exceeded 32 bits, the following error message may have been written to the system log:
looks like a 64bit wrap, but prev!=new
This update corrects the initialization of the aforementioned tables, resolving this issue.
BZ#574035
Prior to this update, when a user provided a passphrase that was too short, various SNMP utilities such as snmpget or snmpwalk incorrectly returned exit code 0. This error no longer occurs, and the SNMP utilities now return a non-zero exit code in this scenario.
BZ#584769
Previously, the logrotate configuration file shipped with the net-snmp packages restarted the snmpd daemon whenever the /var/log/snmpd.log file was rotated. However, this led to an unnecessary interruption of the SNMP service, and may have negatively affected several SNMP counters. With this update, the aforementioned configuration file has been adapted to only notify the running snmpd daemon that the log file should be reopened, and no longer interrupts the SNMP service.

Note

By default, the snmpd daemon writes messages to the system log (that is, the /var/log/messages file). Since logging to the /var/log/snmpd.log file is optional and must be enabled manually, most users were not affected by this bug.
BZ#587617
The upstream test suite that was previously shipped as part of the source RPM package did not work with the TCP and UDP protocols for IPv6, and reported false errors. This update adapts the test suite to work with IPv6 as expected.
BZ#587785
When responding to an SNMP GET request of an unknown row in the IF-MIB::ifTable table, the Net-SNMP daemon incorrectly returned a noCreation error. This update applies a patch that resolves this issue, and the snmpd daemon now correctly returns a noSuchInstance error as specified by the SNMP standards.
BZ#591416
During recompilation of the net-snmp source package, the configure script reported an error. Although this error was completely harmless and did not affect the resulting build in any way, it unnecessarily polluted the output of the rpmbuild command. To prevent this, the error in the header ordering has been fixed so that the package can be rebuilt with no error messages.
BZ#595322
Prior to this update, index values of the HOST-RESOURCES-MIB::hrFSTable and HOST-RESOURCES-MIB::hrStorageTable tables were not persistent across device remounts (that is, a particular index may have been different before and after a device was unmounted and mounted again). With this update, the snmpd daemon has been updated to keep track of mounted and unmounted devices in order to retain the same indexes across remounts.
BZ#600319
Previously, the snmpd daemon was updated to send SNMP responses to broadcast requests from the same interface on which the SNMP was received. However, this update also introduced an error which prevented it from sending responses to unicast request on multihomed machines (that is, on machines with multiple network interfaces, each facing a different network). This update corrects this error so that the snmpd daemon is now able to both answer unicast requests on multihomed machines and send responses to broadcast requests from the same interface on which the request was received.
BZ#630905
Due to a possible race condition, the snmpd daemon may have failed to count some processes when populating the UCD-SNMP-MIB::prTable table. With this update, the underlying source code has been adapted to prevent such a race condition so that all processes are now counted as expected.
BZ#645303
Due to a possible overflow of a 32-bit signed integer, the snmptranslate tool may have reported wrong ranges of objects with the Unsigned32 syntax. This update adapts snmptranslate to use 64-bit values for integer ranges, so that the utility no longer produces incorrect Unsigned32 ranges.
BZ#645317
Previously, the snmpd service returned an incorrect value of the IP-MIB::ipv6InterfaceForwarding object: for forwarding it reported 0 instead of 1, and for notForwarding it reported 1 instead of 2. With this update, this error no longer occurs, and snmpd now reports the value of IP-MIB::ipv6InterfaceForwarding in accordance with RFC 4293.
BZ#654384
Previously, the snmpd daemon strictly implemented RFC 2780. However, this specification no longer scales well with modern big storage devices with small allocation units, and consequently, snmpd reported a wrong value of the HOST-RESOURCES-MIB::hrStorageSize object when working with a large file system (larger than 16TB), because the accurate value would not fit into Integer32 as specified in the RFC. To address this issue, this update adds a new option to the /etc/snmp/snmpd.conf configuration file, realStorageUnits. By changing the value of this option to 0, users can now enable recalculating all values in hrStorageTable to ensure that the multiplication of hrStorageSize and hrStorageAllocationUnits always produces an accurate device size. On the other hand, the values of hrStorageAllocationUnits are artificial and do not represent the real size of the allocation unit on the storage device.
BZ#659354
When running on a big-endian machine, the snmpd daemon reported wrong values of storage sizes in the HOST-RESOURCES-MIB::hrStorageTable table. This was caused by incorrect use of pointers to integers of a different size. With this update, the snmpd daemon has been adapted to use pointers to integer values in the HOST-RESOURCES-MIB::hrStorageTable implementation. As a result, the sizes in the aforementioned table are now reported correctly.
BZ#663863
When an object identifier (OID) was out of the subtree registered by the proxy statement in the /etc/snmp/snmpd.conf configuration file, the previous version of the snmpd daemon failed to use a correct OID of proxied GETNEXT requests. With this update, snmpd now adjusts the OIDs of proxied GETNEXT requests correctly and sends correct requests to the remote agent as expected.
BZ#676669
After processing the SIGUP signal, the snmpd daemon may have stopped to report a correct value in the HOST-RESOURCES-MIB::hrStorageTable table. This update corrects this error so that when the SIGHUP signal is processed, the snmpd daemon now provides correct values in HOST-RESOURCES-MIB::hrStorageTable.
BZ#676955
The previous version of snmptrapd, the Net-SNMP daemon for processing traps, leaked memory when processing incoming SNMP traps in embedded Perl. This caused the amount of consumed memory to grow over time, making the memory consumption was even larger if the daemon was processing SNMPv1 traps. With this update, the underlying source code has been adapted to prevent such memory leaks, and processing incoming SNMP traps in embedded Perl no longer increases the memory consumption.
BZ#680347
The previous version of the snmpd daemon failed to detect newly added or activated interfaces, and did not show them in the IPV6-MIB::ipv6IfTable table. With this update, a patch has been applied to address this issue, and the snmpd daemon now properly refreshes the table whenever a new interface appears.
BZ#683142
Prior to this update, the snmpd daemon did not detect errors when accessing the /proc file system. Consequent to this, an attempt to read information about an exited process while gathering information for a HOST-RESOURCES-MIB::hrSWRunTable table caused the daemon to terminate unexpectedly with a segmentation fault. This update adapts the underlying source code to make sure that such errors are now properly detected, and snmpd no longer crashes when populating HOST-RESOURCES-MIB::hrSWRunTable.
BZ#704443
The previous version of the snmpd daemon incorrectly processed requests with malformed Basic Encoding Rules (BER), namely with the wrong type field of Community, RequestID, Error-status, and Error-index attributes. The updated snmpd daemon properly checks encoding of incoming packets and silently drops malformed requests as required by SNMP RFCs.
BZ#556842
Previously, the SYNOPSIS section of the snmpnetstat(1) manual page incorrectly listed the -CP option instead of -Cp. This error has been fixed so that the aforementioned manual page no longer contains misleading information.
BZ#583807
In the description of the linkUpDownNotifications directive, the snmpd.conf(5) manual page treats the linkUp and linkDown notifications as containing the ifIndex, ifAdminStatus, and ifOperStatus objects. Previously, the snmpd daemon did not include these objects in outgoing notifications. With this update, the snmpd daemon has been adapted to add these objects to the outgoing notifications as described in the manual page.
BZ#613584
Prior to this update, the help messages of various SNMP-related tools and their corresponding manual pages (such as the snmptrapd(8) page) incorrectly suggested -D token as a valid syntax of the -D command line option. This update corrects this error, and both manual pages and help messages of the affected tools now strictly use the -Dtoken syntax as expected.

Enhancements:

BZ#664523
With this update, the UCD-SNMP-MIB::dskTable table has been enhanced to report 64-bit statistics of available, used, and free disk space. As a result, the table now provides the following new columns: dskTotalLow, dskTotalHigh, dskAvailLow, dskAvailHigh, dskUsedLow, and dskUsedHigh.
All users of net-snmp are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

1.102. NetworkManager

1.102.1. RHBA-2011:1023: NetworkManager bug fix update

Updated NetworkManager packages that fix two bugs are now available for Red Hat Enterprise Linux 5.
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. It manages Ethernet, wireless, mobile broadband (WWAN), and Point-to-Point Protocol over Ethernet (PPPoE) devices, and provides virtual private network (VPN) integration with a variety of different VPN services.
This update fixes the following bugs:
* Prior to this update, stopping the messagebus service, either manually or during a routine system shutdown, could cause certain NetworkManager components to terminate unexpectedly with a segmentation fault. With this update, the underlying source code is modified to target this issue. Now, NetworkManager components exit with a 0 return code when the messagebus service is stopped. (BZ#580393)
* Prior to this update, connecting to WPA Enterprise networks with CHAP authentication could cause the network dialog to terminate unexpectedly with a segmentation fault due to an incorrect index. This update modifies the source code to use the correct index. Now, the network dialog works as expected. (BZ#644256)
All NetworkManager users are advised to upgrade to these updated packages, which fix these bugs.

1.103. nfs-utils

1.103.1. RHBA-2011:1048: nfs-utils bug fix and enhancement update

An updated nfs-utils package that fixes various bugs and adds one enhancement is now available for Red Hat Enterprise Linux 5.
The nfs-utils package provides a daemon for the kernel Network File System (NFS) server, and related tools such as the mount.nfs, umount.nfs, and showmount programs.
This update fixes the following bugs:
* With an automounter in use, mounting a large number of NFS file systems (that is, 500 and more) over the TCP protocol at the same time caused the process to run out of privileged ports. Consequent to this, many of these mount attempts may have failed with an error message written to the system log. This update applies a patch to wait for a period of time specified by the "retry=" option before attempting to establish a connection with the NFS mount daemon again. (BZ#240790)
* Due to an error in the RPM spec file, the rpc.statd daemon may have been incorrectly running as the root user. This error has been fixed so that rpc.statd now runs as rpcuser. (BZ#495066)
* By providing the "-d" command line option, the rpc.gssd daemon allows a user to specify a directory or directories in which to look for Kerberos credential files. Previously, an attempt to specify a value other than "/tmp" caused the daemon to fail with the following error:
rpc.gssd: ccachedir path name too long
With this update, this error no longer occurs, and the "-d" option can now be used as expected. (BZ#498134)
* Due to an error in the RPM spec file, the nfsnobody user was assigned a different UID and GID on 32-bit and 64-bit architectures. This error has been fixed, and the nfsnobody user is now created with UID and GID 65534 on both 32-bit and 64-bit architectures. (BZ#511876)
* When an NFS file system was mounted over the UDP protocol from a server that did not allow the use of the TCP protocol, an attempt to unmount it failed, because the umount.nfs utility incorrectly used TCP. With this update, a patch has been applied to address this issue so that umount.nfs no longer uses an incorrect protocol. (BZ#513466)
* Previously, the nfs and nfslock init scripts incorrectly returned exit code 0 even when the respective service was stopped. This update corrects this error, and when the corresponding service is stopped, these init scripts now return a non-zero exit code as expected. (BZ#534133, BZ#542020)
* The NFS mount daemon allows a user to disable a particular version of the NFS protocol by changing the value of the "MOUNTD_NFS_V1" option in the /etc/sysconfig/nfs configuration file to "no". Previously, an attempt to unmount a shared file system from a server with such configuration failed with an error. This update applies a patch that addresses this issue so that shared file systems can now be unmounted as expected. (BZ#595675)
* Prior to this update, running "nfsstat -s -o rpc" command produced output with incorrect labels in a table header. With this update, the underlying source code has been adapted to make sure that all columns now have the correct name. (BZ#617669)
As well, this update adds the following enhancement:
* The mount.nfs4 utility has been updated to provide a new mount option, "lookupcache=", which allows the NFS client to control how it caches files and directories. (BZ#511312)
All users of nfs-utils are advised to upgrade to this updated package, which fixes these bugs and adds this enhancement.

1.104. nss

1.104.1. RHSA-2011:0472: Important nss security update

Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having important security impact.
Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications.
This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token (the libnssckbi.so library) certificate store. (BZ#689430)
Note: This fix only applies to applications using the NSS Builtin Object Token. It does not blacklist the certificates for applications that use the NSS library, but do not use the NSS Builtin Object Token (such as curl).
All NSS users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS must be restarted for the changes to take effect.

1.105. nss_ldap

1.105.1. RHBA-2011:1030: nss_ldap bug fix update

An updated nss_ldap package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap module allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows a directory server to be used by PAM-aware applications to verify user passwords.
This update fixes the following bugs:
* Prior to this update, using the getent utility to retrieve information about a group with a large number of users could take a very long time. This update applies a backported patch that addresses this issue and significantly improves the performance. (BZ#646329)
* When the "netgroup" entry in the /etc/nsswitch.conf configuration file is set to "ldap files" and the connection to an LDAP server cannot be established, the system is supposed to search local files for netgroups instead. Previously, querying such a system for netgroups could incorrectly produce an empty list. This update corrects this error, and when the "netgroup" entry is set to "ldap files" and the LDAP server is unavailable, local files are now searched as expected. (BZ#664609)
* When a system is configured to use LDAP accounts and a password expires, the relevant user is prompted to change it upon the next login. Previously, the pam_ldap module incorrectly allowed users to re-use their old passwords. With this update, this error no longer occurs, and users are no longer allowed to enter the same password when prompted to change it. (BZ#667758)
* Due to a possible assertion failure in the nss_ldap module, the previous version of the nss_ldap package may have caused various applications that rely on the libldap library to terminate unexpectedly. With this update, a patch has been applied to prevent this assertion failure, resolving this issue. (BZ#688601)
All users of nss_ldap are advised to upgrade to this updated package, which fixes these bugs.

1.105.2. RHBA-2011:0514: nss_ldap bug fix update

An updated nss_ldap package that fixes a bug is now available for Red Hat Enterprise Linux 5.
[Updated 20 May 2011] This advisory has been updated with the correct product name (that is, Red Hat Enterprise Linux 5) in the Details section. The package included in this revised update has not been changed in any way from the package included in the original advisory.
The nss_ldap package contains nss_ldap, a module which allows applications to retrieve information about users, groups, netgroups, from directory servers, and pam_ldap, which allows PAM-aware applications to check users passwords with the aid of a directory server.
This updated nss_ldap package fixes the following bug:
* Previously, if the server closed the connection, the client did not receive any results and failed with the following error, which was caused by the client attempting to parse results which it had not received:
ldap_result: Assertion `ld != ((void *)0)' failed.
With this update, the nss_ldap checks if the server is available while running and finishes with an appropriate error code if the connection fails. (BZ#703831)
All users of nss_ldap are advised to upgrade to this updated package, which resolves this bug.

1.106. ntp

1.106.1. RHBA-2011:0980: ntp bug fix and enhancement update

An updated ntp package that fixes various bugs and provides an enhancement is now available for Red Hat Enterprise Linux 5.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
This updated ntp package includes fixes for the following bugs:
* The ntpd man pages suggested that the "-L" command option could be issued without an argument. However, the user needs to define the virtual interfaces as arguments of the option. This update corrects the ntp help page. (BZ#460434)
* Prior to this update, if the /usr directory was mounted on an NFS file system, the ntpd service could not be started before the netfs service. This update moves the NTP applications to the /sbin directory so the user may change the ntpd startup priority to start prior to the netfs service. Note that if you wish to mount NFS version 4 with Kerberos authentication, you should consider changing the ntpd startup priority to start prior to the netfs service. Otherwise authentication may fail due to the non-synchronized date. (BZ#470945)
* Prior to this update, verifying the ntp package with the "rpm -V" command failed on the package configuration file if the configuration file had changed. However, changes to the configuration file should not impact the verification test. This update adapts the spec file and the package verify test passes successfully. (BZ#481151)
* The ntpd daemon could terminate unexpectedly due to a low memory lock limit. With this update, the memory lock limit has been doubled. (BZ#575874)
* The "-q" command line option causes the ntpd service to exit immediately after the clock is set. Prior to this update, the man page ntpd(8) did not document that this only occurs if there are servers configured for ntpd to set the clock against. The user could conclude that ntpd was misbehaving when it did not quit if run with the "-q" switch but with no configured servers. With this update, the ntpd(8) man page notes that "ntpd -q" only exits if used to set the clock with configured servers. (BZ#591838)
* Prior to this update, the ntpd daemon could terminate unexpectedly with a segmentation fault on a machine with more than 512 local IP addresses. This happened because of a limit set for scanning. With this update, the limit scan has been changed to scan to the maximum number of interfaces and the ntpd daemon no longer crashes in such circumstances. (BZ#661934)
* Prior to this update, the ntp-keygen(8) patch man page contained multiple typos. This update fixes the typos. (BZ#664524, BZ#664525)
* The "ntpstat" command printed an incorrect maximum error estimate. This occurred because the "time correct to within" value did not include the root delay. With this update, the value includes the root delay and the displayed "time correct to within" value is correct. (BZ#679034)
In addition, this updated ntp package provides the following enhancement:
* Prior to this update, the ntpd daemon did not allow the specification of multiple interfaces which it should be listening on. With this update, the user can define multiple interfaces the daemon should be listening on. (BZ#528799)
All ntp users are advised to upgrade to this updated package, which resolves these issues and provides this enhancement.

1.107. numactl

1.107.1. RHBA-2011:0825: numactl bug fix update

An updated numactl package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The numactl package adds a simple Non-Uniform Memory Access (NUMA) policy support. It consists of a numactl program to run other programs with a specific NUMA policy and a libnuma to do allocations with NUMA policy in applications.
This update fixes the following bug:
* Under certain circumstances, having an environment of three numa nodes resulted in a memory corruption, which had a negative impact on performance. This problem has been fixed in this update so that the memory corruption does not occur anymore. (BZ#705309)
All users requiring numactl should upgrade to this updated package, which fixes this bug.

1.108. openais

1.108.1. RHBA-2011:1012: openais bug fix update

An updated openais package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The Application Interface Specification (AIS) is an API and a set of policies for developing applications that maintain services during faults. The OpenAIS Standards Based Cluster Framework is an OSI-certified implementation of the Service Availability Forum AIS. The openais package contains the openais executable, OpenAIS service handlers, default configuration files, and an init script.
This update fixes the following bugs:
* When there were a lot of nodes left at the same time during the controlled shutdown of the Corosync Cluster Engine, the nodes had to wait for the token timeout for each node. As a result, this unintended behavior slowed down the whole shut down process. The problem has been fixed so that a JOIN message is now sent out with the node removed. (BZ#645299)
* Previously, the amount of open files limit was not handled gracefully. The problem has been fixed in this update so that if the open files limit is now reached, the published server listening socket is withdrawn. Then when a connection is closed, the server listening socket is republished, if necessary. (BZ#611434)
* When the SysV semaphores or Shared Memory (SHM) limit was exceeded, a client could have looped forever. This bug has been fixed and the "SA_AIS_ERR_NO_SPACE" error value is returned if one of the limits is exceeded. (BZ#561546)
* Previously, if the token was lost, the old ring ID information was restored, causing a commit token to be accepted when it should have been rejected. This erroneously accepted commit token led to an assertion, which has been fixed in this update. (BZ#623176)
* When the ring ID file for the processor was less then 8 bytes, totemsrp asserted as a result. This has been fixed so that OpenAIS will now create a fresh ring ID file data when the incorrect number of bytes is read from the ring ID file. (BZ#675206)
All users of openais are advised to upgrade to this updated package, which fixes these bugs.

1.108.2. RHBA-2011:0495: openais bug fix update

An updated openais package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The Application Interface Specification (AIS) is an API and a set of policies for developing applications that maintain services during faults. The OpenAIS Standards Based Cluster Framework is an OSI-certified implementation of the Service Availability Forum AIS. The openais package contains the openais executable, OpenAIS service handlers, default configuration files and an init script.
This update fixes for the following bugs:
* When a system limit for semaphores or shared memory was exceeded on SysV, the openais client sometimes went into a loop. With this update, the openais client handles the situation properly, and no longer enters an infinite loop when either of these limits is exceeded. (BZ#694180)
* When the OpenAIS limit for open files was exceeded, the openais executable terminated unexpectedly. With this update, if the limit is reached, the published server listening socket is withdrawn and the connection closes without causing any crashes. (BZ#694181)
* Previously, if a token was lost in the recovery state, the openais executable sometimes accepted a commit token with old ring ID information. This resulted in an unexpected termination. This bug has been fixed and lost tokens are now handled properly. (BZ#694182).
* When the ring ID file for a processor was less then 8 bytes long, totemsrp terminated unexpectedly. Now, OpenAIS always creates fresh ring ID file data when an incorrect number of bytes are read from the ring ID. (BZ#694183)
All users of openais are advised to upgrade to this updated package, which fixes these bugs.

1.109. openib

1.109.1. RHBA-2011:1056: openib bug fix update