4.96. ipmitool
An updated ipmitool package that fixes one security issue is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.
Security Fix
- CVE-2011-4339
- It was discovered that the IPMI event daemon (ipmievd) created its process ID (PID) file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted.
All users of ipmitool are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the IPMI event daemon (ipmievd) will be restarted automatically.
An updated ipmitool package that fixes multiple bugs is now available for Red Hat Enterprise Linux 6.
The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.
Bug Fixes
- BZ#675975
- Prior to this update, ipmitool's Serial Over LAN (SOL) module erroneously calculated the number of octets processed by the Baseboard Management Controller and could have resent already acknowledged chunks of serial communication, which could have corrupted the serial line with additional characters. Under certain circumstances, this could have also brought ipmitool into an endless loop or unexpected termination. With this update, ipmitool now correctly calculates the number of octets processed by the BMC and does not resend unwanted characters over the serial line.
- BZ#727314
- This update improves integration of the Linux Multiple Device (MD) driver with ipmitool to indicate the SCSI enclosure services (SES) status and drive activities for the PCIe SSD based solutions.
- BZ#726390
- This update adds the "channel setkg" subcommand to the "ipmitool" command, which allows for KG key configuration.
- BZ#726390
- This update adds the "-Y" option, which allows reading of the KG key from the terminal.
- BZ#731977
- A serial console connected to over the LAN and activated with the command "ipmitool sol activate" contained a memory leak, which could have consumed all available memory resources over time. This update fixes the problem.
- BZ#731718
- Invoking "ipmitool delloem powermonitor" did not properly convert values received over the network to integer numbers on big-endian systems (PowerPC, IBM System z). As a result, mostly random values were displayed when reporting power consumption. This update fixes the integer conversions in the "powermonitor" command so that the power consumption is now reported correctly on PowerPC and IBM System z architectures.
All users of ipmitool are advised to upgrade to this updated package, which fixes these bugs.
Updated ipmitool packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The ipmitool package contains a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.
Bug Fix
- BZ#990960
- In cases of congested networks or slow-responding BMCs (Baseboard Management Controller), the reply operation timeout triggered the protocol command retry action. Consequently, the ipmitool utility could incorrectly process a LAN session protocol command with the reply from a previous protocol command. This update fixes handling of expected replies for each command alone and cleans up expected replies between commands. Now, the retried reply of the first command is correctly ignored while the later command, which is currently pending, is properly processed in the described scenario.
Users of ipmitool are advised to upgrade to these updated packages, which fix this bug. After installing this update, the IPMI event daemon (ipmievd) will be restarted automatically.