5.10 Technical Notes
Detailed notes on the changes implemented in Red Hat Enterprise Linux 5.10
Edition 10
Abstract
Preface
Chapter 1. Technology Previews
- DFS
- Starting with Red Hat Enterprise Linux 5.3, CIFS supports Distributed File System (DFS) as a Technology Preview.Package: kernel-2.6.18-371
- LSI 12 Gb/s adapters with the MegaRAID SAS driver
- LSI MegaRAID SAS 9360/9380 12Gb/s controllers are now supported as a Technology Preview.Package: kernel-2.6.18-371
- CDTB
- CTDB is a clustered database based on Samba's Trivial Database (TDB). The ctdb package is a cluster implementation used to store temporary data. If an application is already using TBD for temporary data storage, it can be very easily converted to be cluster-aware and use CTDB.Package: ctdb-1.0.112-2
- Kerberos support for CIFS mounts
- Starting with Red Hat Enterprise Linux 5.9, users can use their Kerberos credentials to perform a CIFS mount.Package: samba-client-3.0.33-3.39
- FreeIPMI
- FreeIPMI is included in as a Technology Preview. FreeIPMI is a collection of Intelligent Platform Management IPMI system software. It provides in-band and out-of-band software, along with a development library conforming to the Intelligent Platform Management Interface (IPMI v1.5 and v2.0) standards.For more information about FreeIPMI, refer to http://www.gnu.org/software/freeipmi/Package: freeipmi-0.5.1-7
- TrouSerS and tpm-tools
- TrouSerS and
tpm-tools
are included in this release to enable use of Trusted Platform Module (TPM) hardware. TPM hardware features include (among others):- Creation, storage, and use of RSA keys securely (without being exposed in memory)
- Verification of a platform's software state using cryptographic hashes
TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of TPM hardware.tpm-tools
is a suite of tools used to manage and utilize TPM hardware.For more information about TrouSerS, refer to http://trousers.sourceforge.net/.Packages: tpm-tools-1.3.1-1, trousers-0.3.1-4 - eCryptfs
- eCryptfs is a stacked cryptographic file system for Linux. It mounts on individual directories in existing mounted lower file systems such as EXT3; there is no need to change existing partitions or file systems in order to start using eCryptfs. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5.9.For more information about eCryptfs, refer to http://ecryptfs.sf.net. You can also refer to https://launchpad.net/ecryptfs for basic setup information.Package: ecryptfs-utils-75-8
- Stateless Linux
- Stateless Linux, included as a Technology Preview, is a new way of thinking about how a system should be run and managed, designed to simplify provisioning and management of large numbers of systems by making them easily replaceable. This is accomplished primarily by establishing prepared system images which get replicated and managed across a large number of stateless systems, running the operating system in a read-only manner (refer to
/etc/sysconfig/readonly-root
for more details).In its current state of development, the Stateless features are subsets of the intended goals. As such, the capability remains as Technology Preview.Red Hat recommends that those interested in testing stateless code join the stateless-list@redhat.com mailing list.The enabling infrastructure pieces for Stateless Linux were originally introduced in Red Hat Enterprise Linux 5. - AIGLX
- AIGLX is a Technology Preview feature of the otherwise fully supported X server. It aims to enable GL-accelerated effects on a standard desktop. The project consists of the following:
- A lightly modified X server.
- An updated Mesa package that adds new protocol support.
By installing these components, you can have GL-accelerated effects on your desktop with very few changes, as well as the ability to enable and disable them at will without replacing your X server. AIGLX also enables remote GLX applications to take advantage of hardware GLX acceleration.Packages: X Window System group of packages. - FireWire
- The
firewire-sbp2
module is included in this update as a Technology Preview. This module enables connectivity with FireWire storage devices and scanners.At present, FireWire does not support the following:- IPv4
- pcilynx host controllers
- multi-LUN storage devices
- non-exclusive access to storage devices
In addition, the following issues still exist in FireWire:- a memory leak in the
SBP2
driver may cause the machine to become unresponsive. - a code in this version does not work properly in big-endian machines. This could lead to unexpected behavior in PowerPC.
Package: kernel-2.6.18-371 - Device Failure Monitoring of RAID sets
- Device Failure Monitoring, using the dmraid and dmevent_tool tools, is included in Red Hat Enterprise Linux 5.9 as a Technology Preview. This Technology Preview provides the ability to watch and report device failures on component devices of RAID sets.Packages: dmraid-1.0.0.rc13-65, dmraid-events-1.0.0.rc13-65
- SGPIO Support for dmraid
- Serial General Purpose Input Output (SGPIO) is an industry standard communication method used between a main board and a variety of internal and external hard disk drive bay enclosures. This method can be used to control LED lights on an enclosure through the AHCI driver interface.In this release, SGPIO support in dmraid is included as a technology preview. This will allow dmraid to work properly with disk enclosures.Package: dmraid-1.0.0.rc13-65
- Kernel Tracepoint Facility
- In this update, the kernel marker/tracepoint facility remains a Technology Preview. This interface adds static probe points into the kernel, for use with tools such as SystemTap.Package: kernel-2.6.18-371
- Software based Fibre Channel over Ethernet (FCoE)
- The Fibre Channel over Ethernet (FCoE) driver (fcoe.ko), along with libfc, provides the ability to run FCoE over a standard Ethernet card. This capability is provided as a Technology Preview in Red Hat Enterprise Linux 5.9.To enable this feature, you must login by writing the network interface name to the
/sys/module/fcoe/parameters/create
file, for example:~]#
To logout, write the network interface name to theecho eth6 > /sys/module/fcoe/parameters/create
/sys/module/fcoe/parameters/destroy
file, for example:~]#
For further information on software based FCoE refer to: http://www.open-fcoe.org/open-fcoe/wiki/quickstart.echo eth6 > /sys/module/fcoe/parameters/destroy
Red Hat Enterprise Linux 5.9 and later provides full support for FCoE on three specialized hardware implementations. These are: Ciscofnic
driver, the Emulexlpfc
driver, and the Qlogicqla2xx
driver.Package: kernel-2.6.18-371 - iSER Support
- iSER support, allowing for block storage transfer across a network and provided by the scsi-target-utils package, remains a Technology Preview in Red Hat Enterprise Linux 5.9. In this release, single portal and multiple portals on different subnets are supported. There are known issues related to using multiple portals on the same subnet.To set up the iSER target component install the scsi-target-utils and libibverbs-devel packages. The library package for the InfiniBand hardware that is being used is also required. For example: host channel adapters that use the
cxgb3
driver thelibcxgb3
package is needed, and for host channel adapters using themthca
driver thelibmthca
package is needed.There is also a known issue relating to connection timeouts in some situations. Refer to BZ#470627 for more information on this issue.Package: scsi-target-utils-1.0.14-2 - cman fence_virsh fence agent
- The fence_virsh fence agent is provided in this release of Red Hat Enterprise Linux as a Technology Preview. fence_virsh provides the ability for one guest (running as a domU) to fence another using the libvirt protocol. However, as fence_virsh is not integrated with cluster-suite it is not supported as a fence agent in that environment.Package: cman-2.0.115-118
- glibc new MALLOC behavior
- The upstream glibc has been changed to enable higher scalability across many sockets and cores. This is done by assigning threads their own memory pools and by avoiding locking in some situations. The amount of additional memory used for the memory pools (if any) can be controlled using the environment variables
MALLOC_ARENA_TEST
andMALLOC_ARENA_MAX
.MALLOC_ARENA_TEST
specifies that a test for the number of cores is performed once the number of memory pools reaches this value.MALLOC_ARENA_MAX
sets the maximum number of memory pools used, regardless of the number of cores.The glibc in the Red Hat Enterprise Linux 5.9 release has this functionality integrated as a Technology Preview of the upstream malloc. To enable the per-thread memory pools the environment variableMALLOC_PER_THREAD
needs to be set in the environment. This environment variable will become obsolete when this new malloc behavior becomes default in future releases. Users experiencing contention for the malloc resources could try enabling this option.Package: glibc-2.5-118
Chapter 2. Known Issues
2.1. anaconda
- Installing Red Hat Enterprise Linux 5 from a hard drive is possible only if the source partition covers the whole disk. Otherwise, the following warning can appear:
The kernel was unable to re-read the partition table on /dev/dasdb (Device or resource busy). This means Linux won't know anything about the modifications you made until you reboot. You should reboot your computer before doing anything with /dev/dasdb.
(BZ#846231) - If a read-only disk is present, installation of Red Hat Enterprise Linux 5 can be interrupted by an interactive warning dialog window, and thus blocking automated installations. (BZ#978250)
- When installing Red Hat Enterprise Linux 5.8 on a machine that had previously used a GPT partitioning table, Anaconda does not provide the option to remove the previous disk layout and is unable to remove the previously used GPT partitioning table. To work around this issue, switch to the tty2 terminal (using CTRL+ALT+F2), execute the following command, and restart the installation process:
dd if=/dev/zero of=/dev/USED_DISK count=512
- Starting with Red Hat Enterprise Linux 5.2, to boot with
ibft
, the iSCSI boot firmware table support, use theip=ibft
option as the network install option:ip=<ip> IP to use for a network installation, use 'dhcp' for DHCP.
By default, the installer waits 5 seconds for a network device with a link. If an iBFT network device is not detected in this time, you may need to specify thelinksleep=SECONDS
parameter in addition to theip=ibft
parameter by replacingSECONDS
with an integer specifying the number of seconds the installer should wait, for example:linksleep=10
- Setting the
dhcptimeout=0
parameter does not mean that DHCP will disable timeouts. If the user requires the clients to wait indefinitely, thedhcptimeout
parameter needs to be set to a large number. - When starting an installation on IBM S/390 systems using SSH, re-sizing the terminal window running the SSH client may cause the installer to unexpectedly exit. Once the installer has started in the SSH session, do not resize the terminal window. If you want to use a different size terminal window during installation, re-size the window before connecting to the target system via SSH to begin installation.
- Installing on June with a RAID backplane on Red Hat Enterprise Linux 5.7 and later does not work properly. Consider the following example: a test system which had two disks with two redundant paths to each disk was set up:
mpath0: sdb, sdd mpath1: sda, sdc
In the above setup, Anaconda created the PReP partition on mpath0 (sdb/sdd), but set the bootlist to boot from sda. To work around this issue, follow these steps:- Add
mpath
to the append line in the/etc/yaboot.conf
file. - Use the
--ondisk=mapper/mpath0
in allpart
directives of the kickstart file. - Add the following script to the
%post
section of the kickstart file.%post # Determine the boot device device=; # Set the bootlist in NVRAM if [ "z$device" != "z" ]; then bootlist -m normal $device; # Print the resulting boot list in the log bootlist -m normal -o; bootlist -m normal -r; else echo "Could not determine boot device!"; exit 1; fi
The above script simply ensures that the bootlist is set to boot from the disk with the PReP partition.
- Mounting an NFS volume in the rescue environment requires portmap to be running. To start portmap, run:
/usr/sbin/portmap
Failure to start portmap will return the following NFS mount errors:sh-3.2# mount 192.168.11.5:/share /mnt/nfs mount: Mounting 192.168.11.5:/share on /mnt/nfs failed: Input/output error
- The order of device names assigned to USB attached storage devices is not guaranteed. Certain USB attached storage devices may take longer to initialize than others, which can result in the device receiving a different name than you expect (for example,
sdc
instead ofsda
).During installation, be sure to verify the storage device size, name, and type when configuring partitions and file systems. - anaconda occasionally crashes while attempting to install on a disk containing partitions or file systems used by other operating systems. To workaround this issue, clear the existing partition table using the command:
clearpart --initlabel [disks]
(BZ#530465) - Performing a System z installation, when the
install.img
is located on direct access storage device (DASD) disk, causes the installer to crash, returning a backtrace. anaconda is attempting to re-write (commit) all disk labels when partitioning is complete, but is failing because the partition is busy. To work around this issue, a non-DASD source should be used forinstall.img
. (BZ#455929) - When installing to an
ext3
orext4
file system, anaconda disables periodic file system checking. Unlikeext2
, these file systems are journaled, removing the need for a periodic file system check. In the rare cases where there is an error detected at runtime or an error while recovering the file system journal, the file system check will be run at boot time. (BZ#513480) - Red Hat Enterprise Linux 5 does not support having a separate
/var
on a network file system (nfs
,iSCSI
disk,nbd
, etc.) This is because/var
contains the utilities required to bring up the network, for example/var/lib/dhcp
. However, you may have/var/spool
,/var/www
or the like on a separate network disk, just not the complete /var file system. (BZ#485478) - When using rescue mode on an installation which uses iSCSI drives which were manually configured during installation, the automatic mounting of the root file system does not work. You must configure iSCSI and mount the file systems manually. This only applies to manually configured iSCSI drives; iSCSI drives which are automatically detected through iBFT are fully supported in rescue mode.To rescue a system which has
/
on a non-iBFT configured iSCSI drive, choose to skip the mounting of the root file system when asked, and then follow the steps below:$TARGET_IP: IP address of the iSCSI target (drive) $TARGET_IQN: name of the iSCSI target as printed by the discovery command $ROOT_DEV: devicenode (/dev/.....) where your root fs lives
- Define an initiator name:
$ mkdir /etc/iscsi $ cat << EOF>> /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.1994-05.com.fedora:d62f2d7c09f EOF
- Start iscsid:
$ iscsid
- Discover and login to target:
$ iscsiadm -m discovery -t st -p $TARGET_IP $ iscsiadm -m node -T $TARGET_IQN -p $TARGET_IP --login
- If the iSCSI LUN is part of a LVM Logical volume group:
$ lvm vgscan $ lvm vgchange -ay
- Mount your
/
partition:$ mount /dev/path/to/root /mnt/sysimage $ mount -t bind /dev /mnt/sysimage/dev $ mount -t proc proc /mnt/sysimage/proc $ mount -t sysfs sysfs /mnt/sysimage/sys
- Now you can
chroot
to the root file system of your installation if wanted$ chroot /mnt/sysimage /bin/su -
- When installing KVM or Xen guests, always create a partition for the guest disk, or create an LVM volume. Guests should not be installed to block devices or raw disk devices. Anaconda includes disk label duplication avoidance code, but when installing within a VM, it has no visibility to the disk labels elsewhere on the host and cannot detect duplicates.If guest file systems, especially the root file system, are directly visible to the host, a host OS reboot may inadvertently parse the partition table and mount the guest file systems. This can lead to highly undesirable outcomes.
- The minimum memory requirement when installing all Red Hat Enterprise Linux packages (i.e.
*
or@everything
is listed in the%packages
section of thekickstart
file) on a fully virtualized Itanium guest is 768MB. After installation, the memory allocated to the guest can be lowered to the desired amount. - Upgrading a system using Anaconda is not possible if the system is installed on disks attached using zFCP or iSCSI (unless booted from the disk using a network adapter with iBFT). Such disks are activated after Anaconda scans for upgradable installations and are not found. To update please use the Red Hat Network with the hosted Web user interface, a Red Hat Network Satellite, the local graphical Updater, or the yum command line.
- Anaconda's graphical installer fails to start at the default 800x600 resolution on systems utilizing Intel Graphics Device Next Generation (IGDNG) devices. To work around this issue, ensure anaconda uses a higher resolution by passing the parameters
resolution=1024x768
orresolution=1280x1024
to the installer using the boot command line. - The NFS default for RHEL5 is
locking
. Therefore, to mountnfs
shares from the%post
section of anaconda, use themount -o nolock,udp
command to start the locking daemon before usingnfs
to mount shares. (BZ#426053) - If you are using the Virtualized kernel when upgrading from Red Hat Enterprise Linux 5.0 to a later 5.x release, you must reboot after completing the upgrade. You should then boot the system using the updated Virtualized kernel.The hypervisor ABI changes in an incompatible way between Red Hat Enterprise Linux 5 and 5.1. If you do not boot the system after upgrading from Red Hat Enterprise Linux 5.0 using the updated Virtualized kernel, the upgraded Virtualization RPMs will not match the running kernel. (BZ#251669)
- When upgrading from Red Hat Enterprise Linux 4.6 to Red Hat Enterprise Linux 5.1 or later, gcc4 may cause the upgrade to fail. As such, you should manually remove the gcc4 package before upgrading. (BZ#432773)
- When provisioning guests during installation, theoption will not be available. When this occurs, the system will require an additional entitlement, separate from the entitlement used by
dom0
.To prevent the consumption of additional entitlements for guests, install therhn-virtualization-common
package manually before attempting to register the system to Red Hat Network. (BZ#431648) - When installing Red Hat Enterprise Linux 5 on a guest, the guest is configured to explicitly use a temporary installation kernel provided by
dom0
. Once installation finishes, it can then use its own bootloader. However, this can only be achieved by forcing the guest's first reboot to be a shutdown.As such, when thebutton appears at the end of the guest installation, clicking it shuts down the guest, but does not reboot it. This is an expected behavior.Note that when you boot the guest after this it will then use its own bootloader. - Using the
swap --grow
parameter in akickstart
file without setting the--maxsize
parameter at the same time makes anaconda impose a restriction on the maximum size of the swap partition. It does not allow it to grow to fill the device.For systems with less than 2GB of physical memory, the imposed limit is twice the amount of physical memory. For systems with more than 2GB, the imposed limit is the size of physical memory plus 2GB. (BZ#462734) - Existing encrypted block devices that contain
vfat
file systems will appear as typeforeign
in the partitioning interface; as such, these devices will not be mounted automatically during system boot. To ensure that such devices are mounted automatically, add an appropriate entry for them to/etc/fstab
. For details on how to do so, refer toman fstab
. (BZ#467202) - When using anaconda's automatic partitioning on an IBM System p partition with multiple hard disks containing different Linux distributions, the anaconda installer may overwrite the bootloaders of the other Linux installations although their hard disks have been unchecked. To work around this, choose manual partitioning during the installation process.
- The minimum RAM required to install Red Hat Enterprise Linux 5.8 is 1GB; the recommended RAM is 2GB. If a machine has less than 1GB RAM, the installation process may hang.Furthermore, PowerPC-based machines that have only 1GB of RAM experience significant performance issues under certain RAM-intensive workloads. For a Red Hat Enterprise Linux 5.8 system to perform RAM-intensive processes optimally, 4GB of RAM is recommended. This ensures the system has the same number of physical pages as was available on PowerPC machines with 512MB of RAM running Red Hat Enterprise Linux 4.5 or earlier.
- Installation on a machine with existing Linux or non-Linux file systems on DASD block devices may cause the installer to halt. If this happens, it is necessary to clear out all existing partitions on the DASD devices you want to use and restart the installer.
- If your system only has 512MB of RAM, attempting to install Red Hat Enterprise Linux 5.4 may fail. To prevent this, perform a base installation first and install all other packages after the installation finishes. (BZ#435271)
2.2. autofs
- When using NFSv4 with a global root, autofs has no way to know which server export path corresponds to the global root. Consequently, the internal hosts map fails to mount server exports. For detailed information on this problem, refer the following Knowledge Base article:
- Starting with Red Hat Enterprise Linux 5.4, behavior of the
umount -l
autofs command has changed. For more information, refer to BZ#452122.Previously, theumount -l
would unmount all autofs-managed mounts and autofs internal mounts at start-up, and then mounted all autofs mounts again as a part of the start-up procedure. As a result, the execution of the externalumount -l
command was not needed.The previous autofs behavior can be used via the following commands:~]#
service autofs forcerestart
or~]#
service autofs forcestart
2.3. cmirror
- Due to limitations in the cluster infrastructure, cluster mirrors greater than 1.5TB cannot be created with the default region size. If larger mirrors are required, the region size should be increased from its default (512kB), for example:
# -R <region_size_in_MiB> lvcreate -m1 -L 2T -R 2 -n mirror vol_group
Failure to increase the region size will result in the LVM creation process hanging and may cause other LVM commands to hang. (BZ#514814)
2.4. cpio
- The cpio utility uses a default block size of 512 bytes for I/O operations. This may not be supported by certain types of tape devices. If a tape device does not support this block size, cpio fails with the following error message:
cpio: read error: Cannot allocate memory
To work around this issue, modify the default block size with the--block-size long
option, or use the-B
option to set the block size to 5120 bytes. When the block size supported by the tape device is provided, the cpio utility works as expected. (BZ#573943)
2.5. openswan
- When the frequency scaling is enabled, a kernel panic can occur on a HMV (Hardware Virtual Machine) guest, and the following message is logged:
Kernel panic - not syncing: IO-APIC + timer doesn't work!
To work around this problem, change the default CPU governor to performance in the/etc/sysconfig/cpuspeed
file as follows:GOVERNOR=performance
.
2.6. compiz
- Running
rpmbuild
on thecompiz
source RPM will fail if any KDE orqt
development packages (for example,qt-devel
) are installed. This is caused by a bug in thecompiz
configuration script.To work around this, remove any KDE orqt
development packages before attempting to build thecompiz
package from its source RPM. (BZ#444609)
2.7. device-mapper-multipath
- Note that under certain circumstances, the multipathd daemon can terminate unexpectedly during shutdown.
- It is possible to overwrite the default hardware table. However, regular expression matches are not allowed; the vendor and product strings need to be matched exactly. These strings can be found by running the following command:
~]# multipathd -k"show config"
- By default, the
multipathd
service starts up before theiscsi
service. This provides multipathing support early in the bootup process and is necessary for multipathed iSCSI SAN boot setups. However, once started, themultipathd
service adds paths as informed about them by udev. As soon as themultipathd
service detects a path that belongs to a multipath device, it creates the device. If the first path that multipathd notices is a passive path, it attempts to make that path active. If it later adds a more optimal path,multipathd
activates the more optimal path. In some cases, this can cause a significant overhead during a startup.If you are experiencing such performance problems, define themultipathd
service to start after theiscsi
service. This does not apply to systems where the root device is a multipathed iSCSI device, since it the system would become unbootable. To move the service start time run the following commands:~]#
To restore the original start time, run the following command:mv /etc/rc5.d/S06multipathd /etc/rc5.d/S14multipathd
~]#mv /etc/rc3.d/S06multipathd /etc/rc3.d/S14multipathd
~]#
(BZ#500998)chkconfig multipathd resetpriorities
- Running the
multipath
command with the-ll
option can cause the command to hang if one of the paths is on a blocking device. Note that the driver does not fail a request after some time if the device does not respond.This is caused by the cleanup code, which waits until the path checker request either completes or fails. To display the currentmultipath
state without hanging the command, usemultipath -l
instead. (BZ#214838)
2.8. dmraid
- The installation procedure stores the name of RAID volume and partition in an initscript. When the system boots, dmraid enables the RAID partition (that are named implicitly in the init script. This action functions until the volume and partition names are changed. In these cases, the system may not boot, and the user is given an option to reboot system and start the rebuild procedure in OROM.OROM changes the name of RAID volume (as seen by dmraid) and dmraid cannot recognize the array identified by previous name stored in initscript. The system no longer boots from RAID partition, since it is not enabled by dmraid. In case of RAID 1 (mirror), the system may be booted from disk that is part of RAID volume. However, dmraid does not allow to active or rebuild the volume which component in mounted.To work around this issue, do not rebuild the RAID array in OROM. Start the rebuild procedure by dmraid in the operating system, which performs all the steps of rebuilding. dmraid does not change the RAID volume name, therefore the system can be booted from RAID array without the need of init script modification.To modify init script after OROM has started rebuild:
- Start the system in rescue mode from the installation disk, skip finding and mounting previous installations.
- At the command line, find and enable the raid volume that is to be booted from (the RAID volume and partitions will be activated)
~]#
dmraid -ay isw_effjffhbi_Volume0
- Mount the root partition:
~]#
mkdir /tmp/raid
~]#mount /dev/mapper/isw_effjffhbi_Volume0p1 /tmp/raid
- Decompress the boot image:
~]#
mkdir /tmp/raid/tmp/image
~]#cd /tmp/raid/tmp/image
~]#gzip -cd /tmp/raid/boot/inird-2.6.18-155.el5.img | cpio -imd –quiet
- Change the names of the RAID volumes in the initscript to use the new names of RAID:
~]#
dmraid –ay –I –p –rm_partition “/dev/mapper/isw_effjffhbi_Volume0”
~]#kpartx –a –p p “/dev/mapper/isw_effjffhbi_Volume0”
~]#mkrtootdev –t ext3 –o defaults,ro /dev/mapper/isw_effjffhbi_Volume0p1
- Compress and copy initrd image with the modified init script to the boot directory
~]#
cd /tmp/raid/tmp/image
~]#find . –print | cpio –c –o | gzip -9 > /tmp/raid/boot/inird-2.6.18-155.el5.img
- Unmount the raid volume and reboot the system:
~]#
umount /dev/mapper/isw_effjffhbi_Volume0p1
~]#dmraid -an
2.9. dogtail
- Attempting to run
sniff
may result in an error. This is because some required packages are not installed withdogtail
. (BZ#435702)To prevent this from occurring, install the following packages manually:- librsvg2
- ghostscript-fonts
- pygtk2-libglade
2.10. file
- The file utility can exit with the 0 exit code even if some input files have not been found. This behavior is correct; refer to the file(1) man page for more information.
2.11. firefox
- In certain environments, storing personal Firefox configuration files (~/.mozilla/) on an NFS share, such as when your home directory is on a NFS share, led to Firefox functioning incorrectly, for example, navigation buttons not working as expected, and bookmarks not saving. This update adds a new configuration option, storage.nfs_filesystem, that can be used to resolve this issue. If you experience this issue:
- Start Firefox.
- Type
about:config
into the URL bar and press the Enter key. - If prompted with "This might void your warranty!", click thebutton.
- Right-click in thelist. In the menu that opens, select → .
- Type "storage.nfs_filesystem" (without quotes) for the preference name and then click thebutton.
- Select
true
for the boolean value and then press the button.
2.12. firstboot
- When firstboot is running in text mode, the user can only register to Red Hat Netwrork legacy, not with subscription-manager. When firstboot is running in GUI mode, both options are available.
- The IBM System z does not provide a traditional Unix-style physical console. As such, Red Hat Enterprise Linux 5 for the IBM System z does not support the firstboot functionality during initial program load.To properly initialize setup for Red Hat Enterprise Linux 5 on the IBM System z, run the following commands after installation:
/usr/bin/setup
— provided by thesetuptool
package./usr/bin/rhn_register
— provided by therhn-setup
package.
(BZ#217921)
2.13. gfs2-utils
GFS2
file systems.
fsck.gfs2: invalid option -- a
". To work around this issue:
- Enter the root password when prompted.
- Mount the root file system manually:
~]#
mount -o remount,rw /dev/VolGroup00/LogVol00 /
- Edit the /etc/fstab file from:
/dev/VolGroup00/LogVol00 / gfs2 defaults 1 1
to/dev/VolGroup00/LogVol00 / gfs2 defaults 1 0
- Reboot the system.
Important
GFS2
as the root file system is unsupported.
2.14. gnome-volume-manager
- Removable storage devices (such as CDs and DVDs) do not automatically mount when you are logged in as root. As such, you will need to manually mount the device through the graphical file manager.Alternatively, you can run the following command to mount a device to
/media
:mount /dev/[device name] /media
2.15. grub
- Executing the
grub-install
command fails if the name of a volume group intended to be used for booting contains only non-digit characters. To prevent this problem, it is recommended to name the volume group with a combination of non-digit text followed by a digit; for example, system0.
2.16. initscripts
- On systems with more than two encrypted block devices, anaconda has a option to provide a global passphrase. The init scripts, however, do not support this feature. When booting the system, entering each individual passphrase for all encrypted devices will be required. (BZ#464895)
2.17. ipa-client
- Sometimes, the
krb5.conf
file contains incorrect SELinux context, namely, when the krb5.conf is not created by default, or the IPA client is installed, un-installed, or re-installed. AVC denials can therefore occur in such scenarios. - Attempting to run the
ipa-client-install
command with the--no-sssd
option fails with the following error message:authconfig: error: no such option: --enableforcelegacy
(BZ#852746)
2.18. iscsi-initiator-utils
- Broadcom L2 iSCSI (Internet Small Computer System Interface) boot is not supported in Red Hat Enterprise Linux 5. (BZ#831681)
2.19. kernel-xen
- The Xen hypervisor will not start when booting from an iSCSI disk. To work around this issue, disable the Xen hypervisor's EDD feature with the "edd=off" kernel parameter. For example:
kernel /xen.gz edd=off
(BZ#568336) - With certain hardware,
blktap
may not function as expected, resulting in slow disk I/O causing the guest to operate slowly also. To work around this issue, guests should be installed using a physical disk (i.e. a real partition or a logical volume). (BZ#545692) - When booting paravirtualized guests that support gigabyte page tables (i.e. a Fedora 11 guest) on Red Hat Enterprise Linux 5.7 Xen, the domain may fail to start if more than 2047MB of memory is configured for the domain. To work around this issue, pass the "
nogbpages
" parameter on the guest kernel command-line. (BZ#502826) - Boot parameters are required to enable SR/IOV Virtual Function devices. SR/IOV Virtual Function devices can only be accessed if the parameter pci_pt_e820_access=on is added to the boot stanza in the /boot/grub/grub.conf file. For example:
title Red Hat Enterprise Linux Server (2.6.18-152.el5xen) root (hd0,1) kernel /xen.gz-2.6.18-152.el5 com1=115200,8n1 console=com1 iommu=1 module /vmlinuz-2.6.18-152.el5xen ro root=LABEL=/ console=ttyS0,115200 pci_pt_e820_access=on
This enables the MMCONF access method for the PCI configuration space, a requirement for VF device support - Diskette drive media will not be accessible when using the virtualized kernel. To work around this, use a USB-attached diskette drive instead.Note that diskette drive media works well with other non-virtualized kernels. (BZ#401081)
- Fully virtualized guests cannot correct for time lost due to the domain being paused and unpaused. Being able to correctly track the time across pause and unpause events is one of the advantages of paravirtualized kernels. This issue is being addressed upstream with replaceable timers, so fully virtualized guests will have paravirtualized timers. Currently, this code is under development upstream and should be available in later versions of Red Hat Enterprise Linux. (BZ#422531)
- Upgrading a host (
dom0
) system to Red Hat Enterprise Linux 5.7 may render existing Red Hat Enterprise Linux 5.4 SMP paravirtualized guests unbootable. This is more likely to occur when the host system has more than 4GB of RAM.
- On some Itanium systems configured for console output to VGA, the
dom0
virtualized kernel may fail to boot. This is because the virtualized kernel failed to properly detect the default console device from the Extensible Firmware Interface (EFI) settings.When this occurs, add the boot parameterconsole=tty
to the kernel boot options in/boot/efi/elilo.conf
. (BZ#249076) - On some Itanium systems (such as the Hitachi Cold Fusion 3e), the serial port cannot be detected in
dom0
when VGA is enabled by the EFI Maintenance Manager. As such, you need to supply the following serial port information to thedom0
kernel:- Speed in bits/second
- Number of data bits
- Parity
io_base
address
These details must be specified in theappend=
line of thedom0
kernel in/boot/efi/elilo.conf
. For example:append="com1=19200,8n1,0x3f8 -- quiet rhgb console=tty0 console=ttyS0,19200n8"
In this example,com1
is the serial port,19200
is the speed (in bits/second),8n1
specifies the number of data bits/parity settings, and0x3f8
is theio_base
address. (BZ#433771) - Virtualization does not work on some architectures that use Non-Uniform Memory Access (NUMA). As such, installing the virtualized kernel on systems that use NUMA will result in a boot failure.Some installation numbers install the virtualized kernel by default. If you have such an installation number and your system uses NUMA and does not work with kernel-xen, deselect the Virtualization option during installation.
2.20. kernel
- On Microsoft Hyper-V, a Red Hat Enterprise Linux 5 guest can start with more memory than the host's NUMA node memory, which results in a kernel panic on the guest. To prevent the crash in this scenario, set the
numa=off
boot parameter on the kernel command line. - On Microsoft Windows Server 2012 containing large dynamic VHDX (Hyper-V virtual hard disk) files and using the ext3 file system, a call trace can appear, and, consequently, it is not possible to shut down the guest. To work around this problem, use the ext4 file system or set a logical block size of 1MB when creating a VHDX file. Note that this can only be done by using Microsoft PowerShell as the Hyper-V manager does not expose the
–BlockSizeBytes
option which has the default value of 32MB. To create a dynamix VHDX file with an approximate size of 2.5TB and 1MB block size run:New-VHD –Path .\MyDisk.vhdx –SizeBytes 5120MB –BlockSizeBytes 1MB -Dynamic
- The
sar
andsadf
commands can terminate unexpectedly with a segmentation fault when run on 64-bit PowerPC architecture. (BZ#BZ#984866) - Hardware support for Intel/QLogix QLE7300 series InfiniBand adapters, which was included in Red Hat Enterprise Linux 5.9, has been removed at Red Hat Enterprise Linux 5.10. Please refer to Red Hat Knowledge Solution 426383 for more information.
- Earlier versions of the Broadcom MFW firmware on bnx2x devices have known bugs. A specific link problem is known to affect BCM57810 based devices with 10GBASE-KR connections. Consequently, depending on the exact timing, the network interface can fail to establish the link. To establish a more reliable link, update the MFW firmware on the bnx2x device's EEPROM (Electrically Erasable Programmable Read-Only Memory) to version 7.4.19 or later. The current version can be checked running
ethtool -i $NET_DEVICE | grep firmware-version
. Please consult your hardware vendor or manufacturer for instructions on how to update the MFW firmware on bnx2x devices. - The Emulex
lpfc
driver is missing functionality required to support 16 Gb point-to-point configurations for all adapters in Red Hat Enterprise Linux 5. All other currently available 16 Gblpfc
configurations are supported on most adapters available. Specifically, the LPe16000B adapter is not supported for any configuration, and the LPe16000A adapter is supported for all configurations besides a point-to-point configuration. - Red Hat Enterprise Linux 5 can become unresponsive or even terminate due to the lack of ticketed spinlocks in the
shrink_active_list()
function. - When USB hardware uses the ACM interface, there is a race condition that can lead to a system deadlock due to the spinlocks not disabling interrupts. This has been noticed through various types of softlockups. To workaround this problem, reboot the machine.
- If kdump is configured on an i686 system using a non-PAE kernel and memory larger than 4 GB, it creates an elf core header which includes extra unavailable memory range. This causes kdump to become unresponsive.
- A large number of kernel log messages may flood
netconsole
while under heavy RX traffic, causing thenetconsole
kernel module to stop working. To work around this issue, avoid the use ofnetconsole
, or remove the netconsole module using thermmod netconsole
command and re-configure it again using theinsmod netconsole
command. - To update firmware on Mellanox cards, use mstflint which replaces the outdated tvflash utility.
- The kernel in Red Hat Enterprise Linux 5 does not support Data Center Bridging (DCB). Software-based Fibre Channel over Etherner (FCoE) is a Technology Preview and it is therefore recommended to use Red Hat Enterprise Linux 6 for fully supported software-based FCoE. The following hardware-accelerated FCoE cards are fully supported in Red Hat Enterprise Linux 5: Emulex LPFC, QLogic qla2xxx, Brocade BFA. (BZ#860112)
- The following problems can occur when using Brocade 1010 and 1020 Converged Network Adapters (CNAs):
- BIOS firmware may not be able to log in the Fibre Channel over Ethernet (FCoE) session when loading a Brocade optional BIOS, which causes the server to be unable to boot and the following error message to appear:
Adapter 1/0/0 Link initialization failed. Disabling BIOS
- Configuration cannot be saved via serial port of the server. Use a physical console or Brocade HSM software.
Contact Brocade for additional information on these problems. - In network only, use of Brocade Converged Network Adapters (CNAs) switches that are not properly configured to work with Brocade FCoE functionality can cause a continuous linkup/linkdown condition. This causes error messages to continuously appear on the host console:
bfa xxxx:xx:xx.x: Base port (WWN = xx:xx:xx:xx:xx:xx:xx:xx) lost fabric connectivity
To work around this problem, unload the Brocade BFA driver. - Master Boot Record (MBR) or the /boot partition can be installed on an incorrect disk if the server boots from storage area network (SAN) with many Logical Unit Numbers (LUNs) assigned. To work around this problem, partition the space manually so that the operating system uses only the boot LUN as the root (/) and /boot partitions. (BZ#852305)
- Qemu-kvm does not check if a given CPU flag is really supported by the KVM kernel module. Attempting to enable the "acpi" flag can lead to a kernel panic on guest machines. To work around this problem, do not enable the "acpi" CPU flag in the configuration of a virtual machine. (BZ#838921)
- Running the
ethtool --identify
command in a production environment blocks network traffic and certain network configuration operations until ethtool is aborted. To prevent this problem, do not runethtool --identify
in a production environment; this command is supposed for debugging purposes only. - Starting with Red Hat Enterprise Linux 5.8, the size of I/O operations allowed by the NFS server has been increased by default. The new default max block size varies depending on RAM size, with a maximum of 1M (1048576 bytes).This may cause problems for 32-bit servers configured to use large numbers of
nfsd
threads. For such servers, we recommend decreasing the number of threads, or decreasing the I/O size by writing to the/proc/fs/nfsd/max_block_size
file before startingnfsd
. For example, the following command restores the previous defaultiosize
of 32k:~]#
echo 32767 >/proc/fs/nfsd/max_block_size
(BZ#765751 ) - If the
qla4xxx
driver fails to discover all iSCSI targets, make sure toClear Persistent Targets
and set up iSCSI again via CTRL+Q in the Qlogic iSCSI option ROM BIOS. - The OProfile infrastructure in Red Hat Enterprise Linux 5 does not support the hardware performance counters of the AMD family 0x15 processor family; profiling is only available in timer interrupt mode. When profiling on bare metal, OProfile automatically selects the timer interrupt mode. When running under kernel-xen, due to different CPU family reporting, OProfile must be explicitly configured to use timer interrupt mode. This is possible by adding
options oprofile timer=1
to the/etc/modprobe.conf
file. (BZ#720587) - Red Hat Enterprise Linux 5 may become unresponsive due to the lack of ticketed spinlocks in the
shrink_active_list()
function. As a result, thespin_lock_irq(&zone->lru_lock)
operation disables interrupts, and the following error message is returned when the system hangs:NMI Watchdog detected LOCKUP
- Booting a Red Hat Enterprise Linux 5 system with a connected DVD drive and the
smartd
service running hangs with the following error messages:Starting smartd: hdc: drive_cmd: status=0x58 { DriveReady SeekComplete DataRequest } ide: failed opcode was: 0xa1 hdc: status error: status=0x58 { DriveReady SeekComplete DataRequest } ide: failed opcode was: unknown hdc: drive not ready for command hdc: status timeout: status=0xd8 { Busy } ide: failed opcode was: unknown hdc: drive not ready for command hdc: ATAPI reset complete hdc: status error: status=0x58 { DriveReady SeekComplete DataRequest } ⋮
To work around this issue, disconnect the DVD drive or turn thesmartd
service off with the following command:~]#
chkconfig smartd off
- The
modify SRQ
verb is not supported by theeHCA
adapter and will fail with an error code when called from an application context. - In RHEL 5.8, machine check (MCE) support for Intel Nehalem or newer CPUs (family 6, model >= 26) is disabled. This is a change from RHEL5.6 and earlier where basic MCE support was provided for these CPUs. Uncorrected CPU and memory errors will cause an immediate CPU shut down and system panic.
- On a Red Hat Enterprise Linux 5.8 system and later, while hand-loading the i386 (32-bit) kernel on z210/z210 SFF with BIOS 1.08, the system may fail to boot. To workaround this issue, please add the following parameter to the boot command line option:
pci=nosort
(BZ#703538) - Red Hat Enterprise Linux 5.7 has introduced a new multicast snooping feature for the bridge driver used for virtualization (virt-bridge). This feature is disabled by default in order to not break any existing configurations. To enable this feature, please set the following tunnable parameter to
1
:/sys/class/net/breth0/bridge/multicast_snooping
Please note that when multicast snooping is enabled, it may cause a regression with certain switches where it causes a break in the multicast forwarding for some peers. - By default, libsas defines a wideport based on the attached SAS address, rather than the specification compliant “strict” definition of also considering the local SAS address. In Red Hat Enterprise Linux 5.8 and later, only the default “loose” definition is available. The implication is that if an OEM configures an SCU controller to advertise different SAS addresses per PHY, but hooks up a wide target or an expander to those PHYs, libsas will only create one port. The expectation, in the “strict” case, is that this would result in a single controller multipath configuration.It is not possible to use a single controller multipath without the
strict_wide_port
functionality. Multi-controller multipath should behave as a expected.A x8 multipath configuration through a single expander can still be obtained under the following conditions:- Start with an SCU SKU that exposes (2) x4 controllers (total of 8 PHYs)
- Assign
sas_address1
to all the PHYs oncontroller1
- Assign
sas_address2
to all the PHYs oncontroller2
- Hook up the expander across all 8 PHYs
- Configure multipath across the two controller instances
It is critical forcontroller1
to have a distinct address fromcontroller2
, otherwise the expander will be unable to correctly route connection requests to the proper initiator. (BZ#651837) - On a Red Hat Enterprise Linux 5 system, it is advisable to update the firmware of the HP ProLiant Generation 6 (G6) controller's firmware to version 5.02 or later. Once the firmware is successfully updated, reboot the system and Kdump will work as expected.HP G6 controllers include: P410i, P411, P212, P712, and P812In addition, kdump may fail when using the HP Smart Array 5i Controller on a Red Hat Enterprise Linux 5 system. (BZ#695493)
- On Red Hat Enterprise Linux 5.5 and later, suspending the system with the
lpfc
driver loaded may crash the system during the resume operation. Therefore, systems using thelpfc
driver, either unload thelpfc
driver before the system is suspended, or ,if that is not possible, do not suspend the system. (BZ#703631) - NUMA class systems should not be booted with a single memory node configuration. Configuration of single node NUMA systems will result in contention for the memory resources on all of the non-local memory nodes. As only one node will have local memory the CPUs on that single node will starve the remaining CPUs for memory allocations, locks, and any kernel data structure access. This contention will lead to the "CPU#n stuck for 10s!" error messages. This configuration can also result in NMI watchdog timeout panics if a spinlock is acquired via
spinlock_irq()
and held for more than 60 seconds. The system can also hang for indeterminate lengths of time.To minimize this problem, NUMA class systems need to have their memory evenly distributed between nodes. NUMA information can be obtained from dmesg output as well as from thenumastat
command. (BZ#529428) - When upgrading from Red Hat Enterprise Linux 5.0, 5.1 or 5.2 to more recent releases, the gfs2-kmod may still be installed on the system. This package must be manually removed or it will override the (newer) version of GFS2 which is built into the kernel. Do not install the
gfs2-kmod
package on later versions of Red Hat Enterprise Linux.gfs2-kmod
is not required since GFS2 is built into the kernel from 5.3 onwards. The content of the gfs2-kmod package is considered a Technology Preview of GFS2, and has not received any updates since Red Hat Enterprise Linux 5.3 was released.Note that this note only applies to GFS2 and not to GFS, for which the gfs-kmod package continues to be the only method of obtaining the required kernel module. - Issues might be encountered on a system with 8Gb/s LPe1200x HBAs and firmware version 2.00a3 when the Red Hat Enterprise Linux 5.8 kernel is used with the in-box LPFC driver. Such issues include loss of LUNs and/or fiber channel host hangs during fabric faults with multipathing.To work around these issues, it is recommended to either:
- Downgrade the firmware revision of the 8Gb/s LPe1200x HBA to revision 1.11a5, or
- Modify the LPFC driver’s
lpfc_enable_npiv
module parameter to zero.When loading the LPFC driver from the initrd image (i.e. at system boot time), add the lineoptions lpfc_enable_npiv=0
to/etc/modprobe.conf
and re-build the initrd image.When loading the LPFC driver dynamically, include thelpfc_enable_npiv=0
option in the insmod or modprobe command line.
For additional information on how to set the LPFC driver module parameters, refer to the Emulex Drivers for Linux User Manual. - If AMD IOMMU is enabled in BIOS on ProLiant DL165 G7 systems, the system will reboot automatically when IOMMU attempts to initialize. To work around this issue, either disable IOMMU, or update the BIOS to version
2010.09.06
or later. (BZ#628534) - As of Red Hat Enterprise Linux 5.6, the
ext4
file system is fully supported. However, provisioning ext4 file systems with the anaconda installer is not supported, and ext4 file systems need to be provisioned manually after the installation. (BZ#563943) - In some cases the NFS server fails to notify NFSv4 clients about renames and unlinks done by other clients, or by non-NFS users of the server. An application on a client may then be able to open the file at its old pathname (and read old cached data from it, and perform read locks on it), long after the file no longer exists at that pathname on the server.To work around this issue, use NFSv3 instead of NFSv4. Alternatively, turn off support for leases by writing
0
to/proc/sys/fs/leases-enable
(ideally on boot, before the nfs server is started). This change prevents NFSv4 delegations from being given out, restore correctness at the expense of some performance. - Some laptops may generate continuous events in response to the lid being shut. Consequently, the gnome-power-manager utility will consume CPU resources as it responds to each event. (BZ#660644)
- A kernel panic may be triggered by the lpfc driver when multiple Emulex OneConnect Universal Converged Network Adapter initiators are included in the same Storage Area Network (SAN) zone. Typically, this kernel panic will present after a cable is pulled or one of the systems is rebooted. To work around this issue, configure the SAN to use single initiator zoning. (BZ#574858)
- If a Huawei USB modem is unplugged from a system, the device may not be detected when it is attached again. To work around this issue, the usbserial and usb-storage driver modules need to be reloaded, allowing the system to detect the device. Alternatively, the if the system is rebooted, the modem will be detected also. (BZ#517454)
- Memory on-line is not currently supported with the Boxboro-EX platform. (BZ#515299)
- Unloading a PF (SR-IOV Physical function) driver from a host when a guest is using a VF (virtual function) from that device can cause a host crash. A PF driver for an SR-IOV device should not be unloaded until after all guest virtual machines with assigned VFs from that SR-IOV device have terminated. (BZ#514360)
- Data corruption on NFS file systems might be encountered on network adapters without support for error-correcting code (ECC) memory that also have TCP segmentation offloading (TSO) enabled in the driver. Note: data that might be corrupted by the sender still passes the checksum performed by the IP stack of the receiving machine A possible work around to this issue is to disable TSO on network adapters that do not support ECC memory. (BZ#504811)
- After installation, a System z machine with a large number of memory and CPUs (e.g. 16 CPU's and 200GB of memory) might may fail to IPL. To work around this issue, change the line
ramdisk=/boot/initrd-2.6.18-<kernel-version-number>.el5.img
toramdisk=/boot/initrd-2.6.18-<kernel-version-number>.el5.img,0x02000000
The commandzipl -V
should now show0x02000000
as the starting address for the initial RAM disk (initrd). Stop the logical partition (LPAR), and then manually increase the storage size of the LPAR. - On certain hardware configurations the kernel may panic when the Broadcom iSCSI offload driver (
bnx2i.ko
andcnic.ko
) is loaded. To work around this do not manually load the bnx2i or cnic modules, and temporarily disable theiscsi
service from starting. To disable the iscsi service, run:~]#
chkconfig --del iscsi
~]#chkconfig --del iscsid
On the first boot of your system, theiscsi
service may start automatically. To bypass this, during bootup, enter interactive start up and stop the iscsi service from starting. - In Red Hat Enterprise Linux 5, invoking the kernel system call "setpriority()" with a "which" parameter of type "PRIO_PROCESS" does not set the priority of child threads. (BZ#472251)
- A change to the cciss driver in Red Hat Enterprise Linux 5.4 made it incompatible with the
echo disk < /sys/power/state
suspend-to-disk operation. Consequently, the system will not suspend properly, returning messages such as:Stopping tasks: ====================================================================== stopping tasks timed out after 20 seconds (1 tasks remaining): cciss_scan00 Restarting tasks...<6> Strange, cciss_scan00 not stopped done
(BZ#513472) - The kernel is unable to properly detect whether there is media present in a CD-ROM drive during kickstart installs. The function to check the presence of media incorrectly interprets the "logical unit is becoming ready" sense, returning that the drive is ready when it is not. To work around this issue, wait several seconds between inserting a CD and asking the installer (anaconda) to refresh the CD. (BZ#510632)
- When a cciss device is under high I/O load, the kdump kernel may panic and the vmcore dump may not be saved successfully. (BZ#509790)
- Configuring IRQ SMP affinity has no effect on some devices that use message signaled interrupts (MSI) with no MSI per-vector masking capability. Examples of such devices include Broadcom NetXtreme Ethernet devices that use the
bnx2
driver.If you need to configure IRQ affinity for such a device, disable MSI by creating a file in/etc/modprobe.d/
containing the following line:options bnx2 disable_msi=1
Alternatively, you can disable MSI completely using the kernel boot parameterpci=nomsi
. (BZ#432451) - The
smartctl
tool cannot properly read SMART parameters from SATA devices. (BZ#429606) - IBM T60 laptops will power off completely when suspended and plugged into a docking station. To avoid this, boot the system with the argument
acpi_sleep=s3_bios
. (BZ#439006) - The QLogic iSCSI Expansion Card for the IBM Bladecenter provides both ethernet and iSCSI functions. Some parts on the card are shared by both functions. However, the current
qla3xxx
andqla4xxx
drivers support ethernet and iSCSI functions individually. Both drivers do not support the use of ethernet and iSCSI functions simultaneously.Because of this limitation, successive resets (via consecutiveifdown
/ifup
commands) may hang the device. To avoid this, allow a 10-second interval after anifup
before issuing anifdown
. Also, allow the same 10-second interval after anifdown
before issuing anifup
. This interval allows ample time to stabilize and re-initialize all functions when anifup
is issued. (BZ#276891) - Laptops equipped with the Cisco Aironet MPI-350 wireless may hang trying to get a DHCP address during any network-based installation using the wired ethernet port.To work around this, use local media for your installation. Alternatively, you can disable the wireless card in the laptop BIOS prior to installation (you can re-enable the wireless card after completing the installation). (BZ#213262)
- Hardware testing for the Mellanox MT25204 has revealed that an internal error occurs under certain high-load conditions. When the
ib_mthca
driver reports a catastrophic error on this hardware, it is usually related to an insufficient completion queue depth relative to the number of outstanding work requests generated by the user application.Although the driver will reset the hardware and recover from such an event, all existing connections at the time of the error will be lost. This generally results in a segmentation fault in the user application. Further, ifopensm
is running at the time the error occurs, then you need to manually restart it in order to resume proper operation. (BZ#251934) - The IBM T41 laptop model does not enter properly; as such, will still consume battery life as normal. This is because Red Hat Enterprise Linux 5 does not yet include the
radeonfb
module.To work around this, add a script namedhal-system-power-suspend
to/usr/share/hal/scripts/
containing the following lines:chvt 1 radeontool light off radeontool dac off
This script will ensure that the IBM T41 laptop enters properly. To ensure that the system resumes normal operations properly, add the scriptrestore-after-standby
to the same directory as well, containing the following lines:radeontool dac on radeontool light on chvt 7
(BZ#227496) - If the
edac
module is loaded, BIOS memory reporting will not work. This is because theedac
module clears the register that the BIOS uses for reporting memory errors.The current Red Hat Enterprise Linux Driver Update Model instructs the kernel to load all available modules (including theedac
module) by default. If you wish to ensure BIOS memory reporting on your system, you need to manually blacklist theedac
modules. To do so, add the following lines to/etc/modprobe.conf
:blacklist edac_mc blacklist i5000_edac blacklist i3000_edac blacklist e752x_edac
(BZ#441329) - Due to outstanding driver issues with hardware encryption acceleration, users of Intel WiFi Link 4965, 5100, 5150, 5300, and 5350 wireless cards are advised to disable hardware accelerated encryption using module parameters. Failure to do so may result in the inability to connect to Wired Equivalent Privacy (WEP) protected wireless networks after connecting to WiFi Protected Access (WPA) protected wireless networks.To do so, add the following options to
/etc/modprobe.conf
:alias wlan0 iwlagn options iwlagn swcrypto50=1 swcrypto=1
where wlan0 is the default interface name of the first Intel WiFi Link device.(BZ#468967) - A kernel security fix released between Red Hat Enterprise Linux 5.7 and 5.8 may prevent PCI passthrough working and guests starting. Refer to Red Hat Knowledgebase article 66747 for further details.
- The size of the PowerPC kernel image is too large for OpenFirmware to support. Consequently, network booting will fail, resulting in the following error message:
Please wait, loading kernel... /pci@8000000f8000000/ide@4,1/disk@0:2,vmlinux-anaconda: No such file or directory boot:
To work around this:- Boot to the OpenFirmware prompt, by pressing the '8' key when the IBM splash screen is displayed.
- Run the following command:
~]#
setenv real-base 2000000
- Boot into System Management Services (SMS) with the command:
~]#
0> dev /packages/gui obe
(BZ#462663)
2.21. kexec-tools
- Executing
kdump
on an IBM Bladecenter QS21 or QS22 configured with NFS root will fail. To avoid this, specify an NFS dump target in/etc/kdump.conf
. (BZ#368981) - Some
forcedeth
based devices may encounter difficulty accessing memory above 4GB during operation in akdump
kernel. To work around this issue, add the following line to the/etc/sysconfig/kdump
file:KDUMP_COMMANDLINE_APPEND="dma_64bit=0"
This work around prevents theforcedeth
network driver from using high memory resources in the kdump kernel, allowing the network to function properly. - The system may not successfully reboot into a
kexec
/kdump
kernel if X is running and using a driver other than vesa. This problem only exists with ATI Rage XL graphics chipsets.If X is running on a system equipped with ATI Rage XL, ensure that it is using the vesa driver in order to successfully reboot into akexec
/kdump
kernel. (BZ#221656) - kdump now serializes drive creation registration with the rest of the kdump process. Consequently, kdump may hang waiting for IDE drives to be initialized. In these cases, it is recommended that IDE disks not be used with kdump. (BZ#473852)
- It is possible in rare circumstances, for
makedumpfile
to produce erroneous results but not have them reported. This is due to the fact thatmakedumpfile
processes its output data through a pipeline consisting of several stages. Ifmakedumpfile
fails, the other stages will still succeed, effectively masking the failure. Should a vmcore appear corrupt, and makedumpfile is in use, it is recommended that the core be recorded without makedumpfile and a bug be reported. (BZ#475487) - kdump now restarts when CPUs or DIMMs are hot-added to a system. If multiple items are added at the same time, several sequential restarts may be encountered. This behavior is intentional, as it minimizes the time-frame where a crash may occur while memory or processors are not being tracked by kdump. (BZ#474409)
- Some Itanium systems cannot properly produce console output from the
kexec
purgatory
code. This code contains instructions for backing up the first 640k of memory after a crash.Whilepurgatory
console output can be useful in diagnosing problems, it is not needed forkdump
to properly function. As such, if your Itanium system resets during akdump
operation, disable console output inpurgatory
by adding--noio
to theKEXEC_ARGS
variable in/etc/sysconfig/kdump
. (BZ#436426)
2.22. krb5
- In case the SSSD client authenticates against a Kerberos server (KDC) using a keytab, and the first encryption type the KDC offers is not present in the keytab, the authentication fails. Note that this problem was fixed in a later release of MIT Kerberos.
2.23. kvm
- A Microsoft Windows 2008 guest can become unresponsive during boot if huge page memory is enabled on the Red Hat Enterprise Linux 5.9 host. To work around this problem, disable huge page memory on the Red Hat Enterprise Linux 5.9 host. (BZ#845489)
- A CD-ROM device can be assigned to a guest by configuring the guest to back a virtual CD-ROM device with a physical device's special file, for example, /dev/sr0. When a physical CD-ROM device is assigned to a guest, the guest assumes it has full control of the device. However, it is still possible to access the device from the host. In such a case, the guest can become confused about the CD-ROM state; for instance, running eject commands in the host to change media can cause the guest to attempt to read beyond the size of the new medium, resulting in I/O errors. To work around this problem, do not access a CD-ROM device from the host while it is assigned to a guest. (BZ#847259)
- VNC password authentication is disabled when the host system is operating in FIPS mode. QEMU exits if it is configured to run as a password-authenticated VNC server; if QEMU is configured to run as an unauthenticated VNC server, it will continue to run as expected.
- Erroneous boot-index of a guest with mixed virtio/IDE disks causes the guest to boot from the wrong disk after the OS installation and hang with the error message
boot from HD
. - When using PCI device assignment with a 32-bit Microsoft Windows 2008 guest on an AMD-based host system, the assigned device may fail to work properly if it relies on MSI or MSI-X based interrupts. The reason for this is that the 32-bit version of Microsoft Windows 2008 does not enable MSI based interrupts for the family of processor exposed to the guest. To work around this problem, the user may wish to move to a RHEL6 host, use a 64-bit version of the guest operating system, or employ a wrapper script to modify the processor family exposed to the guest as follows (Note that this is only for 32-bit Windows guests):
- Create the following wrapper script:
~]$ cat /usr/libexec/qemu-kvm.family16 #!/bin/sh ARGS=$@ echo $ARGS | grep -q ' -cpu ' if [ $? -eq 0 ]; then for model in $(/usr/libexec/qemu-kvm -cpu ? \ | sed 's|^x86||g' | tr -d [:blank:]); do ARGS=$(echo $ARGS | \ sed "s|-cpu $model|-cpu $model,family=16|g") done else ARGS="$ARGS -cpu qemu64,family=16" fi echo "$0: exec /usr/libexec/qemu-kvm $ARGS" >&2 exec /usr/libexec/qemu-kvm $ARGS
- Make the script executable:
~]$
chmod 755 /usr/libexec/qemu-kvm.family16
- Set proper SELinux permissions:
~]$
restorecon /usr/libexec/qemu-kvm.family16
- Update the guest XML to use the new wrapper:
~]#
virsh edit $GUEST
and replace:<emulator>/usr/libexec/qemu-kvm</emulator>
with:<emulator>/usr/libexec/qemu-kvm.family16</emulator>
(BZ#654208) - Booting a Linux guest causes 1.5 to 2 second time drift from the host time when the default
hwclock
service starts. It is recommended to disable the hwclock service. Alternatively, enable thentp
service so that it can correct the time once the service is started. (BZ#523478) - By default, KVM virtual machines created in Red Hat Enterprise Linux 5.6 have a virtual Realtek 8139 (rtl8139) network interface controller (NIC). The rtl8139 virtual NIC works fine in most environments, but may suffer from performance degradation issues on some networks for example, a 10 GigE (10 Gigabit Ethernet) network.One workaround for this issue is switch to a different type of virtual NIC, for example, Intel PRO/1000 (e1000) or virtio (a virtual I/O driver for Linux that can talk to the hypervisor).To switch to e1000:
- Shutdown the guest OS
- Edit the guest OS definition with the command-line tool virsh:
virsh edit GUEST
- Locate the network interface section and add a model line as shown:
<interface type='network'> ... <model type='e1000' /> </interface>
- Save the changes and exit the text editor
- Restart the guest OS
Alternatively, if you're having trouble installing the OS on the virtual machine because of the rtl8139 NIC (for example, because you're installing the OS over the network), you can create a virtual machine from scratch with an e1000 NIC. This method requires you to have at least one virtual machine already created (possibly installed from CD or DVD) to use as a template.- Create an XML template from an existing virtual machine:
virsh dumpxml GUEST > /tmp/guest.xml
- Copy and edit the XML file and update the unique fields: virtual machine name, UUID, disk image, MAC address, etc. Note that you can delete the UUID and MAC address lines and virsh will generate a UUID and MAC address.
cp /tmp/guest.xml /tmp/new-guest.xml
vi /tmp/new-guest.xml
- Locate the network interface section and add a model line as shown:
<interface type='network'> ... <model type='e1000' /> </interface>
- Create the new virtual machine:
virsh define /tmp/new-guest.xml
virsh start new-guest
- The mute button in the audio control panel on a Windows virtual machine does not mute the sound.
- When migrating KVM guests between hosts, the NX CPU feature setting on both source and destination must match. Migrating a guest between a host with the NX feature disabled (i.e. disabled in the BIOS settings) and a host with the NX feature enabled may cause the guest to crash. (BZ#516029)
- The use of the qcow2 disk image format with KVM is considered a Technology Preview. (BZ#517880)
- 64-bit versions of Windows 7 do not have support for the AC'97 Audio Codec. Consequently, the virtualized sound device Windows 7 kvm guests will not function. (BZ#563122)
- Hot plugging emulated devices after migration may result in the virtual machine crashing after a reboot or the devices no longer being visible. (BZ#507191)
- The KVM modules from the
kmod-kvm
package do not support kernels prior to version 2.6.18-203.el5. If kmod-kvm is updated and an older kernel is kept installed, error messages similar to the following will be returned if attempting to install these modules on older kernels:WARNING: /lib/modules/2.6.18-194.el5/weak-updates/kmod-kvm/ksm.ko needs unknown symbol kvm_ksm_spte_count
(BZ#509361) - The KVM modules available in the
kmod-kvm
package are loaded automatically at boot time if the kmod-kvm package is installed. To make these KVM modules available after installing thekmod-kvm
package the system either needs to be rebooted or the modules can be loaded manually by running the/etc/sysconfig/modules/kvm.modules
script. (BZ#501543) - The Preboot eXecution Environment (PXE) boot ROMs included with KVM are from the Etherboot project. Consequently, some bug fixes or features that are present on the newer gPXE project are not available on Etherboot. For example, Virtual Machines (VMs) cannot boot using Microsoft based PXE (that is, Remote Installation Services (RIS) or Windows Deployment Services (WDS)).
- The following QEMU / KVM features are currently disabled and not supported: (BZ#512837)
- smb user directories
- scsi emulation
- "isapc" machine type
- nested KVM guests
- usb mass storage device emulation
- usb wacom tablet emulation
- usb serial emulation
- usb network emulation
- usb bluetooth emulation
- device emulation for vmware drivers
- sb16 and es1370 sound card emulations
- bluetooth emulation
- qemu CPU models other than qemu32/64 and pentium3
- qemu block device drivers other than raw, qcow2, and host_device
2.24. lftp
- As a side effect of changing the underlying cryptographic library from OpenSSL to GnuTLS in the past, starting with lftp-3.7.11-4.el5_5.3, some previously offered TLS ciphers were dropped. In handshake, lftp does not offer these previously available ciphers:
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
lftp still offers variety of other TLS ciphers:TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
For servers without support for any of these ciphers, it is now possible to force SSLv3 connection instead of TLS using theset ftp:ssl-auth SSL
configuration directive. This works both for implicit and explicit FTPS. (BZ#532099)
2.25. lvm2
- LVM no longer scans multipath member devices (underlying paths for active multipath devices) and prefers top level devices. This behavior can be switched off using the
multipath_component_detection
option in the/etc/lvm/lvm.conf
.
2.26. mesa
- On an IBM T61 laptop, Red Hat recommends that you refrain from clicking the
glxgears
window (whenglxgears
is run). Doing so can lock the system.To prevent this from occurring, disable the tiling feature. To do so, add the following line in theDevice
section of/etc/X11/xorg.conf
:Option "Tiling" "0"
(BZ#444508)
2.27. mkinitrd
- When running Red Hat Enterprise Linux 5 with an older kernel in a Microsoft Hyper-V virtualization guest, mkinitrd does not include the Microsoft Hyper-V drivers when asked to generate the initial RAM disk for a Red Hat Enterprise Linux 5.9 kernel or later. This causes a kernel panic when the guest is rebooted with such a kernel as there is no driver available for the storage hosting the guest's root file system. To work around this problem, run the mkinitrd utility with either the
--preload
option that loads the module before any SCSI modules are loaded, or with the--with
option that loads the module after SCSI modules are loaded. For more information, refer to the following Knowledge Base article: - When using an encrypted device, the following error message may be reported during bootup:
insmod: error inserting '/lib/aes_generic.ko': -1 File exists
This message can safely be ignored. (BZ#466296) - Installation using a Multiple Device (MD) RAID on top of multipath will result in a machine that cannot boot. Multipath to Storage Area Network (SAN) devices which provide RAID internally are not affected. (BZ#467469)
- When installing Red Hat Enterprise Linux 5, the following errors may be returned in
install.log
:Installing kernel-2.6.18-158.el5.s390x cp: cannot stat `/sbin/dmraid.static': No such file or directory
This message can be safely ignored. - iSCSI root devices do not function correctly if used over an IPv6 network connection. While the installation will appear to succeed, the system will fail to find the root file system during the first boot. (BZ#529636)
2.28. mod_revocator
- In order to run mod_revocator successfully, the following command must be executed in order to allow
httpd
to connect to a remote port which SELinux would otherwise deny:~]#
setsebool -P httpd_can_network_connect=1
This is due to the fact that by default, Apache is not allowed to also be used as an HTTP client (that is, send HTTP messages to an external host).
2.29. nfs-utils
- In the previous version of the nfs-utils package, the mount utility incorrectly reported the rpc.idmapd mapping daemon as not running when the daemon was executed. This bug has been fixed; however the problem can occur after upgrading nfs-utils to a later version. Note that the mount operation is successful and the warning can be safely ignored. To avoid this problem, perform a clean installation of the package.
- Currently, the rpc.gssd daemon looks only for the "nfs/*" keys in the keytab file. Other keys are not supported.
2.30. openib
- Running
perftest
will fail if different CPU speeds are detected. As such, you should disable CPU speed scaling before runningperftest
. (BZ#433659)
2.31. openmpi
mvapich
andmvapich2
in Red Hat Enterprise Linux 5 are compiled to support only InfiniBand/iWARP interconnects. Consequently, they will not run over ethernet or other network interconnects. (BZ#466390)- When upgrading openmpi using yum, the following warning may be returned:
cannot open `/tmp/openmpi-upgrade-version.*' for reading: No such file or directory
The message is harmless and can be safely ignored. (BZ#463919) - A bug in previous versions of
openmpi
andlam
may prevent you from upgrading these packages. This bug manifests in the following error (when attempting to upgradeopenmpi
orlam
:error: %preun(openmpi-[version]) scriptlet failed, exit status 2
As such, you need to manually remove older versions ofopenmpi
andlam
in order to install their latest versions. To do so, use the followingrpm
command:rpm -qa | grep '^openmpi-\|^lam-' | xargs rpm -e --noscripts --allmatches
(BZ#433841)
2.32. openswan
- Openswan generates a Diffie-Hellman (DH) shared key that is 1 byte short because nss does not add leading zero bytes when needed. Also, openswan does not support setting of the sha2_truncbug parameter starting with Red Hat Enterprise Linux 5.9, because the kernel does not support it.
2.33. perl-libxml-enno
- Note: the perl-libxml-enno library did not ship in any Red Hat Enterprise Linux 5 release. (BZ#612589)
2.34. pm-utils
- nVidia video devices on laptops can not be correctly re-initialized using VESA in Red Hat Enterprise Linux 5. Attempting to do so results in a black laptop screen after resume from suspend.
2.35. rpm
- Users of a freshly-installed PowerPC Red Hat Enterprise Linux 5 system may encounter package-related operation failures with the following errors:
rpmdb: PANIC: fatal region error detected; run recovery error: db4 error(-30977) from db->sync: DB_RUNRECOVERY: Fatal error, run database recovery
2.36. redhat-release-notes
- The Release Notes shipped in Red Hat Enterprise Linux 5.10 through the redhat-release-notes package contain an year and minor Red Hat Enterprise Linux version in the
README
files. Additionally, two paragraphs in thegu-IN
version of Release Notes are untranslated and display in the English language. - The
/usr/share/doc/redhat-release-notes-5Server/README-architecture-en
file, provided by the redhat-release-notes package, contains no content. As a workaround, please refer to theREADME-architecture-en.html
file in the same directory.
2.37. rhn-client-tools
- Attempting to subscribe a system during firstboot can fail with a traceback. To work around this problem, register the system from the command line.
2.38. qspice
- Occasionally, the video compression algorithm starts when the guest is accessing text instead of video. This caused the text to be blurred. The SPICE server now has an improved heuristic for distinguishing between videos and textual streams.
2.39. samba3x
- In a large Active Directory environment with multiple trusted domains, attempting to list the users on all domains by running the
wbinfo -u
command can fail with the following message:Error looking up domain users
To work around this problem, use thewbinfo --domain='*' -u
command to list the users on all domains. - The updated samba3x packages change the way ID mapping is configured. Users are advised to modify their existing Samba configuration files. Also, due to the ID mapping changes, authconfig does not create a working smb.conf file for the latest samba3x package, it only produces a valid configuration for the samba package.Note that several tdb files have been updated and the printing support has been rewritten to use the actual registry implementation. This means that all tdb files are upgraded as soon as you start the new version of smbd. You cannot downgrade to an older samba3x version unless you have backups of the tdb files.For more information about these changes, refer to the Release Notes for Samba 3.6.0.
- In Samba 3.0, the privilege
SeSecurityPrivilege
was granted to a user by default. To make Samba more secure, this privilege is no longer granted to a user by default. If you use an application that requires this privilege, like the IBM Tivoli Storage Manager, you need to grant it to the user running the Storage Manager with the following command:net sam rights grant <username> SeSecurityPrivilege
Seenet sam rights list
for a list of available privileges.
2.40. shadow-utils
- Previously, under certain circumstances, the faillog utility created huge files. This problem has been fixed; however, the useradd utility can still create large files. To avoid such a situation, use the
-l
option when creating a user with a very high user or group ID (UID or GID). (BZ#670364)
2.41. sos
- If the sosresport utility becomes unresponsive, a keyboard interrupt (CTRL+C) can fail to terminate it. In such a case, to terminate the process:
- press Ctrl+Z and execute
kill %N
(N represents the number of the sosreport job; usually 1) or - execute
kill -9 %N
(N represents the number of the sosreport job; usually 1). (BZ#708346)
2.42. subscription-manager
- Usually in non-English locales, processing the output of the
subscription-manager list --installed
command through the grep subshell can fail with the following message:ascii' codec can't encode character u'___' in position ___: ordinal not in range(128)
(BZ#977535) - For virtual guests, the Subscription Manager daemons use dmidecode to read the System Management BIOS (SMBIOS), which is used to retrieve the guest UUID. On 64-bit Intel architecture, the SMBIOS information is controlled by the Intel firmware and stored in a read-only binary entry. Therefore, it is not possible to retrieve the UUID or set a new and readable UUID. Because the guest UUID is unreadable, running the
facts
command on the guest system shows a value ofUnknown
in thevirt.facts
file for the system (virt.uuid: Unknown
). This means that the guest does not have any association with the host machine and, therefore, does not inherit some subscriptions. The facts used by Subscription Manager can be edited manually to add the UUID:- Obtain the guest name or guest ID.
- On the virtual host, use virsh to retrieve the guest UUID. For example, for a guest named 'rhel5server_virt1':
virsh domuuid rhel5server_virt1
- On the guest, manually create a facts file:
vim /etc/rhsm/facts/virt.facts
- Add a line which contains the given UUID.
{ "virt.uuid": "$VIRSH_UUID" }
Creating thefacts
file and inserting the proper UUID means that Subscription Manager properly identifies the guest rather than using anUnknown
value. - Japanese SCIM input-method editor cannot be activated and cannot input locale string in the data field for non-root users. To work around this problem, follow these steps:
- Log in to the system as a non-root user.
- As root, run the following commands:
~]# export GTK_IM_MODULE=scim-bridge ~]# subscription-manager-gui
- Using Subscription Manager in the following use case fails: a user installs Red Hat Enterprise Linux Desktop from a Red Hat Enterprise Linux 5.7 Client CD/DVD without an installation number. A user uses Subscription Manager, which finds one Red Hat Enterprise Linux Desktop product ID to subscribe to a Red Hat Enterprise Linux Workstation subscription. A user downloads content from a Workstation repository.The use case scenario described above fails because the rhel-workstation repositories require the rhel-5-workstation product tag in the product certification beforehand in order to view them.To work around this issue, follow these steps:
- Install a rhel-5-client system.
- Mount the ISO to your file system.
- Copy
<path_to_ISO>/Workstation/repodata/productid
to the/etc/pki/product/
directory, making sure that the file copied ends with.pem
(for example,/etc/pki/product/productid.pem
) - Subscribe to a Workstation subscription.
- Install a package from a Workstation repository.
2.43. systemtap
- The systemap-testsuite subpackage is designed for installation on development Workstation machines, not limited Client variants. More complete RPM dependencies now mandate the presence of several non-Client RPM packages, so it is no longer installable on the Client variant. Attempting to update can fail if the update includes the system-testsuite subpackage. To work around this problem remove the systemtap-testsuite subpackage from a Client machine before upgrading the systemtap package.
- Running some user-space probe test cases provided by the
systemtap-testsuite
package fail with anUnknown symbol in module
error on some architectures. These test cases include (but are not limited to):systemtap.base/uprobes.exp
systemtap.base/bz10078.exp
systemtap.base/bz6850.exp
systemtap.base/bz5274.exp
Because of a known bug in the latest SystemTap update, new SystemTap installations do not unload old versions of theuprobes.ko
module. Some updated user-space probe tests provided by the systemtap-testsuite package use symbols available only in the latestuprobes.ko
module (also provided by the latest SystemTap update). As such, running these user-space probe tests result in the error mentioned earlier.If you encounter this error, simply runrmmod uprobes
to manually remove the olderuprobes.ko
module before running the user-space probe test again. (BZ#499677) - SystemTap currently uses GCC to probe user-space events. GCC is, however, unable to provide debuggers with precise location list information for parameters. In some cases, GCC also fails to provide visibility on some parameters. As a consequence, SystemTap scripts that probe user-space may return inaccurate readings. (BZ#239065)
2.44. vdsm22
- Adding Red Hat Enterprise Virtualization Hypervisor as a Red Hat Enterprise Linux host is not supported in Red Hat Enterprise Linux 5, and will therefore fail.
2.45. virt-v2v
- VMware Tools on Microsoft Windows is unable to disable itself when it detects that it is no longer running on a VMware platform. As a consequence, converting a Microsoft Windows guest from VMware ESX, which has VMware Tools installed, resulted in multiple error messages being displayed on startup. In addition, a
Stop Error
(also known as Blue Screen of Death, or BSOD) was displayed every time when shutting down the guest. To work around this issue, users are advised to uninstall VMware Tools from Microsoft Windows guests before conversion. (BZ#711972)
2.46. virtio-win
- The virtio-win network driver of Red Hat Enterprise Linux 5 can stop working when a Microsoft Windows XP guest is transferred to a Red Hat Enterprise Linux 6 host. To work around this problem, replace the Red Hat Enterprise Linux 5 drivers with the latest Red Hat Enterprise Linux 6 drivers before or after migrating the guest to the new host. (BZ#913094)
- Low performance with UDP messages larger than 1024 is a known Microsoft issue: http://support.microsoft.com/default.aspx/kb/235257. For the message larger than 1024 bytes follow the workaround procedure detailed in the above Microsoft knowledgebase article.
- Installation of Windows XP with the floppy containing guest drivers (in order to get the virtio-net drivers installed as part of the installation), will return messages stating that the viostor.sys file could not be found. viostor.sys is not part of the network drivers, but is on the same floppy as portions of the virtio-blk drivers. These messages can be safely ignored, simply accept the installation's offer to reboot, and the installation will continue normally.
2.47. xen
- In some cases, Red Hat Enterprise Linux 6 guests running fully-virtualized under Red Hat Enterprise Linux 5 experience a time drift or fail to boot. In some cases, drifting may start after migration of the virtual machine to a host with different speed. This is due to limitations in the Red Hat Enterprise Linux 5 Xen Hypervisor. To work around this, add
clocksource=acpi_pm
orclocksource=jiffies
to the kernel command line for the guest. Alternatively, if running under Red Hat Enterprise Linux 5.7 or newer, locate the guest configuration file for the guest and add thehpet=0
option in it. - There are only 2 virtual slots (00:06.0 and 00:07.0) that are available for hot plug support in a virtual guest. (BZ#564261)
- As of Red Hat Enterprise Linux 5.4, PCI devices connected to a single PCI-PCI bridge can no longer be assigned to different PV guests. If the old, unsafe behavior is required, disable pci-dev-assign-strict-check in /etc/xen/xend-config.sxp. (BZ#508310)
- When running x86_64 Xen, it is recommended to set dom0-min-mem in /etc/xen/xend-config.sxp to a value of 1024 or higher. Lower values may cause the dom0 to run out of memory, resulting in poor performance or out-of-memory situations. (BZ#519492)
- The Red Hat Enterprise Linux 3 kernel does not include SWIOTLB support. SWIOTLB support is required for Red Hat Enterprise Linux 3 guests to support more than 4GB of memory on AMD Opteron and Athlon-64 processors. Consequently, Red Hat Enterprise Linux 3 guests are limited to 4GB of memory on AMD processors. (BZ#504187)
- The Hypervisor outputs messages regarding attempts by any guest to write to an MSR. Such messages contain the statement
Domain attempted WRMSR
. These messages can be safely ignored; furthermore, they are rate limited and should pose no performance risk. (BZ#477647)
- Installing Red Hat Enterprise Linux 3.9 on a fully virtualized guest may be extremely slow. In addition, booting up the guest after installation may result in
hda: lost interrupt
errors.To avoid this bootup error, configure the guest to use the SMP kernel. (BZ#249521)
2.48. xorg-x11-drv-i810
- When switching from the X server to a virtual terminal (VT) on a Lenovo ThinkPad T510 laptop, the screen can remain blank. Switching back to the X server will restore the screen.
- Running a screensaver or resuming a suspended laptop with an external monitor attached may result in a blank screen or a brief flash followed by a blank screen. If this occurs with the screensaver, the prompt for your password is being obscured, the password can still be entered blindly to get back to the desktop. To work around this issue, physically disconnect the external monitor and then press the video hotkey (usually Fn-F7) to rescan the available outputs, before suspending the laptop.
- If your system uses an Intel 945GM graphics card, do not use the
i810
driver. You should use the defaultintel
driver instead. (BZ#468218) - On dual-GPU laptops, if one of the graphics chips is Intel-based, the Intel graphics mode cannot drive any external digital connections (including HDMI, DVI, and DisplayPort). This is a hardware limitation of the Intel GPU. If you require external digital connections, configure the system to use the discrete graphics chip (in the BIOS). (BZ#468259)
2.49. xorg-x11-drv-nv
- Improvements have been made to the 'nv' driver, enhancing suspend and resume support on some systems equipped with nVidia GeForce 8000 and 9000 series devices. Due to technical limitations, this will not enable suspend/resume on all hardware. (BZ#414971)
2.50. xorg-x11-drv-vesa
- When running the bare-metal (non-Virtualized) kernel, the X server may not be able to retrieve
EDID
information from the monitor. When this occurs, the graphics driver will be unable to display resolutions highers than 800x600.To work around this, add the following line to theServerLayout
section of/etc/X11/xorg.conf
:Option "Int10Backend" "x86emu"
(BZ#236416)
2.51. xorg-x11-server
- On HP Z1 AIO workstations using Intel embedded graphics, the Anaconda installer uses graphical install mode, but displays it only in one quarter of the screen. Although the installation completes successfully, navigation can be difficult in this mode. To work around this problem, use the text-based installation instead of graphical mode, which correctly uses the entire screen on the mentioned workstations.
2.52. yaboot
- If the string that represents the path to kernel (or ramdisk) is greater than 63 characters, network booting an IBM POWER5 series system may result in the following error:
FINAL File Size = 8948021 bytes. load-base=0x4000 real-base=0xc00000 DEFAULT CATCH!, exception-handler=fff00300
The firmware for IBM POWER6 and IBM POWER7 systems contains a fix for this issue. (BZ#550086)
2.53. yum
- In Red Hat Enterprise Linux 5.10, users are allowed to install 32-bit and 64-bit packages in parallel. For example, when a 32-bit package is installed on the system and the user runs the
yum install package
command, the 64-bit version will be installed in parallel with the 32-bit version.
Chapter 3. New Packages
- ML350p Gen8 Plus, DL360p Gen8 Plus
- DL380p Gen8 Plus, BL460 Gen8 Plus
- SL230 Gen8 Plus, SL250 Gen8 Plus
- SL270 Gen8 Plus, DL160 Gen8 Plus
- 1928103C | HP Smart Array P230i SAS Controller 1i x4 mini SAS for BladeSystem
- 1920103C | HP Smart Array P430i SAS Controller 1i x8 mini SAS
- 1922103C | HP Smart Array P430 2/4GB SAS Controller 1i x8 mini SAS
- 1923103C | HP Smart Array P431 2/4GB SAS Controller 2e x4 HD SAS
- 1926103C | HP Smart Array P731m 512MB/2GB SAS Controller for BladeSystem c-Class
- 1921103C | HP Smart Array P830i SAS Controller 2i x8 mini SAS Snap 6 (DL580)
- 1924103C | HP Smart Array P830 4GB SAS Controller 2i x8 ,mini SAS
- 1925103C | HP Smart Array P831 4GB SAS Controller 4e x4 HDSAS
Chapter 4. Updated Packages
4.1. acroread
Security Fix
- CVE-2012-1530, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0623, CVE-2013-0626
- This update fixes several security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-02. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
Security Fix
- CVE-2013-0640, CVE-2013-0641
- This update fixes two security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-07. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
Security Fixes
- CVE-2013-2549, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341
- This update fixes multiple security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-15. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
- CVE-2013-2737
- This update also fixes an information leak flaw in Adobe Reader.
4.2. am-utils
Bug Fix
- BZ#964133
- Previously, the BSD automounter ignored the NFS "noacl" mount option, which disables ACL (Access Control List) support on NFS shares. Local file systems such as ext3 do not have ACLs enabled unless the "acl" mount option is supplied. An attempt to use the setfacl utility or another ACL operation on a share that had "noacl" specified was supposed to result in an "Operation not supported" error, but it did not. With this update, a backported patch has been provided and the "noacl" option is supported as expected.
Bug Fixes
- BZ#836359
- Previously, the BSD automounter ignored the NFS "noacl" mount option, which disables ACL (Access Control List) support on NFS shares. Local file systems such as ext3 do not have ACLs enabled unless the "acl" mount option is supplied. An attempt to use the setfacl utility or another ACL operation on a share that had "noacl" specified was supposed to result in an "Operation not supported" error, but it did not. With this update, a backported patch has been provided and the "noacl" option is supported as expected.
- BZ#862283
- When using an autofs multi-level mount map amd failed to umount NFS leaf mounts causing shutdown to terminate unexpectedly. This was caused by the background umount of NFS mounts at the leaf of the tree not finishing before the autofs file system mounts above were attempted. As a consequence, the system became unresponsive during shutdown. With this update, a patch has been provided to fix this bug and the system no longer becomes unresponsive in this scenario.
4.3. anaconda
Bug Fixes
- BZ#751351
- Previously, the lvm tool on cciss devices returned the list of PV (Physical Volume) paths delimited by exclamation marks while Anaconda expects the list to use the slash signs as the delimiter. Consequently, in some cases, lvm installation failed on cciss devices. The PV path list now uses the slash sign as the delimiter. As a result, lvm installation on cciss devices succeeds.
- BZ#767260
- The previous code function relied on the user having interface available in a corner case, that is more than 15 partitions on a disk. When a system was installed to a machine with a disk of more than 15 partitions, Anaconda terminated unexpectedly with a traceback. The method has been edited to first check whether the user interface is available and then log the message. As a result, installation on a machine with a disk of more than 15 partitions now works as expected.
- BZ#873644
- Previously, Anaconda completely ignored the lines in the /etc/fstab file that had the "noauto" mount option specified. Consequently, such lines were removed when upgrading the system. This update ensures that lines containing "noauto" are stored when parsing the /etc/fstab file and are written out to the new /etc/fstab file on upgrade.
- BZ#907574
- Previously, some translations, for example for NFS repository setup dialog window, were incomplete. Consequently, NFS repository setup dialog window in Russian locale contained incorrect translations. Incorrect translations have been fixed by updating the list of strings for translations and by adding missing Russian translations for the updated list. The NFS repository setup is now translated correctly for Russian.
- BZ#908959
- When Red Hat Enterprise Linux with the authconfig package specified in the packages lists was installed, authconfig, including the /etc/shadow file, was not installed. The authconfig package has been added to the packages list and is now successfully installed.
- BZ#908959
- Due to a regression, Anaconda detected the incorrect architecture value when checking for packages required for installation. Consequently, packages mandatory for installation were not installed. To fix this bug, the arch.getBaseArch() function is now used instead of arch.canonArch(), which returns the correct architecture value to Anaconda. As a result, packages required for installation are now installed, even if they are marked for exclusion in kickstart.
4.4. aspell
Bug Fix
- BZ#862000
- Using the "aspell dump master" command to create a dump of the master word list caused all of the words in the output to be truncated incorrectly. Specifically, the last letter of every word was cut off. This update fixes the string handling logic of the word lists, and output of the aforementioned command no longer contains incorrectly truncated words.
4.5. autofs
Bug Fixes
- BZ#714766
- Previously, autofs maps did not refresh the list of shares exported on the NFS server. As a consequence, ESTALE error messages were returned in the NFS client. A patch has been provided to fix this bug and autofs now refreshes the list of shares as expected. Moreover, within this bug, the ability to update hosts made on receiving a HUP signal has been added to autofs.
- BZ#865309
- Prior to this update, the description of MOUNT_WAIT setting in the configuration file was incorrect. Wrong timeout setting could cause problems as the mount utility would wait for a server that is temporarily unavailable. The description in the configuration file has been edited, thus fixing this bug.
- BZ#866337
- Previously, autofs manual pages described the "nobind" autofs option incorrectly, thus it was not possible to specify different options for individual direct mount maps. The manual pages have been updated to describe the current behavior of "nobind", which fixes the bug.
- BZ#909263
- A change that removed code to add the current map entry caused wildcard indirect multi-mount map entries to fail to mount. A patch to fix wildcard multi-map regression has been provided and map entries now mount successfully.
- BZ#918843
- Previously, the autofs RPC function, used to receive the exports list from a host, did not try all potentially available mountd versions. Consequently, when certain mountd protocol versions were disabled, autofs RPC function failed to receive the exports list. A patch has been provided to fix this bug and autofs RPC function now receives the exports list successfully.
- BZ#947604
- When the automount utility was sent a shutdown signal, the "autofs reload" command was causing automount to stop running when multiple maps were being removed from the auto.master map. A patch has been provided to fix this bug and automount no longer stops running in the described scenario.
- BZ#976592
- When using autofs with LDAP (Lightweight Directory Access Protocol), the code used to perform a base DN (distinguished name) search allowed a race between two threads executing the same function simultaneously to occur. As a consequence, autofs could attempt to access already freed memory and terminate unexpectedly due to a segmentation fault. With this update, the code used to perform base DN searches has been moved to the function protected by a mutex, which prevents the race from occurring. The base DN searches are now performed only when the map lookup modules settings are being refreshed.
4.6. axis
Security Fix
- CVE-2012-5784
- Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.
4.7. bash
Bug Fix
- BZ#978840
- When a trap handler was invoked while running another trap handler, which was invoked during a pipeline call, bash was unresponsive. With this update, pipeline calls are saved and subsequently restored in this scenario, and bash responds normally.
4.8. bind97
Security Fix
- CVE-2013-2266
- A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.
Security Fix
- CVE-2013-4854
- A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query.
4.9. binutils
Bug Fixes
- BZ#817056
- Due to instability in calculating the program header size, the GNU linker could terminate unexpectedly with a "looping in map_segments" error message. With this update, the linker has been modified to properly handle changes in the size of the segment map, which prevents the instability, and the linker no longer crashes in this scenario.
- BZ#855163
- Previously, the PowerPC linker made assumptions about the order of instructions and relocations. Those assumptions were not correct for code compiled with GNU Compiler Collection version 4.1 (GCC-4.1). As a result, the linker could trigger an internal error during optimization of TLS sequences. Now, the linker code to optimize TLS has been modified to not attempt to optimize TLS sequences which do not meet its assumptions about code and relocation ordering. Therefore, the linker no longer triggers an internal error when optimizing TLS sequences.
- BZ#924354
- The PowerPC linker did not verify whether certain pointers were validly non-NULL prior to dereferencing those pointers. As a result, under certain circumstances, the PowerPC linker could encounter a segmentation fault or a bus error. With this update, the PowerPC linker code has been changed to properly check for NULL pointers and take appropriate action, and links no longer experience segmentation faults or bus errors.
4.10. boost
Security Fix
- CVE-2012-2677
- A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application.
4.11. ccid
Security Fix
- CVE-2010-4530
- An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially-crafted smart card.
Bug Fix
- BZ#907821
- The pcscd service failed to read from the SafeNet Smart Card 650 v1 when it was inserted into a smart card reader. The operation failed with a "IFDHPowerICC() PowerUp failed" error message. This was due to the card taking a long time to respond with a full Answer To Reset (ATR) request, which lead to a timeout, causing the card to fail to power up. This update increases the timeout value so that the aforementioned request is processed properly, and the card is powered on as expected.
4.12. clustermon
Bug Fix
- BZ#958026
- Prior to this update, the dynamic library that represents the CIM provider of a cluster status was not built with all the required dependencies, and certain symbols could not be resolved. As a consequence, the cluster status could not be accessed by CIM. This update adds the missing dependencies to the dynamic library, and the cluster status is now accessible as expected.
Bug Fixes
- BZ#847289
- Previously, the SNMP agent exposing the cluster status and shipped as cluster-snmp caused the SNMP server (snmpd) to terminate unexpectedly with a segmentation fault when this module was loaded, and the containing server was told to reload. This was caused by an improper disposal of the resources facilitated by this server, alarms in particular. Now, the module will properly clean up such resources when being unloaded, preventing the crash on reload.
- BZ#882277
- Prior to this update, the dynamic library that represents the CIM provider of a cluster status was not built with all the required dependencies, and certain symbols could not be resolved. As a consequence, the cluster status could not be accessed by CIM. This update adds the missing dependencies to the dynamic library, and the cluster status is now accessible as expected.
- BZ#957798
- When modclusterd was about to associate the local machine with a particular cluster node entry from the cluster configuration, it first tried CMAN API in an improper way, yielding no expected results. This process occurred every five seconds. As a consequence, it had to periodically resort to iterative detection through local interface addresses. Also when logging for CMAN enabled, and including membership messages, it would cause messages arising from the CMAN API misuse to be emitted. Now, the API is used as expected, which corrects the aforementioned consequences.
- BZ#965792
- Previously, a segmentation fault occurred in the modclusterd daemon and/or modcluster, ricci cluster-dedicated module, when processing large cluster.conf files (or peer-delivered counterparts). This was caused by the allocation of large amounts of memory not available on the stack. With this update, a patch has been introduced to allocate memory on the heap, and provide an error if not enough memory is available. As a result, crashes no longer occur in the described scenario.
4.13. cman
Bug Fix
- BZ#986981
- Due to incorrect detection of newline characters during an SSH connection, the fence_drac5 agent could terminate the connection with a traceback error when fencing a Red Hat Enterprise Linux cluster node. Only the first fencing action completed successfully but the status of the node was not checked correctly. Consequently, the fence agent failed to report successful fencing. When the "reboot" operation was called, the node was only powered off. With this update, the newline characters are correctly detected and fencing works as expected.
Bug Fix
- BZ#951049
- Under some circumstances cman can return the fence daemon for the /dev/zero file, which is always active, and if the client application stores this instead of the one it expects then it will loop forever. This update addresses the problem by making sure that the fence daemon refreshes the file descriptor on each operation.
Bug Fixes
- BZ#714042
- Prior to this update, ccs_tool could fail due to a segmentation fault in two specific events. First, the input file was the same as the output file and options were specified with a subcommand. Second, the update command was used without an input file. With this update, ccs_tool has been fixed to report the appropriate error message without a segmentation fault.
- BZ#854183
- Previously, fence_xvm, a fencing agent commonly used in virtual deployments, did not respect the delay parameter as specified in the cluster.conf file. With this update, the delay support has been added and the fence_xvm agent now works only after the specified delay.
- BZ#856214
- Under some circumstances, cman returned the file descriptor for the /dev/zero file, which is always active. If the client application stored this /dev/zero file instead of the one it expected, cman entered an infinite loop. This update addresses the bug by making sure that the fence daemon refreshes the file descriptor on each operation.
- BZ#876731
- In a two node cluster where the network was not always reliable, and a token was lost but recovered before fencing was complete, the two nodes simultaneously killed each other. To fix this bug, only one node has been allowed to kill the other in a deterministic fashion. A cluster restart, one node at a time, is required for this change to take effect.
- BZ#881217
- Prior to this update, fenced, the daemon in charge of evicting cluster nodes, could suffer from a time-out while communicating with the ccsd cluster configuration daemon. The fenced daemon has been reconnected to ccsd when certain operations take too long to complete, thus fixing this bug.
- BZ#883816
- Previously, man pages had executable flags set. The manual pages permissions have been edited to agree with FHS standard, thus fixing this bug.
- BZ#904195
- Prior to this update, the end-of-line automatic character detection worked properly only when using ssh on certain Dell DRAC devices. With this update, the end-of-line character detection has been fixed and fencing works as expected.
- BZ#886612
- Prior to this update, APC power switches with firmware version 5.x were not supported. Consequently, the fence_apc fencing script could not login to the device. With this update, new firmware is supported and the fencing script is able to log in.
- BZ#961119
- Previously, the fence agent for Intel IPMILAN standard did not return exit code correctly when using the 'cycle' method. A patch has been provided to fix this bug and exit codes are now returned as expected.
- BZ#963251
- Prior to this update, the cman(5) man page did not document how to enable detailed logging in the CMAN subsystem. This update documents this facility in more detail.
Bug Fix
- BZ#923861
- In a two node cluster, under some circumstances where the network was not always reliable, and a token was lost but recovered before fencing was complete, then the two nodes simultaneously killed each other. With this update, the problem is solved by allowing only one node to kill the other in a deterministic fashion. A cluster restart, one node at a time, is required for this change to take effect.
4.14. conga
Bug Fixes
- BZ#514679
- Previously, a non-English locale caused luci, to display improper copyright information in the pages' footer. The respective template has been fixed so as not to translate the application-specific part and the whole footer now displays information correctly even in non-English locales.
- BZ#853018
- Prior to this update, luci contained non-visual links dedicated to better browsing experience in the agents supporting it, such as navigation to the site map, the access to which resulted in an error. The page titles also contained some rare inconsistencies. The luci templates clean-up has been provided to fix respective corner cases.
- BZ#872645
- For extremely large cluster.conf files, the luci serializer could not handle the complexity of a cluster configuration object as the serializer run into the recursion depth limit. Consequently, error messages were returned in luci. Caching of the object representing cluster configuration has been abandoned so that this error no longer occurs.
- BZ#883804
- Previously, the ricci(8) and luci_admin(8) manual pages of the respective conga packages were installed with incorrect permissions. File permissions have been corrected in the installation procedure and the manual pages are now installed correctly.
- BZ#887170
- Each time luci was used to start or restart a cluster, or to have previously inactivated node rejoined the cluster, it made cluster services such as cman, rgmanager or clvmd enabled on boot on the respective cluster nodes. This can interfere with the user's preferences, for instance, when running a 2-nodes cluster without a quorum disk and having the services disabled on purpose on one of the nodes to prevent fence races. To avoid this, Conga has been changed so that it no longer modifies the existing settings in the mentioned cases, while still enabling the services when the cluster is created or a new node is added.
- BZ#965785
- Previously, a segmentation fault occurred in the ricci daemon when processing cluster.conf files with very large values. This was caused by allocating large amounts of memory that were not available on the stack. A patch has been introduced to allocate memory on the heap and provide an error message if not enough memory is available. As a result, the segmentation fault no longer occurs.
4.15. coolkey
Enhancement
- BZ#948649
- Support for tokens containing ECC certificates has been added to the coolkey package.
4.16. cpio
Bug Fix
- BZ#867834
- Previously, the cpio command was unable to split file names longer than 155 bytes into two parts during the creation of archives of the "ustar" format. Consequently, cpio could store malformed file names or terminate unexpectedly with a segmentation fault. With this update, cpio now handles long file names without problems, and crashes no longer occur in the described scenario.
4.17. cups
Security Fix
- CVE-2012-5519
- It was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges.
4.18. curl
Security Fix
- CVE-2013-1944
- A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts.
Security Fix
- CVE-2013-2174
- A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.
4.19. dbus
Bug Fix
- BZ#517169
- Due to improper holding of file handles by D-Bus and gnome-vfs-daemon (specifically in the gtk_file_chooser_dialog_new() function), running a firmware update application on an IBM tape device caused a file handle to be opened for that tape device and never released. With this update, all open file handles are now properly closed, and the aforementioned application no longer holds the tape device indefinitely.
4.20. dbus-glib
Security Fix
- CVE-2013-0292
- A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges.
4.21. device-mapper-multipath
Bug Fix
- BZ#951435
- Previously, the multipathd daemon did not stop and wait for all of its threads on shutdown, which caused multipathd to occasionally terminate unexpectedly with a segmentation fault during shutdown. With this update, multipathd now correctly stops and waits for its threads during shutdown, and crashes no longer occur in the described scenario.
Bug Fix
- BZ#904106
- Previously, the uev_discard() function did not take into account trailing NULL bytes in stack variables. Consequently, on 32-bit systems with the cciss disk controller driver that uses long device names, the multipathd daemon could terminate unexpectedly with a segmentation fault. A patch has been provided to fix uev_discard() and the crashes no longer occur in the described scenario.
Bug Fixes
- BZ#522108
- Multipath was not correctly getting the vendor, product, and revision strings for certain devices. Consequently, users were unable to correctly configure or use these devices with multipath. With this update, multipath now uses a SCSI inquiry IOCTL request to correctly get this information, and multipath is now able to configure and use these devices.
- BZ#855147
- When a partition was resized, kpartx reloaded the partition device with the NOFLUSH flag enabled, which device-mapper does not allow, causing the device to be left in a suspended state. Users had to manually resume the devices to restore their use. However, this did not fix the partition device size, and the partitioned device would become unusable again the next time kpartx was run on the device. With this update, kpartx now checks if the partition has changed size, and does not set the NOFLUSH flag when reloading a partitioned device with a new size. Now, users can repartition devices with kpartx without those devices becoming unusable.
- BZ#860185
- Previously, the multipathd daemon did not stop and wait for all of its threads on shutdown, which caused multipathd to occasionally terminate unexpectedly with a segmentation fault during shutdown. With this update, multipathd now correctly stops and waits for its threads during shutdown, and crashes no longer occur in the described scenario.
- BZ#872439
- Previously, the multipathd daemon terminated unexpectedly with a segmentation fault on 32-bit systems with a cciss disk controller. This was caused by a stack corruption in uev_discard() function. This update corrects the code in the uev_discard() function, and crashes no longer occur in the described scenario.
- BZ#910585
- If the /var/cache directory was a separate file system, the multipathd daemon unmounted it in its private namespace on start up. However, multipath requires the /var/cache directory to properly setup its private namespace. Consequently, the multipathd daemon failed to start on machines where the /var/cache directory was a separate file system. With this update, the multipathd daemon no longer unmounts the /var/cache directory from its private namespace, and multipathd will now correctly start up on machines where the /var/cache directory is a separate file system.
- BZ#948309
- Multipath switched to use the cciss_id callout for HP P2000 G3 SAS storage devices, which did not correctly provide the UUID. Consequently, multipath was unable to correctly configure HP P2000 G3 SAS devices. With this update, multipath switched back to using the scsi_id callout with the "-n" option to enable it to function with cciss devices, and multipath can now correctly configure HP P2000 G3 SAS devices.
Enhancements
- BZ#799907
- This update adds a built-in configuration for the IBM XIV Storage System.
- BZ#839983
- With this update, when multipath is set to log level 3, it will now print messages whenever it forks to execute a callout. This update helps debug a segmentation fault with multipath on Xen setups.
- BZ#916630
- With this update, the default configuration for NetApp devices now includes the "flush_on_last_del yes" parameter. With the default configuration, when all path devices to a NetApp LUN have been removed from the system, the multipath device for that LUN stops queuing I/O.
4.22. dhcp
Bug Fix
- BZ#902359
- When the dhclient utility was executed with the "-1" command-line option, and then issued a DHCPDECLINE message, it restarted the process of acquiring a lease instead of exiting, as is expected with the "-1" option. A patch has been provided to address this bug and now, after sending a DHCPDECLINE message, dhclient prints out an error message and exits properly.
4.23. dovecot
Bug Fix
- BZ#968377
- Previously, the dovecot package contained a bug in the LDAP-related code and could get into an infinite loop when an LDAP connection was unstable, making it impossible for users to log in and read emails. This update fixes the LDAP code and dovecot now handles unstable connections with an LDAP server without problems.
4.24. e2fsprogs
Bug Fix
- BZ#949435
- A bug in the libblkid library allowed an access to the already freed memory when reading block device entries in cache during kernel installation using the grubby tool. As a consequence, grubby could terminate unexpectedly with a segmentation fault causing the installation to fail. This update modifies libblkid so that it now properly handles pointers to the device structure, and the kernel can now be installed as expected when using grubby.
4.25. elinks
Security Fix
- CVE-2012-4545
- It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI.
4.26. esc
Bug Fix
- BZ#921957
- The ESC utility did not start when the latest 17 series release of the XULRunner runtime environment was installed on the system. This update includes necessary changes to ensure that ESC works as expected with the latest version of XULRunner.
4.27. firefox
Security Fixes
- CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783
- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-0776
- It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site.
Security Fixes
- CVE-2013-1701
- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-1710
- A flaw was found in the way Firefox generated Certificate Request Message Format (CRMF) requests. An attacker could use this flaw to perform cross-site scripting (XSS) attacks or execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-1709
- A flaw was found in the way Firefox handled the interaction between frames and browser history. An attacker could use this flaw to trick Firefox into treating malicious content as if it came from the browser history, allowing for XSS attacks.
- CVE-2013-1713
- It was found that the same-origin policy could be bypassed due to the way Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker could use this flaw to perform XSS attacks, or install malicious add-ons from third-party pages.
- CVE-2013-1714
- It was found that web workers could bypass the same-origin policy. An attacker could use this flaw to perform XSS attacks.
- CVE-2013-1717
- It was found that, in certain circumstances, Firefox incorrectly handled Java applets. If a user launched an untrusted Java applet via Firefox, the applet could use this flaw to obtain read-only access to files on the user's local system.
Security Fixes
- CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690
- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-1692
- It was found that Firefox allowed data to be sent in the body of XMLHttpRequest (XHR) HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery (CSRF) attacks.
- CVE-2013-1693
- Timing differences in the way Firefox processed SVG image files could allow an attacker to read data across domains, potentially leading to information disclosure.
- CVE-2013-1694, CVE-2013-1697
- Two flaws were found in the way Firefox implemented some of its internal structures (called wrappers). An attacker could use these flaws to bypass some restrictions placed on them. This could lead to unexpected behavior or a potentially exploitable crash.
Security Fixes
- CVE-2013-0788
- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-0795
- A flaw was found in the way Same Origin Wrappers were implemented in Firefox. A malicious site could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-0796
- A flaw was found in the embedded WebGL library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: This issue only affected systems using the Intel Mesa graphics drivers.
- CVE-2013-0800
- An out-of-bounds write flaw was found in the embedded Cairo library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-0793
- A flaw was found in the way Firefox handled the JavaScript history functions. A malicious site could cause a web page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks.
Security Fixes
- CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736
- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-1737
- A flaw was found in the way Firefox handled certain DOM JavaScript objects. An attacker could use this flaw to make JavaScript client or add-on code make incorrect, security sensitive decisions.
Security Fixes
- CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
- CVE-2013-1670
- A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks.
4.28. flash-plugin
Security Fix
- CVE-2013-3343
- This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-16. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fix
- CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375
- This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-09. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fix
- CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
- This update fixes four vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-21. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fix
- CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
- This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-14. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fix
- CVE-2013-0633, CVE-2013-0634
- This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-04. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fixes
- CVE-2013-0504, CVE-2013-0648
- This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-08. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
- CVE-2013-0643
- This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox.
Security Fix
- CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555
- This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-11. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fix
- CVE-2013-3344, CVE-2013-3345, CVE-2013-3347
- This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fix
- CVE-2013-0630
- This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-01. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
Security Fixes
- CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374
- This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
- CVE-2013-0637
- A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page.
4.29. freetype
Security Fix
- CVE-2012-5669
- A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
4.30. gdm
Security Fix
- CVE-2013-4169
- A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root.
4.31. gfs2-utils
Bug Fixes
- BZ#877150
- Previously, a bug in the fsck.gfs2 utility caused files to be placed in the /lost+found/ directory, and these files could not be deleted in some circumstances. As a result, the fsck.gfs2 utility in Red Hat Enterprise Linux 6.4 was better able to repair GFS2 file system damage than in 5.9 or earlier versions. This update corrects these issues by including several fixes for the bugs from a newer version of the fsck.gfs2 utility, and Red Hat Enterprise Linux version 5.10 is able to fix GFS2 file systems as well as in version 6.4.
- BZ#883864
- Prior to this update, the manual pages included in the gfs2-utils package were incorrectly installed with permissions set to 0755. This was not necessary, because manual pages do not contain executable data. This update fixes the problem by updating the package to install these manual pages with permissions set to 0644, which is similar to other manual pages.
- BZ#887374
- The gfs2_convert utility allows the user to convert a file system from GFS to GFS2. Previously, this utility did not properly convert files and directories with certain metadata characteristics. As a consequence, running the fsck.gfs2 utility after such a conversion produced a number of errors. This update fixes the gfs2_convert tool so that it properly handles those file and directory metadata characteristics. As a result, the fsck.gfs2 utility no longer reports errors when run after a conversion.
- BZ#994643
- Prior to this update, if one of gfs2_tool, gfs2_quota, gfs2_grow, or gfs2_jadd was killed unexpectedly, a temporary GFS2 metadata mount point used by those tools could be left mounted. The mount point was also not registered in /etc/mtab and so the "umount -a -t gfs2" command would not unmount it. This mount point could prevent systems from rebooting properly, and cause the kernel to panic in cases where it was manually unmounted after the normal GFS2 mount point. This update fixes the problem by creating an mtab entry for the temporary mount point and unmounting it before exiting when signals are received.
Bug Fix
- BZ#956030
- Previously, the gfs2_convert tool, which converts file systems from GFS to GFS2, did not properly convert files and directories with certain metadata characteristics. This caused errors to be reported when fsck.gfs2 was run after the conversion. This update fixes the gfs2_convert tool so that it properly handles those file and directory metadata characteristics. As a result, no errors should be reported when fsck.gfs2 is run after the conversion.
4.32. ghostscript
Bug Fix
- BZ#1006165
- Previously, some PDF files with incomplete ASCII base-85 encoded images caused the ghostscript utility to terminate with the following error:
/syntaxerror in ID
The problem occurred when the image ended with "~" (tilde) instead of "~>" (tilde, right angle bracket) as defined in the PDF specification. An upstream patch has been applied and ghostscript now handles these PDF files without errors.
4.33. glibc
Bug Fixes
- BZ#706571
- The library uses the compat_call() function which in turn uses the getgrent_r() function which is reentrant safe, but not thread safe. As a result, if multiple threads call getgrent_r() using compat_call(), they may race against each other, resulting in some groups not being properly reported. With this update, locking was added to the compat_call() function to prevent multiple threads from racing. All groups are now properly reported.
- BZ#816647
- A library security mechanism failed to correctly run the initialization function of dynamically-loaded character conversion routines. Consequently, glibc could sometimes terminate unexpectedly with a segmentation fault when attempting to use one dynamically-loaded character conversion routine. The library security mechanism has been fixed to correctly run the initialization function. After this update, the aforementioned problem no longer occurs in this situation.
- BZ#835828
- Various bugs in the wide character version of the fseek() function resulted in the internal FILE offset field being set incorrectly in wide character streams. As a result, the offset returned by the ftell() function was incorrect, and sometimes, data could be overwritten. The ftell() function was fixed to correctly set the internal FILE offset field for wide characters. The ftell() and fseek() functions now handle offsets for wide characters correctly.
- BZ#861871
- A fix to prevent logic errors in various mathematical functions, including exp(), exp2(), expf(), exp2f(), pow(), sin(), tan(), and rint(), caused by inconsistent results when the functions were used with the non-default rounding mode, creates performance regressions for certain inputs. The performance regressions have been analyzed and the core routines have been optimized to improve performance.
- BZ#929035
- A defect in the nscd daemon caused it to cache results for DNS entries with a TTL value of zero. This caused DNS lookups to return stale results. The nscd daemon has been fixed to correctly respect DNS TTL entries of zero. The nscd daemon no longer cache DNS entries with a TTL of zero and lookups for those entries return the correct and current results.
- BZ#957089
- A defect in the library localization routines resulted in unexpected termination of the application in low-memory conditions. The affected routines have been fixed to correctly detect and report errors when a low-memory condition prevents their correct operation. Applications running under low-memory conditions no longer terminate unexpectedly while calling localization routines.
Bug Fixes
- BZ#962903
- A bug in the nscd daemon caused it to cache results for DNS entries with a TTL value of zero. Consequently, DNS lookups returned stale results. The nscd daemon has been fixed to correctly respect DNS TTL entries of zero. Now, nscd no longer caches DNS entries with a TTL of zero and lookups for those entries return correct and current results.
- BZ#963812
- Previously, a library-security mechanism failed to correctly run the initialization functions of dynamically loaded character-conversion routines. This could lead to an unexpected termination with a segmentation fault when trying to use such a routine. With this update, the library-security mechanism has been fixed to correctly run the initialization functions and the character-conversion routines no longer cause crashes.
- BZ#963813
- Due to a bug in the library-localization routines, applications could terminate unexpectedly in low-memory conditions. The affected routines have been fixed to correctly detect and report errors in the event of a low-memory condition preventing their correct operation. As a result, applications running under low-memory conditions no longer crash while calling localization routines.
Bug Fix
- BZ#924825
- The C library security mechanism was unable to handle dynamically loaded character conversion routines when loaded at specific virtual addresses. This resulted in an unexpected termination with a segmentation fault when trying to use the dynamically loaded character conversion routine. This update enhances the C library security mechanism to handle dynamically loaded character conversion routines at any virtual memory address and the crashes no longer occur in the described scenario.
Security Fixes
- CVE-2013-1914
- It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.
- CVE-2013-0242
- A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.
Bug Fixes
- BZ#950535
- The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993 for further information.
- BZ#951493
- It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access.
4.34. gnome-vfs2
Bug Fix
- BZ#972702
- A recent upgrade that modified the behavior of the stat() function to better support symbolic links caused the Nautilus file manager to not display the items in the Trash directory. The underlying source code was unable to find the right path of the Trash directory, making the Trash directory appear empty. With this update, an extra stat() call is in place to ensure the right information is provided, and moving files to the Trash directory now works as expected.
4.35. gnutls
Security Fix
- CVE-2013-2116
- It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS.
Security Fix
- CVE-2013-1619
- It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.
4.36. gtk2
Bug Fix
- BZ#649682
- Previously, a post-installation process error occurred when updating GTK2 on systems using Itanium processors due to an incorrect usage of hard coded paths that were not translated correctly on the Itanium architecture. This update corrects the errors in the hard coded paths, and it is now possible to update GTK2 on Itanium processors.
4.37. httpd
Security Fixes
- CVE-2012-4558
- Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session.
- CVE-2013-1862
- It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.
- CVE-2012-3499
- Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim's browser generate an HTTP request with a specially-crafted Host header.
Security Fix
- CVE-2013-1896
- A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.
Bug Fix
- BZ#974162
- Due to a bug in the mod_mem_cache module, child processes sometimes terminated unexpectedly with a segmentation fault while using the threaded "worker" Multi-Processing Modules (MPM) (/usr/sbin/httpd.worker). This update fixes mod_mem_cache to repair thread-safety issues, and crashes no longer occur in the described scenario.
4.38. hwcert-client-1.5
4.39. hwdata
Enhancement
- BZ#963249
- The PCI ID numbers have been updated for the Beta and the Final compose lists.
4.40. hypervkvpd
Security Fix
- CVE-2012-5532
- A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit.
Bug Fix
- BZ#953502
- The hypervkvpd daemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a "KVP: Failed to open file, pool: 1" error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting this issue.
4.41. initscripts
Bug Fixes
- BZ#545881
- Previously, the information in the sysconfig.txt file was not precise enough and could mislead the users:
Enable or disable IPv6 configuration for this interface
The text has been updated to the following form:Enable or disable IPv6 static, DHCP, or autoconf configuration for this interface
From the updated information it is now clear that theIPV6INIT=no
setting does not mean that the whole IPv6 is disabled. - BZ#636861
- Previously, the shutdown script ran the
hardware clock
tool, which attempted to access the/dev/rtc
device even if it did not exist. A patch has been provided to fix this bug andinitscripts
now verifies if the/dev/rtc
device exists before attempting to run thehardware clock
tool. - BZ#735982
- Prior to this update, the
sysctl.d
feature was not included in thesysctl
utility manual page. The manual page has been updated, thus fixing the bug. - BZ#747418
- Previously, primary slave was set before bond initialization, which led to error messages being returned. To fix this bug, the
primary=
option is ignored before slaves are set up and this value is set after the enslavement. As a result, no error messages are returned. - BZ#814058
- When kernel module required a device removal, the
/etc/sysconfig/network-scripts/net.hotplug
utility tried to remove the device. As the device was not present, it led to an error message being returned. The patched version checks whether the/sys/class/net/$DEVICE
device is present and if not, the device is now ignored. - BZ#843386
- After sending a TERM signal, the
killproc()
function always waited a number of seconds before it checked the process again. Consequently, the user waited unnecessarily long. A patch has been provided to check the process multiple times during the delay. As a result,killproc()
can continue almost immediately after the process ends. - BZ#844671
- The previous version of the
kpartx
tool was not called with-p p
option, which led to inconsistent partition mappings on some disks or partitions not mapped at all. A patch has been provided to fix this bug. All configured devices are now properly represented in the /dev/mapper application and have the correct partition mappings present with consistent delimiter usage. - BZ#852967
- When the names of
initscripts
andlockfile
differed, thestatus()
function was not able to determine whether the subsystem was locked. The possibility to specify explicitly the name of lockfile through the-l
option has been added and thestatus()
function can now determine whether the subsystem is locked. - BZ#853038
- The previous version of
initscripts
did not support the IPv6 routing in the same way the IPv4 routing did. IPv6 addressing and routing could be achieved only by specifying theip
commands explicitly with the -6 flag in the/etc/sysconfig/network-scripts/route-DEVICE_NAME
configuration file (whereDEVICE_NAME
is the name of the respective network interface). With this update, related network scripts have been modified to provide support for IPv6 routing. IPv6 routing is now configured separately in the the/etc/sysconfig/network-scripts/route6-DEVICE_NAME
file, thus fixing this bug. - BZ#860252
- Previous version of sysconfig.txt file led users to insert the
VLAN=yes
option into the global configuration file. Consequently, an interface with a name containing a dot (brbond0.XX) was recognized as a VLAN interface. To fix this bug, sysconfig.txt has been changed and VLAN stanza has been added to the interface configuration file. As a result, the above mentioned devices are no longer recognized as VLAN interfaces. - BZ#862597
- The descriptions of the
kernel.msgmax
parameter:Controls the default maxmimum size of a message queue
and thekernel.msgmnb
parameter:Controls the maximum size of a message, in bytes
in the default/etc/sysctl.conf
were incorrect. As the actual definitions are vice versa, the descriptions have been swapped, thus fixing the bug. - BZ#880890
- If a network bond device had a name that was a substring of another bond device, both devices changed their states due to the incorrect bond device name test. A patch has been provided in the regular expression test and bond devices now change their states as expected.
- BZ#957109
- Previously, the sysconfig.txt file advised users to use an incorrect command,
saslauthd -a
instead ofsaslauthd -v
. Consequently, the command failed with an error message. The instruction in the sysconfig.txt file has been corrected and thesaslauthd -v
command now returns expected results.
Enhancements
- BZ#705218
- Users can now set the NIS (Network Information Service) domain name by configuring the
NISDOMAIN
parameter in the/etc/sysconfig/network
file, or other relevant configuration files.
4.42. ipa-client
Security Fix
- CVE-2012-5484
- A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server's Certificate Authority (CA) certificate to the client during a join, the IPA client enrollment process was susceptible to man-in-the-middle attacks. This flaw could allow an attacker to obtain access to the IPA server using the credentials provided by an IPA client, including administrative access to the entire domain if the join was performed using an administrator's credentials.Note: This weakness was only exposed during the initial client join to the realm, because the IPA client did not yet have the CA certificate of the server. Once an IPA client has joined the realm and has obtained the CA certificate of the IPA server, all further communication is secure. If a client were using the OTP (one-time password) method to join to the realm, an attacker could only obtain unprivileged access to the server (enough to only join the realm).
Bug Fixes
- BZ#821500
- If the IPA CA (Certification Authority) could not be added to the shared NSS database in the /etc/pki/nssdb/ directory, the client installer terminated unexpectedly with a fatal error message. The location of the directory has been fixed and the client installer no longer crashes.
- BZ#907071
- Due to a missing dependency on the pyOpenSSL package, installation of the ipa-client package failed. The missing dependency has been added and ipa-client can now be installed as expected.
- BZ#915504
- In some cases, a CA certificate was stored in the base64-encoded form (PEM) instead of the binary form (DER). The wrong CA format caused ipa-client to act as if no CA was available and the system enrollment to terminate unexpectedly. The ipa-client-install utility has been fixed to make the client more flexible and be able to handle the data stored in either format. As a result, the system enrollment as an IPA client now succeeds.
- BZ#949632
- Due to a bug, if one of the IPA masters was unavailable during enrollment, the ipa-client-install did not fail over to another master. Consequently, the ipa-client installation terminated unexpectedly. This bug has been fixed, and ipa-client-install now fails over to a functional replica as expected.
- BZ#961132
- Previously, there was more than one code path where a cleanup routine could be called. If the xmlrpc_env_clean() function preceded the initializing xmlrpc_env_init() function, the unenrolling of a client could fail. The order of the calls in xmlrpc-c has been edited and unenrolling a client no longer fails.
- BZ#976372
- In some cases, if replication between two IPA masters was slow, there was a short time period where the client was not known to one of the masters. Consequently, the kinit utility failed. The installation process has been reordered so that all operations are done against the same master the enrollment is initiated with.
4.43. jakarta-commons-httpclient
Security Fix
- CVE-2012-5783
- The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.
4.44. java-1.5.0-ibm
Security Fix
- CVE-2013-1500, CVE-2013-1571, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
Security Fix
- CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
Security Fix
- CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
4.45. java-1.6.0-ibm
Security Fix
- CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
Security Fix
- CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
Security Fix
- CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2440
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
4.46. java-1.6.0-openjdk
Security Fixes
- CVE-2013-0809
- An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
- CVE-2013-1493
- It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
Security Fixes
- CVE-2013-1569, CVE-2013-2383, CVE-2013-2384
- Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption.
- CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557
- Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-1537
- The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code.
- CVE-2013-2420
- Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details.The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption.
- CVE-2013-2431, CVE-2013-2421
- It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-2429, CVE-2013-2430
- It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption.
- CVE-2013-1488, CVE-2013-2426
- The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions.
- CVE-2013-0401
- The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.
- CVE-2013-2417, CVE-2013-2419
- Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine.
- CVE-2013-2424
- The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes.
- CVE-2013-2415
- It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS.
Security Fixes
- CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428
- Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-1478, CVE-2013-1480
- Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.
- CVE-2013-0432
- A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions.
- CVE-2013-0435
- The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted.
- CVE-2013-0427, CVE-2013-0433, CVE-2013-0434
- Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
- CVE-2013-0424
- It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.
- CVE-2013-0440
- It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.
- CVE-2013-0443
- It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack.
Security Fixes
- CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469
- Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption.
- CVE-2013-2459
- Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
- CVE-2013-2448, CVE-2013-2457, CVE-2013-2453
- Multiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446
- Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information.
- CVE-2013-2445
- It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine.
- CVE-2013-2444, CVE-2013-2450
- It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service.
- CVE-2013-2407, CVE-2013-2461
- It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service.
- CVE-2013-2412
- It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.
- CVE-2013-1571
- It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation.
- CVE-2013-1500
- It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment.
Security Fixes
- CVE-2013-1486
- An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
- CVE-2013-0169
- It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.
4.47. java-1.6.0-sun
Security Fix
- CVE-2013-0169, CVE-2013-1486, CVE-2013-1487
- This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.
Security Fix
- CVE-2013-0401, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2439, CVE-2013-2440
- This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.
Security Fix
- CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481
- This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.
Security Fix
- CVE-2013-0809, CVE-2013-1493
- This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page.
4.48. java-1.7.0-ibm
Security Fix

- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
Security Fix
- CVE-2012-1541, CVE-2012-3174, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
Security Fix
- CVE-2013-0169, CVE-2013-0401, CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440
- This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page.
4.49. java-1.7.0-openjdk
Security Fixes
- CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444
- Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-1478, CVE-2013-1480
- Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.
- CVE-2013-0432
- A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions.
- CVE-2013-0435
- The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted.
- CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434
- Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
- CVE-2013-0424
- It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.
- CVE-2013-0440
- It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.
- CVE-2013-0443
- It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack.
Security Fixes
- CVE-2013-1486, CVE-2013-1484
- Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-1485
- An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
- CVE-2013-0169
- It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.
Security Fixes
- CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469
- Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption.
- CVE-2013-2459
- Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
- CVE-2013-2448, CVE-2013-2454, CVE-2013-2458, CVE-2013-2457, CVE-2013-2453, CVE-2013-2460
- Multiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446
- Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information.
- CVE-2013-2445
- It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine.
- CVE-2013-2444, CVE-2013-2450
- It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service.
- CVE-2013-2407, CVE-2013-2461
- It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service.
- CVE-2013-2412
- It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.
- CVE-2013-2449
- It was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information.
- CVE-2013-1571
- It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation.
- CVE-2013-1500
- It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment.
- Previously, GlassFish 4 failed to start with the following message:
Caused by: java.util.MissingResourceException: Can't find com.sun.enterprise.util.LogMessages bundle
- Picketlink on JBoss AS 7.1 failed to create SAML assertions for user names containing the vertical bar (|) symbol due to an incorrect library path. The path for the JDK image has been corrected and the problem no longer occurs.
- After application server restart on servers that were using SOAP messaging, the initialization of the service consumer failed with an ExceptionInInitializerError.
- When running GRails applications, the applications failed with a ClassNotFoundException due to an incorrect library path. (BZ#978441)
Security Fixes
- CVE-2013-0809
- An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
- CVE-2013-1493
- It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
Security Fix
- CVE-2012-3174, CVE-2013-0422
- Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Security Fixes
- CVE-2013-1569, CVE-2013-2383, CVE-2013-2384
- Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption.
- CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518, CVE-2013-1557
- Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-1537
- The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code.
- CVE-2013-2420
- Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details.The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption.
- CVE-2013-2431, CVE-2013-2421, CVE-2013-2423
- It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform access checks and MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
- CVE-2013-2429, CVE-2013-2430
- It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption.
- CVE-2013-1488, CVE-2013-2426
- The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions.
- CVE-2013-0401
- The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.
- CVE-2013-2417, CVE-2013-2419
- Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine.
- CVE-2013-2424
- The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes.
- CVE-2013-2415
- It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS.
4.50. java-1.7.0-oracle
Security Fix

- This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.
Security Fix
- CVE-2013-0809, CVE-2013-1493
- This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page.
Security Fix
- CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440
- This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.
Security Fix

- This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.
Security Fix
- CVE-2012-3174, CVE-2013-0422
- This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page.
Security Fix
- CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487
- This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.
4.51. kernel
Security Fixes
- CVE-2013-6381, Important
- A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
- CVE-2013-4483, Moderate
- A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system.
- CVE-2013-4554, Moderate
- It was found that the Xen hypervisor implementation did not correctly check privileges of hypercall attempts made by HVM guests, allowing hypercalls to be invoked from protection rings 1 and 2 in addition to ring 0. A local attacker in an HVM guest able to execute code on privilege levels 1 and 2 could potentially use this flaw to further escalate their privileges in that guest. Note: Xen HVM guests running unmodified versions of Red Hat Enterprise Linux and Microsoft Windows are not affected by this issue because they are known to only use protection rings 0 (kernel) and 3 (userspace).
- CVE-2013-6383, Moderate
- A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.
- CVE-2013-6885, Moderate
- It was found that, under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on certain AMD CPUs (for more information, refer to AMD CPU erratum 793 linked in the References section). A privileged user in a guest running under the Xen hypervisor could use this flaw to cause a denial of service on the host system. This update adds a workaround to the Xen hypervisor implementation, which mitigates the AMD CPU issue. Note: this issue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs are not vulnerable.
- CVE-2013-7263, Low
- It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls.
- CVE-2013-2929, Low
- A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information.
Bug Fixes
- BZ#1044328
- Due to a bug in the cifs module, the calculation of the number of virtual circuits was handled incorrectly when establishing SMB sessions. As a consequence in environments with multiple TCP connections between the same SMB client and SMB server, each time a TCP connection was established, all other TCP connections from the client to the server were reset, resulting in an endless loop. With this update, the number of virtual circuits is constantly set to 1, which ensures the correct behavior of the cifs module in this situation.
- BZ#1050097
- Certain storage device or storage environment failures could cause all SCSI commands and task management functions that were sent to a SCSI target to time out, without any other indication of an error. As a consequence, the Linux SCSI error handling code stopped issuing any I/O operations on the entire HBA adapter until the recovery operations completed. Additionally when using DM Multipath, I/O operations did not fail over to a working path in this situation. To resolve this problem, a new sysfs parameter, "eh_deadline", has been added to the SCSI host object. This parameter allows to set the maximum amount of time for which the SCSI error handling attempts to perform error recovery before resetting the entire HBA adapter. This timeout is disabled by default. The default value of this timeout can be reset for all SCSI HBA adapters on the system using the "eh_deadline" kernel parameter. The described scenario no longer occurs if eh_deadline is properly used.
- BZ#1051535
- A previous change that corrected a bug preventing communication between NICs using be2net introduced a memory leak in the be2net transmitter (Tx) code path. The memory leak has been fixed by applying a series of patches that corrects handling of socket buffers (SKBs) in the Tx code path.
Enhancement
- BZ#1054055
- Support for a kernel symbol that allows printing a binary blob of data as a hex dump to syslog has been added to kABI (Kernel Application Binary Interface).
Security Fix
- CVE-2012-4398, Moderate
- It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption).
Bug Fixes
- BZ#995961
- A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx.
- BZ#987539
- A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation.
- BZ#987244, BZ#978305
- Due to a segment register that was not reset after transition to protected mode, a bug could have been triggered in certain older versions of the upstream kernel (the kernel 3.9 - 3.9.4), preventing a guest system from booting and rendering it unresponsive on certain Intel Virtualization Technology (VT) hardware. On the newer kernels, this behavior had a significant impact on the booting speed of virtual machines. This update applies a patch providing early segment setup for the VT feature which allows executing VT under WMware and KVM. Guest machines no longer hang on boot and booting process is now significantly faster when using 64-bit Intel hardware with the VT feature enabled.
- BZ#981337
- Due to a bug in the networking stack, the kernel could attempt to deference a NULL pointer if a VLAN was configured on top of a GRE tunnel and network packets were transmitted, which resulted in a kernel panic. A patch has been applied to fix this bug by modifying the net driver to test a VLAN hardware header for a NULL value properly. The kernel no longer panics in this scenario.
- BZ#967053
- A kernel panic could occur in the XEN hypervisor due to a race in the XEN's tracing infrastructure. The race allows an idle vCPU to attempt to log a trace record while another vCPU executes a hypercall to disable the active tracing: for example, when using the xenmon.py performance monitoring utility. To avoid triggering the panic, the respective BUG_ON() routine call in the trace code has been replaced with a simple test condition. The XEN hypervisor no longer crashes due to aforementioned race condition.
- BZ#965359
- Due to a bug in memory management, a kernel thread process could become unresponsive for a significant amount of time, waiting for a quota of dirty pages to be met and written out, which caused a kernel panic. With this update, memory management allows processes to break out of the throttle loop if there are no more dirty pages available to be written out. This prevents a kernel panic from occurring in this situation.
- BZ#957604
- A previous change in the port auto-selection code allowed sharing ports with no conflicts extending its usage. Consequently, when binding a socket with the SO_REUSEADDR socket option enabled, the bind(2) function could allocate an ephemeral port that was already used. A subsequent connection attempt failed in such a case with the EADDRNOTAVAIL error code. This update applies a patch that modifies the port auto-selection code so that bind(2) now selects a non-conflict port even with the SO_REUSEADDR option enabled.
- BZ#950137
- Due to a bug in the be2net driver, events in the RX, TX, and MCC queues were not acknowledged before closing the respective queue. This could cause unpredictable behavior when creating RX rings during the subsequent queue opening. This update applies a patch that corrects this problem and events are now acknowledged as expected in this scenario.
- BZ#948317
- Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). This consequently caused the NFS client to become unresponsive. With this update, safe list iteration is used, which prevents the client from hanging in this scenario.
- BZ#947732
- When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur.
- BZ#928098
- A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as "not in use". Consequently, automount attempted to unmount the tree and failed with a "failed to umount offset" error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs.
- BZ#924011
- Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally, thus preventing this bug.
- BZ#918592
- Previously, the NFS Lock Manager (NLM) did not resend blocking lock requests after NFSv3 server reboot recovery. As a consequence, when an application was running on a NFSv3 mount and requested a blocking lock, the application received an -ENOLCK error. This patch ensures that NLM always resend blocking lock requests after the grace period has expired.
- BZ#907524
- Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed, and a kernel panic no longer occurs in this scenario.
- BZ#906909
- When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a "-ENOTDIR" error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected.
- BZ#905190
- The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output.
- BZ#901547
- The size of the buffer used to print the kernel taint output on kernel panic was too small, which resulted in the kernel taint output not being printed completely sometimes. With this update, the size of the buffer has been adjusted and the kernel taint output is now displayed properly.
- BZ#894636
- Previously, the Generic Receive Offload (GRO) functionality was not enabled by default for VLAN devices. Consequently, certain network adapters, such as Emulex Virtual Fabric Adapter (VFA) II, that use be2net driver, were dropping packets when VLAN tagging was enabled and the 8021q kernel module loaded. This update applies a patch that enables GRO by default for VLAN devices.
- BZ#885125
- Certain recent Intel input/output memory management unit (IOMMU) systems reported very large numbers of supported mapping domains. Consequently, if the number was too large, booting a system with the intel_iommu kernel parameter enabled (intel_iommu=on) failed with the following error message:
Allocating domain array failed.
With this update, a limit of 4000 domains is set to avoid the described problems. - BZ#881885
- Previously, the Xen kernel used the memory size found at the "0x40e" address as the beginning of the Extended BIOS Data Area (EBDA). However, this is not valid on certain machines, such as Dell PowerEdge R710, which caused the system to become unresponsive during boot on these machines. This update modifies the kernel to use the multiboot structure to acquire the correct location of EBDA and the system boot now proceeds as expected in this scenario.
- BZ#878316
- Previously, race conditions could sometimes occur in interrupt handling on the Emulex BladeEngine 2 (BE2) controllers, causing the network adapter to become unresponsive. This update provides a series of patches for the be2net driver, which prevents the race from occurring. The network cards using BE2 chipsets no longer hang due to incorrectly handled interrupt events.
- BZ#878209
- Due to a regression introduced by a recent update of the be2net driver, 10Gb NICs configured to use multiple receive queues across multiple CPUs were restricted to use a single receive queue on a single CPU. This resulted in significant performance degradation. With this update, the be2net driver has been corrected to provide support for multiple receive queues on 10Gb NICs as expected.
- BZ#877474
- A previous change in the tg3 driver corrected a bug causing DMA read engine of the Broadcom BCM5717 Ethernet controller to initiate multiple DMA reads across the PCIe bus. However, the original bug fix used the CHIPREV_ID_5717_A0 macro which is more restrictive so that the DMA read problem was not fixed for the Broadcom BCM5718 Ethernet controller. This update modifies the code to use the ASIC_REV_5717 macro, which corrects the original bug properly.
- BZ#876587
- The code to print the kernel taint output contained a typographical error. Consequently, the kernel taint output, which is displayed on kernel panic, could not provide taint error messages for unsupported hardware. This update fixes the typo and the kernel taint output is now displayed correctly.
- BZ#872531
- The cxgb4 driver previously did not clear data structures used for firmware requests. Consequently, when initializing some Chelsio's Terminator 4 (T4) adapters, a probe request could fail because the request was incompatible with the adapter's firmware. This update modifies the cxgb4 driver to properly initialize firmware request structures before sending a request to the firmware and the problem no longer occurs.
- BZ#865095
- The memory management code specific to the AMD64 and Intel 64 architectures previously did not contain proper memory barriers in the smp_invalidate_interrupt() routine. As a consequence, CPUs on AMD64 and Intel 64 systems containing modulo 8 number of CPUs (8, 16, 24 and so on) could sometimes heavily compete for spinlock resources, spending most of the CPU time by attempts to acquire spinlocks. Such systems could therefore rarely appear to be unresponsive with a very slow computing progress. This update applies a patch introducing proper memory barriers in the smp_invalidate_interrupt() routine so the problem can no longer occur.
- BZ#864648
- Previously, the kernel's futex wait code used timeouts that had granularity in milliseconds. Also, when passing these timeouts to system calls, the kernel converted the timeouts to "jiffies". Consequently, programs could time out inaccurately which could lead to significant latency problems in certain environments. This update modifies the futex wait code to use a high-resolution timer (hrtimer) so the timeout granularity is now in microseconds. Timeouts are no longer converted to "jiffies" when passed to system calls. Timeouts passed to programs are now accurate and the programs time out as expected.
- BZ#862865
- A boot-time memory allocation pool (the DMI heap) is used to keep the list of Desktop Management Interface (DMI) devices during the system boot. Previously, the size of the DMI heap was only 2048 bytes on the AMD64 and Intel 64 architectures and the DMI heap space could become easily depleted on some systems, such as the IBM System x3500 M2. A subsequent OOM failure could, under certain circumstances, lead to a NULL pointer entry being stored in the DMI device list. Consequently, scanning of such a corrupted DMI device list resulted in a kernel panic. The boot-time memory allocation pool for the AMD64 and Intel 64 architectures has been enlarged to 4096 bytes and the routines responsible for populating the DMI device list have been modified to skip entries if their name string is NULL. The kernel no longer panics in this scenario.
- BZ#862520
- Due to a bug in the be2net driver, the receive completion queue (RX CQ) could report completions with an incorrect fragment ID (frag_idx). This triggered a BUG_ON() macro that resulted in a kernel panic. A patch has been applied to the be2net driver ensuring that partially coalesced CQ entries are properly flushed when completion coalescing is enabled on a CQ. The kernel no longer panics in this situation.
- BZ#859194
- The generic allocator (genalloc) could, under certain circumstances, incorrectly allocate memory for the gen_pool structure. This could result in memory corruption where genalloc attempted to set the bits it had not allocated. A patch has been applied that ensures proper byte allocation and the memory corruption problem no longer occurs when allocating a generic memory pool.
- BZ#853145
- Previously, an NFS client could sometimes cache negative dentries until the page cache was flushed or the directory listing operation was performed on the parent directory. As a consequence, an incorrect dentry was never normally revalidated and a stat call always failed, providing incorrect results. This was caused by an incorrect resolution of an attribute indicating a cache change (cache_change_attribute) along with insufficient flushing of cached directories. A series of patches has been backported to resolve this problem so the cache_change_attribute is now updated properly and the cached directories are flushed more readily.
- BZ#845447
- Previously, when hot-unplugging a USB serial adapter device, the USB serial driver did not properly clean up used serial ports. Therefore, when hot-plugging the USB serial device again, the USB serial driver allocated new port IDs instead of using previously used ports. This update modifies the USB serial driver to clean up open ports correctly so that the ports can be reused next time the device is plugged in.
- BZ#843473
- With Red Hat Enterprise Linux 5.9, a patch that fixed IGMP reporting bug in a network bridge was backported to the bonding code from Red Hat Enterprise Linux 6. However, two other patches related to the problem were not included. This update backports these patches from Red Hat Enterprise Linux 6. Specifically, the first patch fixing a NULL pointer deference that could occur if the master bond was not a network bridge. The patch adds a testing condition which prevents the code from dereferencing a NULL pointer. The second patch introduces a hook that allows to identify which bridge port is used for the master bridge interface and modifies the bonding code to use new functions to determine whether the used bond is a network bridge.
- BZ#839839
- Under certain circumstances, a race between certain asynchronous operations, such as "silly rename" and "silly delete", and the invalidate_inodes() function could occur when unmounting an NFS file system. Due to this race, the system could become unresponsive, or a kernel oops or data corruption could occur if an inode was removed from the list of inodes while the invalidate_inodes() function performed an iteration on the inode. This update modifies the NFS code to wait until the asynchronous operations are finished before performing inode clean-up. The race condition no longer occurs and an NFS file system is unmounted as expected.
- BZ#839334
- Previously on system boot, devices with associated Reserved Memory Region Reporting (RMRR) information had lost their RMRR information after they were removed from the static identity (SI) domain. Consequently, a system unexpectedly terminated in an endless loop due to unexpected NMIs triggered by DMA errors. This problem was observed on HP ProLiant Generation 7 (G7) and 8 (Gen8) systems. This update prevents non-USB devices that have RMRR information associated with them from being placed into the SI domain during system boot. HP ProLiant G7 and Gen8 systems that contain devices with the RMRR information now boot as expected.
- BZ#831330
- Previously, GFS2 did not properly free directory hash table memory from cache when the directory was removed from cache. If the same GFS2 inode was later reused as another directory, the stale directory hash table was reused instead of reading the correct information from the media. If the GFS2 hash table was not reused, a small amount of memory was lost until the next reboot. If the hash table was reused, the directory could become corrupt. Later, GFS2 could discover the file system inconsistency and withdraw from the file system, making it unavailable until the system was rebooted. This update applies a patch to the kernel that frees the directory hash table correctly from cache and prevents this file system corruption.
- BZ#795550
- The qla2xxx driver creates optrom and optrom_ctl files in sysfs which are used by some tools such as the scli command line tool from QLogic. However, the functions which implement these pseudo-files have race conditions. It will crash the kernel when multiple tools using these files at the same time. Users can work around this issue by making sure only 1 such process is running at a given point of time.
- BZ#731531
- Switching the FPU context was not properly handled in certain environments, such as systems with multi-core AMD processors using the 32-bit kernel. When running multiple instances of the applications using the FPU frequently, data corruption could occur because processes could often be restored with the context of another instance. This update applies series of patches that modifies the kernel's FPU behavior: the "lazy" FPU context switch is temporarily disabled after 5 consecutive context switches using the FPU, and restored again after the context is switched 256 times. The aforementioned data corruption problem no longer occurs.
- BZ#595184
- Previously, if a target sent multiple local port logout (LOGO) events, the fc_rport_work() function in the Fibre Channel library module (libfc) tried to process all of them, irrespective of the status of processing prior to the LOGO events. Consequently, fc_rport_work() terminated unexpectedly with a stack trace. This update simplifies the remote port (rport) restart logic by making the decision to restart after deleting the transport rport. Now, all I/O operations run as expected and fc_rport_work() no longer crashes in the described scenario.
- BZ#918952
- Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected.
Enhancements
- BZ#796912
- The ALSA HDA audio driver has been updated to support Creative Recon3D audio cards.
- BZ#873514
- The "unregister_lro_netdev" and "register_lro_netdev" kABI symbols have been added to the kernel. These symbols allow Large Receive Offload (LRO) to be disabled by the kernel stack.
- BZ#918279
- The Red Hat Enterprise Linux 5.10 kernel includes a new panic_on_io_nmi option (configured using the /proc/sys/kernel/panic_on_io_nmi file), which allows the kernel to panic when a non-maskable interrupt (NMI) occurs that is caused by an I/O error.
- BZ#919633
- The cciss driver has been updated to the latest version, which adds support for ProLiant servers with the latest HP SAS Smart Array controllers.
Security Fixes
- CVE-2012-3511, Moderate
- This update fixes the following security issues:* A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges.
- CVE-2013-4162, Moderate
- A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service.
- CVE-2013-2141, Low
- An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
Bug Fixes
- BZ#983864
- A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected.
- BZ#999819
- A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx.
- BZ#1001488
- A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as "not in use". Consequently, automount attempted to unmount the tree and failed with a "failed to umount offset" error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs.
- BZ#1005239
- A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation.
Security Fixes
- CVE-2012-5515, Moderate
- It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user could use this flaw to trigger long loops, leading to a denial of service (Xen hypervisor hang).
- CVE-2012-1568, Low
- It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature.
- CVE-2012-4444, Low
- A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system.
Security Fixes
- CVE-2013-2206, Important
- This update fixes the following security issues:A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash.
- CVE-2013-2224, Important
- It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system.
- CVE-2013-2232, Moderate
- An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination.
- CVE-2013-2164, , Low, CVE-2013-2147, , Low, CVE-2013-2234, , Low, CVE-2013-2237, , Low
- Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space.
Security Fix
- CVE-2012-3400, Low
- Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges.
Bug Fixes
- BZ#884704
- Previously, race conditions could sometimes occur in interrupt handling on the Emulex BladeEngine 2 (BE2) controllers, causing the network adapter to become unresponsive. This update provides a series of patches for the be2net driver, which prevents the race from occurring. The network cards using BE2 chipsets no longer hang due to incorrectly handled interrupt events.
- BZ#902683
- A boot-time memory allocation pool (the DMI heap) is used to keep the list of Desktop Management Interface (DMI) devices during the system boot. Previously, the size of the DMI heap was only 2048 bytes on the AMD64 and Intel 64 architectures and the DMI heap space could become easily depleted on some systems, such as the IBM System x3500 M2. A subsequent OOM failure could, under certain circumstances, lead to a NULL pointer entry being stored in the DMI device list. Consequently, scanning of such a corrupted DMI device list resulted in a kernel panic. The boot-time memory allocation pool for the AMD64 and Intel 64 architectures has been enlarged to 4096 bytes and the routines responsible for populating the DMI device list have been modified to skip entries if their name string is NULL. The kernel no longer panics in this scenario.
- BZ#905829
- The size of the buffer used to print the kernel taint output on kernel panic was too small, which resulted in the kernel taint output not being printed completely sometimes. With this update, the size of the buffer has been adjusted and the kernel taint output is now displayed properly.
- BZ#885063
- The code to print the kernel taint output contained a typographical error. Consequently, the kernel taint output, which is displayed on kernel panic, could not provide taint error messages for unsupported hardware. This update fixes the typo and the kernel taint output is now displayed correctly.
Security Fixes
- CVE-2012-6544, , Low, CVE-2012-6545, , Low, CVE-2013-3222, , Low, CVE-2013-3224, , Low, CVE-2013-3231, , Low, CVE-2013-3235, , Low
- Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
- CVE-2013-0914, Low
- An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature.
- CVE-2013-1929, Low
- A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges.
Bug Fixes
- BZ#957606
- Previously on system boot, devices with associated Reserved Memory Region Reporting (RMRR) information had lost their RMRR information after they were removed from the static identity (SI) domain. Consequently, a system unexpectedly terminated in an endless loop due to unexpected NMIs triggered by DMA errors. This problem was observed on HP ProLiant Generation 7 (G7) and 8 (Gen8) systems. This update prevents non-USB devices that have RMRR information associated with them from being placed into the SI domain during system boot. HP ProLiant G7 and Gen8 systems that contain devices with the RMRR information now boot as expected.
- BZ#958021
- Previously, the kernel's futex wait code used timeouts that had granularity in milliseconds. Also, when passing these timeouts to system calls, the kernel converted the timeouts to "jiffies". Consequently, programs could time out inaccurately which could lead to significant latency problems in certain environments. This update modifies the futex wait code to use a high-resolution timer (hrtimer) so the timeout granularity is now in microseconds. Timeouts are no longer converted to "jiffies" when passed to system calls. Timeouts passed to programs are now accurate and the programs time out as expected.
- BZ#966878
- A recent change modified the size of the task_struct structure in the floating point unit (fpu) counter. However, on Intel Itanium systems, this change caused the kernel Application Binary Interface (kABI) to stop working properly when a previously compiled module was loaded, resulting in a kernel panic. With this update the change causing this bug has been reverted so the bug can no longer occur.
- BZ#971872
- The cxgb4 driver previously did not clear data structures used for firmware requests. Consequently, when initializing some Chelsio's Terminator 4 (T4) adapters, a probe request could fail because the request was incompatible with the adapter's firmware. This update modifies the cxgb4 driver to properly initialize firmware request structures before sending a request to the firmware and the problem no longer occurs.
Security Fix
- CVE-2013-0153, Moderate
- A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service.
Bug Fixes
- BZ#947736
- When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a "-ENOTDIR" error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected.
- BZ#952098
- Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally so this bug can no longer occur.
- BZ#953435
- When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur.
- BZ#954296
- Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive. With this update, safe list iteration is used, which prevents the NFSv4 client from hanging in this scenario.
Security Fixes
- CVE-2013-0216, Moderate
- A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system.
- CVE-2013-0231, Moderate
- A flaw was found in the Xen PCI device back-end driver implementation in the Linux kernel. A privileged guest user in a guest that has a PCI passthrough device could use this flaw to cause a denial of service that could potentially affect the entire system.
- CVE-2013-1826, Moderate
- A NULL pointer dereference flaw was found in the IP packet transformation framework (XFRM) implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause a denial of service.
- CVE-2012-6537, Low
- Information leak flaws were found in the XFRM implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use these flaws to leak kernel stack memory to user-space.
- CVE-2012-6542, Low
- An information leak flaw was found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space.
- CVE-2012-6546, Low
- Two information leak flaws were found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use these flaws to leak kernel stack memory to user-space.
- CVE-2012-6547, Low
- An information leak flaw was found in the TUN/TAP device driver in the Linux kernel's networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space.
Bug Fixes
- BZ#923353
- The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output.
- BZ#923910
- Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed from be_mcc_compl_is_new(), and the kernel panic no longer occurs in this scenario.
- BZ#924087
- Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected.
Security Fixes
- CVE-2013-0268, Important
- A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register.
- CVE-2013-0871, Important
- A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.
4.52. kexec-tools
Bug Fixes
- BZ#864011
- The vmcore file is generated in the /proc file system. Prior to this update, the kdump (kernel crash collection) service failed to copy vmcore to the desired encrypted target partition. As a consequence, kdump failed to mount rootfs and dropped to a shell. With this update, the user is now notified to not dump to encrypted disks.
- BZ#901620
- A previous version of kexec-tools introduced a regression whereby kdump called findmodule for the ext[234] dump target. As ext2 is built into Red Hat Enterprise Linux 5 kernel, mkdumprd failed with the following error message: "No module ext2 found for kernel 2.6.18-238.5.1.el5, aborting.". To fix this bug, ext2 has been removed from the findmodule list and mkdumprd no longer fails.
- BZ#919369
- Due to incorrect computing of MEMSZ (amount of physical memory allocated to a resource pool or virtual machine), kdump failed to start on Red Hat Enterprise Linux 5 Xen Domain-0 if it had less than 4G RAM. The kdump service also asked for the /boot/vmlinuz-2.6.18-348.el5PAE Physical Address Extension (PAE) location. The kdump kernel service has been set to be non-PAE for systems with less than 4G RAM, thus fixing the bug. As a result, kdump starts as expected.
- BZ#919962
- The makedumpfile(8) manual pages have now been added to the Red Hat Enterprise Linux 5 documentation.
Bug Fixes
- BZ#915359
- A previous version of kexec-tools introduced a regression whereby kdump called findmodule for the ext[234] dump target, but ext2 was built in the kernel. This caused the mkdumprd utility, which creates an initial RAM file system for use in conjunction with the booting of a kernel within the kdump framework for crash recovery, to fail with a "No module ext2 found" error message. This patch fixes this problem by removing ext2 from the findmodule list and these failures no longer occur.
4.53. krb5
Security Fix
- CVE-2002-2443
- It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU.
4.54. ksh
Bug Fixes
- BZ#892206
- Due to a bug in the ksh package, command substitutions containing the pipe ("|") character returned incorrect return codes. This bug has been fixed, and the pipe character can now be used inside command substitutions without complications.
- BZ#910923
- Previously, the ksh SIGTSTP signal handler could trigger another SIGTSTP signal. Consequently, ksh would enter an infinite loop. This updated version fixes the SIGTSTP signal processing and ksh now handles this signal without problems.
- BZ#912443
- In certain cases, ksh did not execute command substitution inside of "here" documents. Consequently, some content of a here document could be missing. With this update, the command substitution for here documents has been fixed. As a result, here documents include data from command substitutions as expected.
- BZ#921138
- Previously, when using arrays inside of ksh functions, memory leaks occurred. This bug has been fixed, and memory leaks no longer occur in the described scenario.
- BZ#958195
- Previously, ksh did not resize the file descriptor list every time it was necessary. Consequently, a memory corruption could occur when a large amount of file descriptors were used. With this update, ksh has been modified to resize the file descriptor list every time it is needed. As a result, memory corruption no longer occurs in the described scenario.
- BZ#972732
- Previously, ksh did not prevent modifications of variables of the read-only type. As a consequence, ksh terminated unexpectedly with a segmentation fault when such a variable had been modified. With this update, modification of read-only variables are not allowed, and ksh prints an error message in this scenario.
4.55. kvm
Security Fix
- CVE-2012-6075
- A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.
Security Fixes
- CVE-2013-1796
- A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level.
- CVE-2013-1797
- A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host.
- CVE-2013-1798
- A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory.
Bug Fix
- BZ#958359
- Previously, tb_invalidate_phys_page_range() incurred a segmentation fault because it walked through an invalid chain of translation blocks. Thus, page_find() returned an incorrect pointer, which was subsequently used by tb_invalidate_phys_page_range() to find the head of the translation block chain. This update corrects the chain of translation blocks and crashes no longer occur.
4.56. libtevent
Note
Bug Fix
- BZ#975488
- Prior to this update, a condition in the poll backend copied a 64-bit variable into an unsigned integer variable, which was smaller than 64-bit on 32-bit architectures. Using that unsigned integer variable in a condition rendered that condition to be always false. The variable has been fixed to be of uint64_t format guaranteeing its width to be 64 bits on all architectures. As a result, the condition now yields expected results.
4.57. libvirt
Bug Fix
- BZ#903600
- If an LVM volume group contains a striped LVM volume, the output of the "device" field separates the multiple device paths using the comma separator. Previously, the libvirt library also used the lvs command with the comma separator, which caused regular expressions in the libvirt code to parse the output of lvs incorrectly when used on a striped LVM volume. Consequently, creation of a logical storage pool in libvirt failed if the used LVM volume group contained the striped LVM volume. Also, libvirt did not have the correct mechanism to generate multiple device XML elements for the multiple device paths of striped LVM volume. With this update, libvirt has been modified to use lvs with the "#" separator; also, the library can now parse the multiple device paths of striped LVM volumes and generate relevant XML code. Users can now create logical storage pools with striped LVM volumes and generate appropriate XML code as expected.
4.58. libxml2
Bug Fixes
- BZ#915350
- Due to errors in the internal regular expression support, libxml2 sometimes failed when validating XMLs with certain XSD and Relax-NG files. Currently, the relaxng and xmlregexp codes are modified and libxml2 can now validate XMLs with those specific XSD and Relax-NG files.
- BZ#915837
- Previously, an internal routine xmlDOMWrapCloneNode would fail to preserve the namespace of an XML element being copied, which caused the namespace of the parameter node to be omitted from the copy. With this update, the problem no longer occurs.
Security Fix
- CVE-2013-0338
- A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption.
Bug Fix
- BZ#987321
- This update fixes a regression that was introduced by the RHBA-2013:0591 advisory. This regression added a flaw in the XML schema compilation process. This flaw caused libxml2 to fail to compile some XML schemas, indicating that they had a non-deterministic content model. The broken code is now fixed, so libxml2 can compile those schemas and validate XMLs as expected.
4.59. lmbench
Bug Fix
4.60. ltrace
Bug Fixes
- BZ#239057
- On a system with the Itanium architecture, a SIGILL signal was occasionally delivered as a valid signal that informed the ltrace utility about events in a traced binary. However, ltrace misinterpreted the SIGILL signal as a signal delivered to the traced binary. With this update, ltrace handles SIGILL as expected.
- BZ#526007
- When tracing a process with many threads, the traced process was often killed as the threads ran into breakpoints that could not be handled by the ltrace utility. With this update, ltrace attaches to the newly created threads and carefully handles the breakpoints so that tracing events are not missed. Note that when ltrace attached to a running process, that process could have been detached from with the instruction pointer pointed to mid-instruction, or with pending events, which would kill the process. This update improves the detach logic so that the process is left in a consistent state before detaching.
- BZ#639947
- Due to a bug in the logic of tracing processes, the ltrace utility missed tracing events in forked processes on PowerPC systems. The logic of tracing processes that fork or clone has been improved and ltrace now works as expected.
- BZ#754096
- On PowerPC systems, the "-e" option did not work correctly. Consequently, when the option was given with a symbol name that did not match any of the symbols in the traced binary, the ltrace utility terminated unexpectedly. This update provides a patch to fix this bug and ltrace no longer crashes in the described scenario.
- BZ#868281
- Previously, the ltrace utility did not support PIE (Position Independent Executables) binaries, which are linked similarly to shared libraries, and processes. Consequently, addresses found in images of those binaries needed additional adjustment for the actual address where the binary was loaded during the process startup. With this update, the support for PIE binaries and processes has been added and ltrace now handles the additional processing for the PIE binaries correctly.
- BZ#890961
- When copying internal structures after cloning a process, the ltrace utility did not copy a string containing a path to an executable properly. This behavior led to errors in heap management and could cause ltrace to terminate unexpectedly. The underlying source code has been modified and ltrace now copies memory when cloning traced processes correctly.
4.61. lvm2
Bug Fixes
- BZ#711890
- Previously, when the lvconvert command was used with the "--stripes" option, the required supplementary options, such as "--mirrors" or "--repair", were not enforced. Consequently, calling "lvconvert --stripes" without accompanying conversion instructions led to an incomplete conversion. With this update, a condition has been added to enforce the correct syntax. As a result, an error message is now displayed in the described scenario.
- BZ#749883
- A mirrored logical volume (LV) can itself have a mirrored log device. Previously, a simultaneous failure of both the mirrored leg and the mirror log was not handled correctly. Consequently, I/O errors occurred on the mirror LV. The described failure case is now handled correctly and I/O errors no longer occur.
- BZ#773312
- Due to a bug in the error condition, an attempt to up-convert an inactive mirror when there was insufficient allocatable extents led to the following error message:Unable to allocate extents for mirror(s). ABORTING: Failed to remove temporary mirror layer inactive_mimagetmp_3. Manual cleanup with vgcfgrestore and dmsetup may be required.The wording of this message was possibly misleading. The bug has been fixed, and a more accurate warning message is now displayed when not enough extents are available.
- BZ#830993
- Prior to this update, it was impossible to set the major and minor persistent numbers of a logical volume to a value outside of the range of 0-255 (8-bit). This limit has been changed, and the major number can now be set within the range of 0-4095 (12-bit), while the minor number within 0-1048575 (20-bit).
- BZ#863112
- Previously, the mpath filtering, which is enabled by the devices/multipath_component_detection=1 setting in the lvm.conf configuration file, did not check for partitions and failed when there were partitions on multipath components. Consequently, a message about duplicate physical volumes (PV) was issued as the LVM saw two PVs with the same UUID. With this update, mpath filtering has been modified to check for partitions properly and the aforementioned error no longer occurs.
- BZ#908097
- When there were missing physical volumes in a volume group (VG), most operations that alter the LVM meta data (such as the vgimport utility) were disallowed. Consequently, it was impossible to import and also to repair this VG. With this update, this behavior has been modified and it is now possible to use the "--force" option with vgimport to import VGs even with missing devices.
- BZ#913664
- Prior to this update, the lvconvert utility did not check for snapshot-merge support in the kernel before initializing the merge operation. After trying to merge a snapshot logical volume (LV) on a machine without this support, the origin LV failed to activate on the next boot. With this update, lvconvert has been modified not to start a snapshot-merge if there is no support for such operation in the kernel.
4.62. man-pages-overrides
Bug Fixes
- BZ#553440
- Various manual pages from the poppler package contained an incorrect path to the configuration file and references to non-existent man pages. The invalid paths to the configuration file have been fixed and incorrect references removed form the man pages.
- BZ#711765
- Previously, the runcon(1) manual page did not specify the exact position of the "--" special argument. The position of the argument is now specified.
- BZ#760101
- The pam_limits PAM module has an off-by-one bug in calculation of the RLMIT_NICE priority. If the nice limit is set to -1, the real value set in the kernel will be equivalent to nice value 0. The limits.conf(5) manual page now describes the problem and provides a workaround.
- BZ#896053
- The missing BUGS section has been added to the times(2) manual page and describes a known bug that can occur in a small time window soon after the boot.
- BZ#903550
- Previously, the "max_childs" parameter was not documented in the udevd(8) manual page. This update adds documentation of that parameter.
- BZ#949789
- Previously, the shmop(2) manual page did not list the EIDRM error code in the Error section. The error code is now included in the manual page.
4.63. mesa
Security Fix
- CVE-2013-1993
- It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
4.64. microcode_ctl
Enhancement
- BZ#915898
- The Intel CPU microcode file has been updated to version 20130808. This is the most recent version of the microcode available from Intel.
4.65. mkinitrd
Bug Fix
- BZ#963559
- Due to a bug in the libblkid library, the grubby utility could terminate unexpectedly with a segmentation fault when attempting to install multiple kernels in succession. This update uses the new version of libblkid and grubby now works as expected in the described scenario.
Bug Fix
- BZ#1009239
- After upgrading the nss package to version 3.14.3, systems with FIPS mode enabled did not boot, displaying the following message:Error initializing NSS.This was due to a missing library in the initrd image. This update adds the libsqlite3 library to the initrd image, and systems now boot correctly when FIPS mode is enabled.
4.66. module-init-tools
Bug Fix
- BZ#708458
- Updating kmod-kvm after a kernel update had been performed caused a broken symbolic link to the kvm.ko module due to the link pointing to the old kernel's kvm.ko module. Now, the new version of kmod-kvm is updated, and broken symbolic links no longer occur in the described scenario.
4.67. mysql
Security Fixes
- CVE-2012-5611
- A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon.
- CVE-2012-2749
- A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon.
- BZ#814605
- This update also adds a patch for a potential flaw in the MySQL password checking function, which could allow an attacker to log into any MySQL account without knowing the correct password. This problem (CVE-2012-2122) only affected MySQL packages that use a certain compiler and C library optimization. It did not affect the mysql packages in Red Hat Enterprise Linux 5. The patch is being added as a preventive measure to ensure this problem cannot get exposed in future revisions of the mysql packages.
4.68. nfs-utils
Bug Fixes
- BZ#726472
- Previously, during an NFS service start, users encountered the following rpc.idmapd message "dirscancb: open(/var/lib/nfs/rpc_pipefs/nfs/clnt6a): No such file or directory." This was because the daemon "rpc.idmapd" scanned the /var/lib/nfs/rpc_pipefs/nfs/ directory periodically looking for NFS client mounts to communicate to. The daemon tried to open communication with a client mount, but it disappeared in between looking for directory entries and opening them. NFS mount was umounted just before rpc.idmapd tried to communicate with it. This update requires Verbosity to be set to 1 or higher in order for the problem warning message to display. With the default Verbosity of 0, it is no longer logged, preventing it from clogging the logs with unhelpful messages.
- BZ#873307
- During system shutdown, the "umount" utility was called as part of a shutdown script, so the shutdown script failed to unmount the /var/ file system correctly. This was because the shutdown script searched for the /var/lock/subsys/nfs lock file, but could not find it because NFS service created the /var/lock/subsys/nfsd lock file. This update fixes the issue in the /etc/rc.d/rc script itself, so it tries to find nfsd and not the NFS lock file, and the shutdown script now successfully unmounts the file system.
- BZ#892236
- Previously, when the NFS service was started, messages that the RPC idmapd service was stopped and started were displayed. This occurred because in order to start NFS, the RPC idmapd service had to be restarted using the condrestart option (conditional restart), which starts RPC idmapd only if it is currently running. With this update, RPC idmapd messages are no longer displayed in the described scenario when the NFS service is started.
- BZ#947552
- Previously, the NFS version 3 of the MOUNT protocol was not fully supported. Therefore, the "showmount" utility did not work properly, and there were possible issues with the "umount" utility. Changes from the NFS version 2 protocol to the NFS version 3 protocol have required some adjustments to be made in the MOUNT protocol. To meet the needs of the NFS version 3 protocol, a new version of the MOUNT protocol has been defined. This new protocol satisfies the requirements of the NFS version 3 protocol, and addresses several other current market requirements. Thus, the "showmount" and "unmount" utilities now function as expected.
4.69. nss
Bug Fixes
- BZ#784676
- A lack-of-robustness flaw caused the administration server for Red Hat Directory Server to terminate unexpectedly because the mod_nss module made nss calls before initializing nss as per the documented API. With this update, nss protects itself against being called before it has been properly initialized by the caller.
- BZ#807419
- Previously, output of the certutil -H command, which is a list of options and arguments used by the certutil tool, did not describe the -F option. This information has been added and the -F option is now properly described in the output of certutil -H.
- BZ#855809
- Due to a bug in the FreeBL library, the Openswan application could generate a Key Exchange payload that was one byte shorter than what was required by the Diffie Hellman (DH) protocol. Consequently, Openswan dropped connections during such payloads. With this update, the DH key derivation function in FreeBL has been fixed and connections are no longer dropped by Openswan.
- BZ#975600
- Previously, the remote-viewer utility failed to utilize a plugged-in smart card reader when a Spice client was running. Eventually, the client could terminate unexpectedly. Now, remote-viewer recognizes the reader and offers authentication once the card is inserted, and the crashes no longer occur.
- BZ#987131
- With this update, NSS has incorporated various GCM code fixes applied upstream since nss-3.14.3 was released.
Enhancement
- BZ#960241
- With this update, NSS's own internal cryptographic module now supports the NIST Suite B set of recommended algorithms for Elliptic Curve Cryptography.
4.70. nss and nspr
Security Fixes
- CVE-2013-1620
- It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.
- CVE-2013-0791
- An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash.
Bug Fix
- BZ#958023
- A defect in the FreeBL library implementation of the Diffie-Hellman (DH) protocol previously caused Openswan to drop connections.
Bug Fix
- BZ#890605
- It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.
- BZ#893371, BZ#893372
- In addition, the nss package has been upgraded to upstream version 3.13.6, and the nspr package has been upgraded to upstream version 4.9.2. These updates provide a number of bug fixes and enhancements over the previous versions.
4.71. nss_ldap
Bug Fix
- BZ#905908
- Due to LDAP connectivity problems, the nss_ldap module returned error conditions but failed to clean them up. Consequently, nss_ldap started leaking file descriptors, namely sockets. A patch has been provided to address this bug and the socket leaks no longer occur in nss_ldap.
4.72. openmotif
Bug Fixes
- BZ#492529
- Attempting to use a keyboard accelerator such as Ctrl+S, failed to achieve the intended effect when the Caps Lock, Scroll Lock or NumLock keys were activated. This was caused by missing support for the X11R6 modifiers scheme. Support for the modifiers scheme has been implemented in this update so that keyboard accelerators can be used as expected even when modifiers, such as Caps Lock, Scroll Lock or NumLock, have been activated.
- BZ#557453
- Redisplaying a Label or the LabelGadget widget could have caused a
BadDrawable X
error and resulted in an invisible label. This update resolves the problem with unspecified pixmaps so that labels do not become invisible andBadDrawable
errors are not incurred. - BZ#568730
- Selecting an item in the MultiList widget resulted in that item becoming invisible due to the same color being used for both foreground and background colors. The same problem occurred with "insensitive" labels, buttons, icons and list entries. With this update, foreground and background colors in widgets have been differentiated so that the items do not become invisible during operation.
- BZ#634094
- Due to 32-bit time stamp problems, attempting to copy and paste on 64-bit architecture using the clipboard may have failed occasionally. With this update, the underlying source code has been modified to ensure the time stamp always contains a "CARD32" value, so that copy and paste on 64-bit architectures works as expected.
- BZ#638553
- Previously, a check that would limit removing a callback to valid windows while the focus is reset was missing in the code. Consequently, destroying a torn-off menu with a submenu mapped caused the application to terminate unexpectedly. With this update, the underlying source code has been modified to ensure that the focus is reset for valid windows only and destroying a torn-off menu with a submenu mapped now works as expected.
- BZ#772937
- The RHBA:2011-1451 advisory introduced a regression by specifying the
XmI.h
header file in the include directive of multiple files. However, if the file was not installed, compiling applications that used the Label and LabelGadget widgets failed with the following message:/usr/include/Xm/LabelGP.h:48:17: error: XmI.h: No such file or directory
With this update, the include directive containing "XmI.h" has been removed. Applications using the Label and LabelGadget widgets can now be compiled as expected. - BZ#818655
- Previously, OpenMotif did not detect certain keystrokes, such as Home, Insert, Del, PgUp, PgDn on the keypad if the NumLock key was not engaged. This was caused by Motif overriding the existing keycode-to-keysym routine for its own virtual keysyms. As a result, the
XmTranslateKey()
function substituted the shifted keysym when it should not have. After this update, disengaging the NumLock key does not affect the detection of the aforementioned keystrokes. - BZ#864409
- Previously, using the XmList widget in Openmotif to view log output from an application was obstructed by a very slow performance. This was due to the
XmListSetPos()
function, which is used to scroll to the end of the list, being too slow. With this update, a patch has been provided to fix the code and the performance problem has been resolved. - BZ#867792
- Before this update, OpenMotif was missing certain strings on the Label Widget. This update adds the missing strings which are now displayed on the Label Widget.
- BZ#880914
- Previously, OpenMotif displayed its frame too large in size. After updating and counting children on the form, OpenMotif updated and repainted the form but it took extra space after replacing the children. With this update, the frame takes up only the required space.
- BZ#980577
- Previously, the size set in the
GeometryManager()
function based on the XmFormConstraint "preferred_width" field was not updated when the label was changed and still contained the previous label length. Consequently, if the label text was modified while the window was smaller than the actual label width, the resulting size was incorrectly computed and the label text truncated. With this update the values are updated and the fault no longer occurs in the scenario described.
4.73. openscap
Note
4.74. openssl
Security Fixes
- CVE-2013-0169
- It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.
- CVE-2013-0166
- A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response.
- CVE-2012-4929
- It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text.
Bug Fix
- BZ#839735
- It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735)
4.75. openswan
Security Fix
- CVE-2013-2053
- A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled ("oe=yes" in "/etc/ipsec.conf") and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records (such as by sending an email that triggers a DKIM or SPF DNS record lookup) could cause Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary code with root privileges. With "oe=yes" but no RSA key configured, the issue can only be triggered by attackers on the local network who can control the reverse DNS entry of the target system. Opportunistic Encryption is disabled by default.
4.76. Oracle Java SE 6
- OpenJDK 6, which is available and supported in Red Hat Enterprise Linux 5 and 6.
- IBM's Java SE 6, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels through September 2017.
- OpenJDK 7, which is available and supported in Red Hat Enterprise Linux 5 and 6.
- IBM's Java SE 7, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels.
- Oracle Java SE 7, which is available today on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels.
- OpenJDK 6, which is available and supported in Red Hat Enterprise Linux 5 and 6.
- IBM's Java SE 6, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels through September 2017.
- OpenJDK 7, which is available and supported in Red Hat Enterprise Linux 5 and 6.
- IBM's Java SE 7, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels.
- Oracle Java SE 7, which is available today on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels.
4.77. pcre
Bug Fixes
- BZ#669413
- A previous update enabled Unicode properties to support \p{..}, \P{..}, and \X escape sequences. However, compiling certain regular expressions which contained extended classes under a non-UTF-8 PCRE mode failed due to the compilation entering an infinite loop. This has been fixed in this update so that compiling such regular expressions completes as expected.
- BZ#859959
- Using the pcregrep tool with -M (mutli-line match) and -v (inverse match) options caused the pcregrep tool to loop infinitely. With this update, the pcregrep multi-line loop logic has been fixed to advance in the input stream properly if inverted matching is requested, and it is now possible to use the "pcregrep -Mv" command.
- BZ#866520
- Previously, matching a regular expression with Unicode properties in a non-UTF-8 mode against a string with non-ASCII characters, caused an unexpected termination with a segmentation fault in the PCRE library. This update fixes back-tracking in non-UTF-8 mode, and the PCRE library no longer crashes in the aforementioned scenario.
4.78. perl
Security Fixes
- CVE-2012-5195
- A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
- CVE-2013-1667
- A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.
- CVE-2012-5526
- It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items.
- CVE-2012-6329
- It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates.
Bug Fixes
- BZ#800340
- Previously, calling the POSIX::strftime() function resulted in a string longer than 64 bytes and, consequently, to a memory leak. This led to memory loss. With this update, memory allocation in the POSIX::strftime() function implementation has been changed to reallocate memory, which prevents memory loss from occurring.
- BZ#848156
- Previously, certain modules using Perl scripts, which use the overload() function in a specific way, were impacted by a performance regression. Consequently, users could observe slower operation of such scripts after an upgrade of the perl packages. A patch has been applied to prevent this bug.
4.79. php
Security Fix
- CVE-2013-4113
- A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter.
4.80. php53
Security Fixes
- CVE-2006-7243
- It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
- CVE-2011-1398
- It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks.
- CVE-2013-4248
- A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.
- CVE-2012-2688
- An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code.
- CVE-2012-0831
- It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks.
- CVE-2013-1643
- It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension.
Bug Fixes
- BZ#864954
- A PHP script that is using the Open Database Connectivity (ODBC) interfaces could enter a deadlock if the maximum execution time period expires while it is executing an SQL statement. This occurs because the execution timer uses a signal and the invoked ODBC functions are not reentrant. This update modifies the underlying code so the deadlock is less likely to occur.
- BZ#869691
- Previously, the
setDate()
,setISODate()
andsetTime()
functions did not work correctly when the correspondingDateTime
object was created from the timestamp. This bug has been fixed and the aforementioned functions now work properly. - BZ#869693
- Previously, a segmentation fault occurred when PDOStatement was reused after failing due to the NOT NULL integrity constraint. This occurred when the pdo_mysql driver was in use. With this update, a patch has been introduced to fix this issue.
- BZ#869694
- Previously, the
strcpy()
function, called by theextract_sql_error_rec()
function in the unixODBC API, overwrote a guard variable in thepdo_odbc_error()
function. Consequently, a buffer overflow occurred. This bug has been fixed and the buffer overflow no longer occurs. - BZ#869697
- Previously, the Fileinfo extension did not use the
stat
interface from the stream wrapper. Consequently, when used with a stream object, the Fileinfo extension failed with the following message:file not found
With this update, the Fileinfo extension has been fixed to use the stream wrapper's stat interface. Note that only thefile
andphar
stream wrappers support the stat interface in PHP 5.3.3. - BZ#892695
- Under certain circumstances, the
$this
object became corrupted, and behaved as a non-object. A test with theis_object()
function remained positive, but any attempt to access a member variable of$this
resulted in the following warning:Notice: Trying to get property of non-object
This behavior was caused by a bug in the Zend garbage collector. With this update, a patch has been introduced to fix garbage collection. As a result,$this
no longer becomes corrupted. - BZ#951075
- In certain cases, PHP incorrectly triggered the user
error_handler()
function. As a consequence, while evaluating this function, a segmentation fault occurred. With this update,error_handler()
is triggered correctly. As a result, the segmentation fault no longer occurs. - BZ#951076
- Previously, when the
destroy_zend_class()
terminated unexpectedly, a double free error occurred. With this update, the underlying source code has been modified to prevent the double free error. - BZ#951413
- Previously, when the
copy()
function terminated unexpectedly, the resulting error was not reported. Consequently, data loss could occur. This bug has been fixed, and failedcopy()
is now acknowledged properly, which reduces the risk of data loss.
Enhancement
- BZ#837044
- With this update, a php(language) virtual provide for specifying the PHP language version has been added to the php package.
Security Fix
- CVE-2013-4113
- A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter.
4.81. pidgin
Security Fixes
- CVE-2013-0272
- A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request.
- CVE-2013-0273
- A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.
- CVE-2013-0274
- A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially-crafted UPnP response that, when processed, would crash Pidgin.
4.82. piranha
Bug Fix
- BZ#911287
- Previously, the pulse daemon did not correctly detect when the lvsd daemon had been terminated. As a result, the pulse daemon did not trigger a failover. With this update, the pulse daemon correctly detects when lvsd has been terminated and, if a backup director is configured and active, will result in a failover.
4.83. policycoreutils
Bug Fixes
- BZ#949061
- Due to unsupported locale, the semanage commands failed with the following traceback error message during the "add" and "delete" operations:locale.Error: unsupported locale settingThis update corrects the code, and the semanage utility no longer fails in the described scenario.
- BZ#723950
- Due to missing support for the ext4 file system, the fixfiles utility did not work on such file systems. This update adds the support for ext4 and fixfiles now works properly in the described scenario.
- BZ#805022
- Prior to this update, the genhomedircon script created duplicate SELinux context template entries in the /etc/selinux/targeted/contexts/files/file_contexts.homedirs file, when /export/home/ was defined as the default home directory location for new users and /export/home/ existed on the file system. Consequently, error messages were returned to the /var/log/messages file. A patch has been provided to fix this bug and only one set of SELinux context template entries is now maintained in the /etc/selinux/targeted/contexts/files/file_contexts.homedirs file.
- BZ#623708
- Previously, the utmp utility never triggered a change on the first user who logged in to the system. Consequently, the restorecond daemon sometimes failed to update context on files when only one user was logged in. A patch has been provided to fix utmp and restorecond now works as expected in the described scenario.
Bug Fix
- BZ#953167
- Previously, semanage commands failed with the following traceback error message during add and delete operations:locale.Error: unsupported locale settingThis was due to an error in the source code of the semanage command. This update corrects the code, and semanage commands no longer fail in the described scenario.
4.84. poppler
Bug Fixes
- BZ#990096
- The addition of support for AES-encoded PDF documents introduced the when exporting a password-protected PDF to Postscript using poppler, images were exported in their encoded form, making the resulting Postscript file unusable. This also affected printing of such PDFs as the same bug affected the printing logic. With this update, images in a password-protected PDF are properly decoded before the PDF is exported to Postscript, and printing of such PDFs no longer fails.
- BZ#990097
- Due to missing initialization of certain variables, previous versions of poppler functioned incorrectly when processing values of these uninitialized variables. With this update, the underlying source code has been modified to address this issue.
4.85. procps
Bug Fixes
- BZ#785169
- In some cases, for example, with VMware ESX guests and C-states/CPU switched off, the sum of idle and non-idle ticks returned by the kernel might have been zero. Consequently, this could have caused arithmetic exceptions. With this update, the zero sum is evaluated as if there were idle cycles, and the arithmetic exceptions no longer appear.
- BZ#869140
- Previously, there was a misleading description of the SWAP field in the "top" tool. The Red Hat Enterprise Linux version 5 kernel does not export the VmSwap field in the /proc/#PID/status file, and therefore it was not possible to get the size of the swapped out portion of the task's address space. In the case of Red Hat Enterprise Linux 5, the SWAP field displayed by the "top" tool represented the non-resident portion of the task's address space instead. With this update, the SWAP description has been changed from "Swapped size" to "Non-resident size."
4.86. python-rhsm
Note
Bug Fixes
- BZ#966936
- Previously, the subscription-manager package depended on a version of the python-rhsm package that was not included in the previous version of Red Hat Enterprise Linux 5. As a consequence, the installation terminated with the following error:Error: No module named rhsm.configWith this release, the python-rhsm package has been added to Red Hat Enterprise Linux 5 and dependencies are resolved successfully when installing the subscription-manager package.
- BZ#988476
- Previously, the user was allowed to set and remove parameters in all three sections of the rhsm.conf file even though the parameters are only used in one section. This confused the user and hindered them from setting the right parameters. This update removes the unnecessary configuration in the subscription-manager configuration module.
4.87. rdesktop
Bug Fix
- BZ#642554
- Prior to this update, the rdesktop client did not handle Windows Server 2008 licenses correctly. As a consequence, rdesktop was not able to connect to Terminal Services on the second connection with the following error message:"disconnect: Internal licensing error"This update modifies the underlying code to handle the Windows Server 2008 licenses properly, and rdesktop now connects to Terminal Services as expected.
4.88. redhat-release
4.89. redhat-release-notes
4.90. rgmanager
Bug Fixes
- BZ#865462
- Previous attempts to use an IPv6 address in the cluster configuration with upper case letters returned an error message. Consequently, this caused attempts to start a cluster service in this manner to fail. With this update, the IP address is set independently of upper or lower case letters, and attempts to start the service with both cases functions as expected.
- BZ#869705
- Previously, SAP instances started by the SAPInstance cluster resource agent inherited limits on system resources, for example, the maximum number of open file descriptors for a root user. Those limits could not be applied by PAM due to the way that SAP processes were started by the cluster. With this update, SAPInstance resource agent takes limits configured in the /usr/sap/sapservices/ directory into account. If no limits are specified in the /usr/sap/sapservices/ directory, then safe default limits are applied.
- BZ#879029
- When a service was configured with a recoverable resource, such as nfsclient, a failure of that client correctly triggered the recovery function. However, even if the recovery was successful, rgmanager still stopped and recovered the service. This was caused because the do_status function recorded the rn_last_status function after the first failure, then ran recovery but did not record the new rn_last_status function. This update sets the rn_last_status function to 0 after the resource is recovered. Thus, rgmanager recovers the resource, and leaves the service running afterwards.
- BZ#883860
- Previously, certain man pages from the rgmanager packages had executable flags set and were installed with mode 0755, which was incorrect. Currently, the man pages are correctly installed with mode 0644, which corrects this issue.
- BZ#889098
- When the /etc/cluster/cluster.conf file was modified and distributed to the other nodes using the ccs_tool update, the file was changed on all the nodes, but the change was not applied in the cluster. This happened because a bug in the code caused a new configuration event to be queued when a configuration change was detected while processing configuration event, which caused even more events to be queued, possibly infinitely. Also, under certain circumstances, rgmanager issued a call to get cluster information without proper initialization of internal structures. With this update, the aforementioned problems has been fixed. Each configuration update event is queued only once and configuration changes are now applied in the cluster as expected.
- BZ#907898
- Due to an incorrect SELinux context in the /var/lib/nfs/statd/sm/ directory, the rpc.statd daemon was unable to start. This problem only happened if the cluster included NFS mounts, and therefore the /var/lib/nfs/statd/sm/ directory contained files. This update passes the "-Rdpf" instead of "-af" flags to the "cp" command when copying files to the /var/lib/nfs/statd/sm/ directory, so that the SELinux context is inherited from the target directory, and not preserved from the files being copied.
- BZ#909459
- Previously, in central processing mode, rgmanager did not handle certain inter-service dependencies correctly. If a service was dependent on another service that ran on the same cluster node, the dependent service became unresponsive during the service failover and remained in the recovering state. With this update, rgmanager has been modified to check a service state during failover and stop the service if it is dependent on the service that is failing over. Resource Group Manager then attempts to start this dependent service on other nodes.
- BZ#962376
- When using High Availability Logical Volume Management agents (HA-LVM), failure of some of the physical volumes (PV) in the volume group (VG) resulted in the agent calling "vgreduce --removemissing --force [vg]", thus removing the missing PVs and any logical volumes (LV) that were on it. While this was helpful in the case of recovering from the loss of a mirror leg, when only using linear LVs, it is problematic, especially if another node is having no trouble accessing the storage. This update adds the "--mirrorsonly" option to the "vgreduce --removemissing" calls in the LVM agents, and HA-LVM only removes missing PVs on stop when they belong to mirrors.
- BZ#968322
- A general protection fault in the malloc_consolidate function caused rgmanager to terminate unexpectedly with a segmentation fault during a status check. This update fixes some instances where a very unlikely NULL pointer dereference could occur, and rgmanager no longer crashes in this situation.
Enhancements
- BZ#670024
- Previous versions of the Oracle Resource Agent were only tested against Oracle 10. With this update, support for the Oracle Database 11g has been added to the oracledb, orainstance, and oralistener resource agents.
- BZ#841142
- This update fixes a non-critical typing error in the ASEHAagent.sh resource agent.
Bug Fix
- BZ#912625
- Previously, in central processing mode, rgmanager did not handle certain inter-service dependencies correctly. If a service was dependent on another service that ran on the same cluster node, the dependent service became unresponsive during the service failover and remained in the recovering state. With this update, rgmanager has been modified to check a service state during failover and stop the service if it is dependent on the service that is failing over. Resource Group Manager then attempts to start this dependent service on other nodes.
Bug Fix
- BZ#967456
- Previously, the NFS resource agents preserved SELinux context when copying files to the /var/lib/nfs/sm/ directory. As a result, files that were copied did not inherit the SELinux context of /var/lib/nfs/sm/, causing AVC denial messages to be returned. These messages prevented proper operation of the resource agents. This bug has been fixed and the NFS resource agents no longer preserve the SELinux context of files copied to /var/lib/nfs/sm/.
Enhancement
- BZ#964991
- With this update, support for Oracle Database 11g has been added to the oracledb, orainstance, and oralistener resource agents.
Bug Fix
- BZ#1004482
- Previously, if a device failed in a non-redundant (i.e. not mirror or RAID) logical volume that was controlled by HA-LVM, the entire logical volume could be automatically deleted from the volume group. Now, if a non-redundant logical volume suffers a device failure, HA-LVM fails to start the service rather than forcing the removal of failed PVs from the volume group, thus fixing the bug.
Bug Fix
- BZ#1009245
- Previously, the cluster services file system failed over from one node to another if the /tmp directory filled up. A patch has been provided to fix this bug and cluster services no longer fail over.
4.91. rhn-client-tools
Bug Fixes
- BZ#873531
- When registering a system using certain locales (for example, Simplified Chinese or Japanese), and the user entered an invalid username and password, the firstboot application displayed an error message. However, missing line breaks caused the dialog box to become too large. This update adds line breaks in the error message, so that the dialog box is of reasonable size.
- BZ#882933
- Previously, when using the rhn_register tool in text user interface (TUI) mode, an invalid link was displayed on the "Setting up software updates" page. The link has been corrected and now points to the correct location.
- BZ#886342
- Previously, if the server's SSL certificate validation failed, attempting to register the system to RHN Classic failed with a traceback. With this update, a more useful error message is displayed instead of the traceback in the described scenario.
- BZ#949645
- Red Hat Network (RHN) Proxy did not work properly if separated from a parent by a slow network. Consequently, users who attempted to download larger repodata files and RPM packages experienced timeouts. This update changes both RHN Proxy and Red Hat Enterprise Linux RHN Client to allow all communications to honor a configured timeout value for connections.
Enhancement
- BZ#949617
- This update adds a function to get the number of physical CPU sockets in a managed system from Red Hat Network Satellite, the systems-management platform, via an API call.
4.92. rhnlib
Bug Fix
- BZ#951590
- Red Hat Network (RHN) Proxy did not work properly if separated from a parent by a slow network. Consequently, users who attempted to download larger repodata files and RPM packages experienced timeouts. This update changes both RHN Proxy and Red Hat Enterprise Linux RHN Client to allow all communications to honor a configured timeout value for connections.
4.93. rpm
Bug Fixes
- BZ#648516
- Previously, the package size was recorded incorrectly for packages built on big-endian platforms (PowerPC or IBM S/390), which would show up in Anaconda as packages having zero bytes. With this update, package sizes are correctly recorded on all platforms, but older packages built with the flawed versions of RPM still show incorrect sizes.
- BZ#671194
- Previously, when multiple packages failed to update correctly, the failed packages could get removed from the system entirely. With this update, the rpm and yum utilities can handle multiple failures during updates without unexpected package removals.
- BZ#706935
- Previously, attempts to install packages with a large number of files (approximately 80,000 or more), could have caused RPM to terminate unexpectedly with a segmentation fault due to the RPM header exceeding its upper limit. This update increases the header limit so RPM is able to handle larger package installs, and crashes no longer occur in the described scenario.
- BZ#716853
- A new size check recently added to rpmbuild caused rpmbuild to display an error message and exit if the contents of the RPM file exceeded 2GB in size. This size check was performed prior to the elimination of duplicate files, however, in some cases it was possible for rpmbuild to exit with a ">2GB" warning even if the contents of the RPM file were actually smaller than 2GB. With this update, the size check for rpmbuild is expanded, and it is possible to build RPM files larger than 2GB.
Bug Fix
- BZ#906019
- Previously, when updating packages with the rpm or yum utilities, users experienced multiple failures and the failed packages were removed from the system entirely. With this update, the rpm and yum utilities can handle multiple failures during updates without unexpected package removals.
4.94. ruby
Security Fix
- CVE-2013-4073
- A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts.
Security Fix
- CVE-2013-1821
- It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory.
4.95. s390utils
Bug Fixes
- BZ#783162
- Prior to this update, in some cases, Initial Program Load (IPL) did not work after calling the
zipl
boot loader. Consequently, incorrect bootmap could be used during initialization and an incorrect kernel could be loaded. This update adds the fsync() function, which ensures that all correct and necessary data is written to disk. - BZ#787685
- Previously, the
qethconf
tool for configuring network interfaces worked in the case-sensitive manner. Consequently,qethconf
was searching for non-existent match of IPv6 addresses when these were written in capital letters. With this update,qethconf
handles IPv6 addresses as expected and IPv6 searches are now case-insensitive. - BZ#809462
- Due to an incomplete monitor record header for the stop record, unused monitor records of stopped processes were not halted correctly and continued to show up in the z/VM hypervisor monitor stream. The header data has been completed, thus preventing the stoppage of unused records.
- BZ#820262
- Prior to this update, the buffer used for writing error messages was too small. As a consequence, when trying to write changes to a read-only device using the
fdasd
program, the buffer overflew. This update addsfprintf()
function, which writes directly to thestderr
stream without the buffer. As a result, buffer overflows no longer occur. - BZ#820263
- Previously, the lsdasd(8) manual page did not contain the
-b
option. In adddition, thelsdasd
command returned "1" instead of "0" output, when the-h
option was specified. The missing-b
option has been added to the manual page and the outputs for the-h
option have been correctly specified, thus fixing the bug. - BZ#857816
- When the
zipl
boot loader was run on the Direct Access Storage Device with the Fixed Block Access format (FBA DASD), previously initialized Physical Volume (PV) on the partition could no longer be recognized by LVM. With this update, the cache for the disk and partition block devices is flushed before installing theIPL record
, thus fixing the bug. - BZ#837305
- Previously, a Small Computer System Interface (SCSI) device was not available immediately after registration. As a consequence, the
lsluns
script failed to recognize the LUN0 and WLUN attachment with the following error message:Cannot attach WLUN / LUN0 for scanning
To fix this bug, multiple checks for SCSI registration with the LUN0 and WLUN attached via theunit_add
option have been added and SCSI mid layer now successfully completes the SCSI device registration. - BZ#906837
- The
ziorep_config
configuration report is supposed to ignore SCSI disks that are not part of themultipath
device mapper when creating themultipath
mapper report. Previously ,ziorep_config
failed to correctly ignore SCSI disks which causedget_line()
function to returnn/a
output if asysfs
attribute did not exist. This output is stored in themp_dev_mm
hash key so its value could not be used in a check for being undefined. With this update, themp_dev
hash field remains undefined, if nomultipath
device is found, thus fixing the bug. - BZ#828128
- Previously, the
lsluns
script checked for sg kernel subsystem functionality before scanning available LUNs or showing attached LUNs. Consequently,lsluns
failed to list available LUNs and to show attached LUNs with the-a
option. Early kernel subsystem availability check has been removed to fix this bug. - BZ#851096
- Previously, the
/etc/profile.d/s390.sh
script contained incorrect equation syntax. As a consequence, when thezsh
shell on s390x architecture was started, the following error message appeared:/etc/profile.d/s390.sh:4: = not found
The script has been fixed and no error messages are now returned.
4.96. samba3x
Security Fixes
- CVE-2013-0213
- It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session.
- CVE-2013-0214
- A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.
- CVE-2013-4124
- An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory.
Note
This issue does not affect the default configuration of samba server.
Bug Fixes
- BZ#862872
- When a domain controller (DC) was rebuilding the System Volume (Sysvol) directory, it disabled the Net Logon service. Even if another working DC was available, users were not able to log in until the rebuilding was finished and, as a consequence, error messages were returned. With this update, when an attempt to open the Net Logon connection fails two times, users are able to log in using another DC without any errors.
- BZ#869295
- Previously, when the
Windbind
daemon (windbindd
) authenticated Active Directory (AD) users, it used 100% of the CPU and stopped the user authentication. This update provides a patch to fix this bug andwindbindd
now works as expected. - BZ#883861
- When the
Windbind
daemon (windbindd
) was not able to establish a Server Message Block (SMB) connection to a domain controller (DC), it retried three times in a row, waited for some time and tried to connect again. Because the socket thatwindbindd
had opened to connect to DC was not closed,windbindd
leaked three sockets each time it tried to establish the connection, which led to depletion of the available sockets. With this update, a patch has been provided to fix this bug and the sockets are now closed correctly so thatwindbindd
no longer leaks sockets in the described scenario. - BZ#905071
- Previously, guest users did not have the correct token allowing write operations on a writable guest share. Consequently, such users were not able to create or write to any files within the share. With this update, a patch has been provided to fix this bug and the guest users are able to write to or create any files within the writable share as expected.
Note
Theshare
parameter is obsolete and the security mode should be set touser
. - BZ#917564
- The Samba service contains the user name mapping optimization that stores an unsuccessful mapping so that it is not necessary to traverse the whole mapping file every time. Due to a bug in the optimization, the user name mapping worked only once and then it was overwritten with the unsuccessful one. This update provides a patch to fix this bug and the successful user name mapping is no longer overwritten in the described scenario.
- BZ#947999
- Due to a bug in the authentication code that forwarded the NTLMv2 authentication challenge to the primary domain controller (PDC), an incorrect domain name was sent from a client. Consequently, the user was not able to log in, because when the domain name was hashed in the second NTLMv2 authentication challenge, the server could not verify the validity of the hash and the access was rejected. With this update, the correct domain name is set by the client to the PDC and the user is able to log in as expected.
- BZ#982484
- An attempt to execute the wkssvc_NetWkstaEnumUsers RPC command without a pointer to the resume handle caused the
smbd
daemon to terminate with a segmentation fault. Consequently, the client was disconnected. With this update, the underlying source code has been adapted to verify that the pointer is valid before attempting to dereference it. As a result,smbd
no longer crashes in this situation.
4.97. scl-utils
Bug Fixes
- BZ#949994
- Previously, detection of Software Collections that were specified to be enabled was done in a wrong place in the code. Thus, when attempting to enable multiple Software Collections with a single command, scl-utils enabled only the first given Collection. The updated package scans all the arguments, and all specified Software Collections are now enabled.
- BZ#955668
- When starting an inspection of the already-enabled Collections, a wrong variable was taken as source of information. Consequently, when running a shell in the scl_enabled environment, users could successfully enable the already-enabled Collection. This could lead to destruction of some parts of the original environment. This update accepts the correct variable as a source of information concerning the already-enabled collections, and the collections are no longer enabled multiple times.
- BZ#957176
- Previously, the python27 packages required a specific byte compiler. Consequently, the build of python27 using the wrong byte compiler collection failed. With this update, the python27 packages can be compiled successfully using a new functionality to override various rpm macros.
- BZ#957752
- If the PATH variable was not set as expected by scl-utils, executing the "scl enable" command led to a "command not found" error message. This was caused by the scl utility calling the scl_enabled command without the absolute PATH and relying on the PATH set by the user. With this update, scl-utils calls the scl_enabled helper script with the absolute PATH, and the aforementioned error messages no longer occur.
- BZ#957765
- Prior to this update, the ori_cmd variable was freed at the moment of displaying. Consequently, the scl utility could have failed with a segmentation fault. The fix has been provided for a double free or corruption error when reading commands from the standard input, and thus scl no longer fails.
- BZ#964056
- While enabling Software Collections, scl did not respect results of a test and always enabled Collections regardless of whether the respective Collection was already enabled or not. As a consequence, a Collection was enabled multiple times if the Collection was specified more than once in the command, which could result in undetermined behavior. This update runs the enable scriptlet only if the Collection has not been enabled before, and any attempts to enable a collection multiple times in one environment are now ignored.
4.98. selinux-policy
Bug Fixes
- BZ#746979
- When the SSH daemon (
sshd
) was configured using thergmanager
utility as a service for clustering,sshd
incorrectly ran in thergmanager_t
SELinux domain instead of thesshd_t
SELinux domain. With this update, the relevant SELinux policy has been fixed andsshd
runs insshd_t
as expected in the described scenario. - BZ#838702
- With the SELinux strict policy enabled, when the user executed a locally developed application configured to use the
atd
daemon, the daemon ran in an incorrect SELinux domain due to the missing SELinux policy rules. Consequently, the following error message was logged in the/var/log/message
file:Not allowed to set exec context
With this update, the appropriate SELinux policy rules have been added so thatatd
runs in the correct domain and the error message is no longer returned. - BZ#906279
- When SELinux was running in enforcing mode, it incorrectly prevented processes labeled with the
pptp_t
SELinux security context from accessing files labeled with theproc_net_t
SELinux security context. This update fixes the relevant SELinux policy andpptp_t
processes can access files with theproc_net_t
context as expected. - BZ#921671
- Previously, some patterns in the
/etc/selinux/targeted/contexts/files/file_contexts
file contained typographical errors. Some patterns matched the 32-bit path but the same pattern for the 64-bit path was missing. Consequently, different security contexts were assigned to these paths. With this update, the relevant file context specifications have been corrected so that there are no more differences between these paths. - BZ#923428, BZ#926028
- Due to the incorrect SELinux policy rules for the
httpd_use_fusefs
andallow_ftpd_use_fusefs
Booleans, thehttpd
andftpd
daemons were not able to access link files on a FUSE (Filesystem in Userspace) file system when SELinux was running in enforcing mode. The appropriate SELinux policy rules have been fixed andhttpd
andftpd
are now able to access link files on the FUSE file systems as expected. - BZ#953874
- When SELinux was running in enforcing mode, an attempt to fetch a file using the Squid proxy caching server along with Kerberos authentication caused AVC denials to be returned. The relevant SELinux policy has been changed to allow Squid to connect to the tcp/133 port and the AVC denials are no longer returned in the described scenario.
- BZ#958759, BZ#984583
- Previously, the
mysqld_safe
script was unable to execute the Bourne shell (/bin/sh) with theshell_exec_t
SELinux security context. Consequently, the mysql55 and mariadb55 Software Collection packages were not working correctly. With this update, SELinux policy rules have been updated and these packages now work as expected. - BZ#959171
- When a Network Information Service (NIS) master with two NIS slaves was configured, executing the
yppasswdd --port 836
command proceeded up until it started rebuilding thepasswd.byname
andpasswd.byuid
databases. The databases were rebuilt successfully but they were not pushed to the NIS slaves due to missing SELinux policy rules. With this update, the relevant SELinux rule has been added to fix this bug and theyppasswdd --port 836
command works as expected. - BZ#966929
- Due to an incorrect SELinux policy, the
openvpn
service was not able to write or read the/var/log/openvpn
file. Consequently, an attempt to startopenvpn
failed and AVC messages were logged to the/var/log/audit/audit.log
file. With this update, the appropriate SELinux policy has been fixed so that the AVC messages are no longer returned andopenvpn
works as expected in the described scenario. - BZ#970707
- When the
php-cgi
command-line interface was called by thehttpd
server, SELinux running in enforcing mode prevented access to the/usr/share/snmp/mibs/.index
file. Consequently, the PHP SNMP (Simple Network Management Protocol) extension did not work correctly due to the missing Management Information Bases (MIBs). With this update, the relevant SELinux policy has been modified and SELinux no longer prevents access to MIBs in the described scenario. - BZ#978864
- Previously, the
snmpd_t
SELinux domain was missing thechown
capability. Consequently, theagentXperms
directive in thesnmpd.conf
file did not work. This update provides an updated SELinux policy rule that allows processes running in thesnmpd_t
SELinux domain to use thechown
capability, thus fixing this bug.
4.99. sos
Security Fix
- CVE-2012-2664
- The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.
Bug Fixes
- BZ#782218
- When the rhn-client-tools package was not installed and the
__raisePlugins__
plug-in was enabled on the system, thesosreport
utility failed to collect thedmidecode
files and other hardware information. This update provides a patch to fix this bug andsosreport
now works correctly in the described scenario. - BZ#782247
- When the audit package was not installed and the
/var/log/audit
file did not exist on the system, theauditd
plug-in failed with a traceback error. This bug has been fixed andauditd
now properly handles the missing/var/log/audit
file. - BZ#868008
- When SELinux was disabled on the system, the
sosreport
utility did not collect the information located in thesos_commands/selinux/
directory. This update provides a patch to fix this bug, andsosreport
now correctly collects all the required information in the described scenario. - BZ#906071
- Previous versions of the sos
psacct
(BSD Process Accounting) module collected all process accounting files present on the system, which could, under certain configurations, lead to a very large number of archived files in the process accounting directory. To fix this,psacct
now collects only the most recent accounting file by default. Theall
option has been added to the module which allows the user to request the original behavior if required. As a result, reports generated on hosts with many archived accounting files no longer include this large set of additional data. - BZ#958346
- Previously, the
sosreport
utility did not capture modules located in the/etc/modules.*/
directory including module blacklisting. With this update, a patch has been provided to fix this bug andsosreport
now captures the modules as expected. - BZ#976242
- Previous versions of the
sos
utility did not sanitize special characters in system host names when using the name in file system paths. Consequently, inserting special characters in the system host name could causesos
to generate invalid file system paths and fail to generate a report. With this update, invalid characters are filtered out of system host names andsos
now works correctly on systems having characters disallowed in file system paths present in the host name. - BZ#977187
- When used on PowerPC systems, the
sosreport
utility took a copy of the/boot/yaboot.conf
file but not a copy of the/etc/yaboot.conf
file. Consequently,sosreport
could miss important information present in this file. This update applies a patch to fix this bug and the report fromsosreport
now contains information from/etc/yaboot.conf
if present.
Enhancements
- BZ#840981
- Previous releases of
sos
captured only the/proc/ioports
file detailing registered I/O port regions in use. The/proc/iomem
file additionally describes regions of physical system memory and their use of memory, firmware data, and device I/O traffic. As this data can be important in debugging certain hardware and device-driver problems, bothioports
andiomem
data have been made available within generated reports. - BZ#891325
- Previously, the
sar
plug-in did not set a size restriction for collected data, which could cause thesosreport
utility to fill up the directory for temporary files. This enhancement adds the ability to limit the maximum size of collected data for thesar
plug-in. - BZ#907876
- The ID mapping daemon (
idmapd
) controls identity mappings used by NFSv4 services and is important for diagnostic and troubleshooting efforts. This enhancement provides a new feature that allows thesosreport
utility to analyze theidmapd.conf
file on NFS client and server hosts.
4.100. spamassassin
Bug Fixes
- BZ#892348
- The rules using the "rawbody" test did not always return a match because SpamAssassin split the raw data into 1-2kB size parts. With this update, a note has been added to the Mail::SpamAssassin::Conf documentation, addressing the limitations resulting from this bug.
- BZ#892350
- Previously, a bug in the parser used the wrong data to detect URLs between HTML tags. As a consequence, SpamAssassin did not always detect HTTP(S) URL multiline mismatches in email messages. This bug is now fixed and SpamAssassin properly detects multiline mismatches.
4.101. sssd
Security Fix
- CVE-2013-0219
- A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user.
Bug Fixes
- BZ#820908
- After a paging control was used, memory in the sssd_be process was never freed which led to the growth of the sssd_be process memory usage over time. To fix this bug, the paging control was deallocated after use, and thus the memory usage of the sssd_be process no longer grows.
- BZ#882414
- If the sssd_be process was terminated and recreated while there were authentication requests pending, the sssd_pam process did not recover correctly and did not reconnect to the new sssd_be process. Consequently, the sssd_pam process was seemingly blocked and did not accept any new authentication requests. The sssd_pam process has been fixes so that it reconnects to the new instance of the sssd_be process after the original one terminated unexpectedly. Even after a crash and reconnect, the sssd_pam process now accepts new authentication requests.
- BZ#886165
- When the sssd_be process hung for a while, it was terminated and a new instance was created. If the old instance did not respond to the TERM signal and continued running, SSSD terminated unexpectedly. As a consequence, the user could not log in. SSSD now keeps track of sssd_be subprocesses more effectively, making the restarts of sssd_be more reliable in such scenarios. Users can now log in whenever the sssd_be is restarted and becomes unresponsive.
- BZ#923813
- In case the processing of an LDAP request took longer than the client timeout upon completing the request (60 seconds by default), the PAM client could have accessed memory that was previously freed due to the client timeout being reached. As a result, the sssd_pam process terminated unexpectedly with a segmentation fault. SSSD now ignores an LDAP request result when it detects that the set timeout of this request has been reached. The sssd_pam process no longer crashes in the aforementioned scenario.
- BZ#805729
- When there was a heavy load of users and groups to be saved in cache, SSSD experienced a timeout. Consequently, NSS did not start the backup process properly and it was impossible to log in. A patch has been provided to fix this bug. The SSSD daemon now remains responsive and the login continues as expected.
- BZ#961680
- SSSD kept the file descriptors to the log files open. Consequently, on occasions like moving the actual log file and restarting the back end, SSSD still kept the file descriptors open. SSSD now closes the file descriptor after the child process execution; after a successful back end start, the file descriptor to log files is closed.
- BZ#979047
- While performing access control in the Identity Management back end, SSSD erroneously downloaded the "member" attribute from the server and then attempted to use it in the cache verbatim. Consequently, the cache attempted to use the "member" attribute values as if they were pointing to the local cache which was CPU intensive. The member attribute when processing host groups is no longer downloaded and processed. Moreover, the login process is reasonably fast even with large host groups.
4.102. subscription-manager
Note
Bug Fixes
- BZ#877331
- Previously, several options were missing from the migration script which prevented the user from migrating from RHN Classic to certificate-based Subscription Management. To fix this bug, options have been added therein and the user can now migrate flawlessly.
- BZ#916369
- Prior to this update, the parameter-parsing code was constantly updating the configuration whenever the "--insecure" option was present. Consequently, the "--insecure" option would always overwrite the configuration value. The insecure value persistence has been modified to delay until after the command completes, thus fixing the bug.
- BZ#906642
- Previously, the repolist command did not accept the "--proxy" option, which hindered listing repositories using the HTTP proxy server. To fix this bug, the "--proxy" option has been added to the repolist command. The user can now list their repositories while also specifying their HTTP proxy server connection.
- BZ#845622
- Prior to this update, confusing error messages were displayed when the user's identity certificate expired. With this update, a proper message has been added. The users can now see when their identity certificates expire.
- BZ#818978
- Previously, a systemd script was missing which prevented the systemctl utility from starting the rhsmcertd daemon. Systemd-style initialization scripts for rhsmcertd have been added. As a result, rhsmcertd can now be started successfully using systemctl.
- BZ#993202
- Due to the incorrectly placed ca_cert_dir configuration entry in the /etc/rhsm/rhsm.conf file, interpolation problems occurred. To fix this bug, the ca_cert_dir configuration line has been moved from the [server] into [rhsm] section keeping the functionality as in previous versions.
- BZ#997189
- Previously, the firstboot utility displayed unnecessary and confusing error messages to the user. To fix this bug, the content of the messages has been changed to inform the user clearly and effectively.
Enhancements
Security Fix
- CVE-2012-6137
- It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server's X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user's Red Hat Network credentials.
4.103. subscription-manager-migration-data
Note
4.104. subversion
Security Fixes
- CVE-2013-1849
- A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash.
- CVE-2013-1845
- A flaw was found in the way the mod_dav_svn module handled large numbers of properties (such as those set with the "svn propset" command). A malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory.
- CVE-2013-1846, CVE-2013-1847
- Two NULL pointer dereference flaws were found in the way the mod_dav_svn module handled LOCK requests on certain types of URLs. A malicious, remote user could use these flaws to cause the httpd process serving the request to crash.
4.105. sudo
Security Fixes
- CVE-2013-1775
- A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password.
- CVE-2013-1776, CVE-2013-2776
- It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password.
Bug Fixes
- BZ#849679
- Due to a bug in the cycle detection algorithm of the visudo utility, visudo incorrectly evaluated certain alias definitions in the /etc/sudoers file as cycles. Consequently, a warning message about undefined aliases appeared. This bug has been fixed, /etc/sudoers is now parsed correctly by visudo and the warning message no longer appears.
- BZ#855836
- Previously, the 'sudo -l' command did not parse the /etc/sudoers file correctly if it contained an Active Directory (AD) group. The file was parsed only up to the first AD group information and then the parsing failed with the following message:sudo: unable to cache group ADDOM\admingroup, already existsWith this update, the underlying code has been modified and 'sudo -l' now parses /etc/sudoers containing AD groups correctly.
- BZ#869287
- Previously, the sudo utility did not escape the backslash characters contained in user names properly. Consequently, if a system used sudo integrated with LDAP or Active Directory (AD) as the primary authentication mechanism, users were not able to authenticate on that system. With this update, sudo has been modified to process LDAP and AD names correctly and the authentication process now works as expected.
- BZ#905624
- Prior to this update, the 'visudo -s (strict)' command incorrectly parsed certain alias definitions. Consequently, an error message was issued. The bug has been fixed, and parsing errors no longer occur when using 'visudo -s'.
4.105.2. RHBA-2013:0616 — sudo bug fix update
Bug Fixes
- BZ#916220
- The "sudo -l" command did not parse the /etc/sudoers file correctly if it contained an Active Directory (AD) group. The file was parsed only up to the first AD group information and the command then failed with the following error message:
sudo: unable to cache group ADDOM\admingroup, already exists
With this update, the underlying code has been modified so the "sudo -l" command now parses the /etc/sudoers file as it is supposed to and no longer displays this error message. - BZ#916232
- Previously, sudo did not escape the backslash characters contained in user names properly. Consequently, if a system used sudo integrated with LDAP or Active Directory as the primary authentication mechanism, users were not able to authenticate on that system. This patch modifies sudo to process LDAP and AD names correctly and the authentication process now functions as expected.
4.106. system-config-cluster
Bug Fixes
- BZ#867022
- Previously, the cluster.ng "nfsrestart" attribute was not defined as a file system attribute in system-config-cluster. As a consequence, when running the xmllint tool to validate the /etc/cluster/cluster.conf file, xmllint terminated with an error. With this update, the "nfsrestart" attribute has been added to the list of file system resources and validation of the /etc/cluster/cluster.conf file now works as expected.
- BZ#875592
- The "miss_count_const" parameter was missing from the cluster.ng schema and, as a consequence, when the user added the parameter to the /etc/cluster/cluster.conf file, the configuration file failed to validate. With this update, the parameter has been added to the cluster.ng schema and the /etc/cluster/cluster.conf file validates successfully with the aforementioned parameter.
- BZ#903560
- Previously, the "DRBD" resource was missing from the cluster.ng schema and, as a consequence, the /etc/cluster/cluster.conf file failed to validate with xmllint. With this update, the missing attribute has been added to the cluster.ng schema and the /etc/cluster/cluster.conf file now validates successfully with the aforementioned parameter.
4.107. system-config-kdump
Bug Fix
- BZ#947938
- Previously, the system-config-kdump utility did not allow users to configure the kdump utility to store kernel dumps as a file on the ext4 file system. This update provides the "ext4" option to the "Edit location -> Select location type" setting, thus fixing this bug.
4.108. system-config-lvm
Bug Fix
- BZ#875148
- Due to a limitation in the system-config-lvm application, it terminated unexpectedly when striped mirrored devices were found. With this update, system-config-lvm no longer crashes and users can fully interact with striped mirrored devices. However, such devices may not always render properly in the application. It is recommended to use the command line interface tools to interact with striped mirrored devices.
4.109. thunderbird
Security Fixes
- CVE-2013-0788
- Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
- CVE-2013-0795
- A flaw was found in the way Same Origin Wrappers were implemented in Thunderbird. Malicious content could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Thunderbird.
- CVE-2013-0796
- A flaw was found in the embedded WebGL library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: This issue only affected systems using the Intel Mesa graphics drivers.
- CVE-2013-0800
- An out-of-bounds write flaw was found in the embedded Cairo library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
- CVE-2013-0793
- A flaw was found in the way Thunderbird handled the JavaScript history functions. Malicious content could cause a page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks.
Security Fixes
- CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736
- Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
- CVE-2013-1737
- A flaw was found in the way Thunderbird handled certain DOM JavaScript objects. An attacker could use this flaw to make JavaScript client or add-on code make incorrect, security sensitive decisions.
Security Fixes
- CVE-2013-1701
- Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
- CVE-2013-1710
- A flaw was found in the way Thunderbird generated Certificate Request Message Format (CRMF) requests. An attacker could use this flaw to perform cross-site scripting (XSS) attacks or execute arbitrary code with the privileges of the user running Thunderbird.
- CVE-2013-1709
- A flaw was found in the way Thunderbird handled the interaction between frames and browser history. An attacker could use this flaw to trick Thunderbird into treating malicious content as if it came from the browser history, allowing for XSS attacks.
- CVE-2013-1713
- It was found that the same-origin policy could be bypassed due to the way Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker could use this flaw to perform XSS attacks, or install malicious add-ons from third-party pages.
- CVE-2013-1714
- It was found that web workers could bypass the same-origin policy. An attacker could use this flaw to perform XSS attacks.
- CVE-2013-1717
- It was found that, in certain circumstances, Thunderbird incorrectly handled Java applets. If a user launched an untrusted Java applet via Thunderbird, the applet could use this flaw to obtain read-only access to files on the user's local system.
Security Fixes
- CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690
- Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
- CVE-2013-1692
- It was found that Thunderbird allowed data to be sent in the body of XMLHttpRequest (XHR) HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery (CSRF) attacks.
- CVE-2013-1693
- Timing differences in the way Thunderbird processed SVG image files could allow an attacker to read data across domains, potentially leading to information disclosure.
- CVE-2013-1694, CVE-2013-1697
- Two flaws were found in the way Thunderbird implemented some of its internal structures (called wrappers). An attacker could use these flaws to bypass some restrictions placed on them. This could lead to unexpected behavior or a potentially exploitable crash.