kexec-tools-2.0.0-209.AXS4

エラータID: AXSA:2012-12:01

Release date: 
Wednesday, January 18, 2012 - 12:10
Subject: 
kexec-tools-2.0.0-209.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

kexec-tools provides /sbin/kexec binary that facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. This package contains the /sbin/kexec binary and ancillary utilities that together form the userspace component of the kernel's kexec feature.
Security issues fixed with this release:
CVE-2011-3588
CVE-2011-3589
CVE-2011-3590
No information available at the time of writing, see the CVE link below.
Fixed bugs:
- Because the mkdumprd utility failed to parse the /etc/mdadm.conf file, it also failed to create an initial ramdisk for kdump crash recovery. This has been fixed and the kdump service now starts as expected.
- On PowerPC 64 systems with more than 1 TB of RAM, the kexec utility experienced a segmentation fault upon kdump starting. This has been fixed and kexec does not crash any more when kdump starts and works as expected.

Solution: 

Update packages.

CVEs: 
CVE-2011-3588
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.
CVE-2011-3589
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.
CVE-2011-3590
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.




Additional Info: 

N/A

Download: 

SRPMS
  1. kexec-tools-2.0.0-209.AXS4.src.rpm
    MD5: d685f9d49832b162b7c8b19e3a1b9b80
    SHA-256: 3f58ca43e5afddb5d8d441ac219c32dae670c1c7ace5b1a4e77d04ab1abfc90b
    Size: 490.05 kB

Asianux Server 4 for x86
  1. kexec-tools-2.0.0-209.AXS4.i686.rpm
    MD5: 4533c6c6e835cef1135111e133ffb99d
    SHA-256: 0e0939ea2f342fbc597368ed837d3e2bb600ec57c4dbd2c65f6a602595842eb2
    Size: 245.21 kB

Asianux Server 4 for x86_64
  1. kexec-tools-2.0.0-209.AXS4.x86_64.rpm
    MD5: b67702e84e1c5da3df8d2ef57c3c511b
    SHA-256: 44d4ebdf2f34c8507ef3db38a930355d9b5ee55a44137953e47728995879ef01
    Size: 254.06 kB