vixie-cron-4.1-81.AXS3

The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Vixie cron adds better security and more powerful configuration options to the standard version of cron.
Security issues fixed with this release:
CVE-2010-0424
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
Fixed bugs:
• A temporary NSS lookup failure often prevented the execution of cron jobs from users with home directories mounted on a LDAP server or NFS because such jobs would then be marked as orphaned. This update introduces the creation of a orphans database and cron jobs are performed as expected.
• Previously, cron did not log any errors if a cron job file located in the /etc/cron.d/ directory contained invalid entries. This has been fixed and invalid entries in the cron job files now produce warning messages.
• Previously, the @reboot crontab macro incorrectly ran jobs when the crond daemon was restarted. When used on several machines, all entries with the @reboot option were executed every time the crond daemon was restarted. This has been fixed and jobs are executed only when the machine is rebooted.
• crontab is now compiled as a position-independent executable (PIE), which enhances the security of the system.
• If the parent crond daemon was stopped but the a child daemon was still running, the service crond status command incorrectly reported that crond was running.This has been fixed and the service crond status command now correctly reports that crond is stopped.
• This update includes a corrected /etc/pam.d/crond file that exports environment variables correctly. Setting pam variables via cron now works as documented in the pam(8) manual page.
• Previously, if the crond daemon attempted to use the label modified by mcstrand and mcstransd was not running, crond used an incorrect label. Consequently, Security-Enhanced Linux (SELinux) denials filled up the cron log, no jobs were executed, and crond had to be restarted. This has been fixed by making mcstransd and crond use raw SELinux labels.
• Fixed many typos in the crontab(1) and cron(8) manual pages.
Enhancement:
• The crontab utility now uses Pluggable Authentication Module for user verification: it prevents users from accessing crontab, which was previously possible even if their access had been restricted. Crontab now returns an error message informing them that the PAM configuration prevents them from doing so.