[ubuntu/hardy-security] redhat-cluster, redhat-cluster_2.20080227-0ubuntu1.3_powerpc_translations.tar.gz, redhat-cluster_2.20080227-0ubuntu1.3_i386_translations.tar.gz, redhat-cluster_2.20080227-0ubuntu1.3_lpia_translations.tar.gz, redhat-cluster_2.20080227-0ubuntu1.3_amd64_translations.tar.gz, redhat-cluster_2.20080227-0ubuntu1.3_ia64_translations.tar.gz, redhat-cluster_2.20080227-0ubuntu1.3_sparc_translations.tar.gz (delayed) 2.20080227-0ubuntu1.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Fri Dec 18 15:03:34 GMT 2009


redhat-cluster (2.20080227-0ubuntu1.3) hardy-security; urgency=low

  * SECURITY UPDATE: insecure temporary file handling in multiple places.
    - debian/patches/900_fence_vmware.dpatch: move logfile to protected
      directory
    - debian/patches/900_tempfix_daemons.dpatch: move logfile to protected
      directory
    - debian/patches/900_tempfix_fs.dpatch: move logfile to protected
      directory (and update make/defines.mk.input)
    - debian/patches/900_tempfix_gfs2_debugfs.dpatch: use mkdtemp() in misc.c
    - debian/patches/900_tempfix_gfs2_savemeta.dpatch: use mkstemp() in
      savemeta.c
    - debian/patches/900_tempfix_libgfs2.dpatch: use mkdtemp() in misc.c and
      clean out (now) unneeded functions
    - debian/patches/900_tempfix_lvm_by_vg.dpatch: don't log debugging
      information to temporary file
    - debian/patches/900_tempfix_oracledb.dpatch: use mktemp and move logfile
      to protected directory (fix in the source even though it is not
      installed)
    - debian/patches/900_tempfix_SAPDatabase.dpatch: use mktemp
    - debian/patches/900_tempfix_smb.dpatch: use mktemp
    - debian/patches/900_tempfix_svclib_nfslock.dpatch: use mktemp
    - debian/patches/900_ccstool.dpatch: use mkostemp()
    - Patches based on upstream changes
    - CVE-2008-6552
  * SECURITY UDPATE: insecure temporary file handling on /tmp/apclog
    - debian/patches/900_fence_apc.dpatch: don't reference /tmp/apclog
      in fence_apc man page, since it is not used. Update fence_apc.pl,
      fence_apc.py and fence_apc_snmp.py to use @LOGDIR@/apclog. Updated
      make/fenceperl.mk and make/fencepy.mk to substitute @LOGDIR@
    - CVE-2008-4579
  * SECURITY UPDATE: buffer overflow when adding entries to ccsais xml block
    - debian/patches/901_cman_overflow.dpatch: define and check for
      MAXXMLNODES in cman/daemon/config.c and cman/daemon/ais.c
    - CVE-2008-6560
  * debian/cman.dirs and rgmanager.dirs: install /var/log/cluster

Date: Thu, 17 Dec 2009 12:58:52 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/redhat-cluster/2.20080227-0ubuntu1.3
-------------- next part --------------
Format: 1.7
Date: Thu, 17 Dec 2009 12:58:52 -0600
Source: redhat-cluster
Binary: redhat-cluster-suite cman libcman2 libcman-dev libdlm2 libdlm-dev gfs-tools gfs2-tools gnbd-client gnbd-server rgmanager redhat-cluster-source
Architecture: source
Version: 2.20080227-0ubuntu1.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 cman       - cluster manager
 gfs-tools  - global file system tools
 gfs2-tools - global file system 2 tools (EXPERIMENTAL)
 gnbd-client - global network block device - client tools
 gnbd-server - global network block device - server tools
 libcman-dev - cluster manager - development files
 libcman2   - cluster manager - libraries
 libdlm-dev - distributed lock manager - development files
 libdlm2    - distributed lock manager - library
 redhat-cluster-source - Red Hat cluster suite - kernel modules source
 redhat-cluster-suite - Red Hat cluster suite (meta package)
 rgmanager  - clustered resource group manager
Changes: 
 redhat-cluster (2.20080227-0ubuntu1.3) hardy-security; urgency=low
 .
   * SECURITY UPDATE: insecure temporary file handling in multiple places.
     - debian/patches/900_fence_vmware.dpatch: move logfile to protected
       directory
     - debian/patches/900_tempfix_daemons.dpatch: move logfile to protected
       directory
     - debian/patches/900_tempfix_fs.dpatch: move logfile to protected
       directory (and update make/defines.mk.input)
     - debian/patches/900_tempfix_gfs2_debugfs.dpatch: use mkdtemp() in misc.c
     - debian/patches/900_tempfix_gfs2_savemeta.dpatch: use mkstemp() in
       savemeta.c
     - debian/patches/900_tempfix_libgfs2.dpatch: use mkdtemp() in misc.c and
       clean out (now) unneeded functions
     - debian/patches/900_tempfix_lvm_by_vg.dpatch: don't log debugging
       information to temporary file
     - debian/patches/900_tempfix_oracledb.dpatch: use mktemp and move logfile
       to protected directory (fix in the source even though it is not
       installed)
     - debian/patches/900_tempfix_SAPDatabase.dpatch: use mktemp
     - debian/patches/900_tempfix_smb.dpatch: use mktemp
     - debian/patches/900_tempfix_svclib_nfslock.dpatch: use mktemp
     - debian/patches/900_ccstool.dpatch: use mkostemp()
     - Patches based on upstream changes
     - CVE-2008-6552
   * SECURITY UDPATE: insecure temporary file handling on /tmp/apclog
     - debian/patches/900_fence_apc.dpatch: don't reference /tmp/apclog
       in fence_apc man page, since it is not used. Update fence_apc.pl,
       fence_apc.py and fence_apc_snmp.py to use @LOGDIR@/apclog. Updated
       make/fenceperl.mk and make/fencepy.mk to substitute @LOGDIR@
     - CVE-2008-4579
   * SECURITY UPDATE: buffer overflow when adding entries to ccsais xml block
     - debian/patches/901_cman_overflow.dpatch: define and check for
       MAXXMLNODES in cman/daemon/config.c and cman/daemon/ais.c
     - CVE-2008-6560
   * debian/cman.dirs and rgmanager.dirs: install /var/log/cluster
Files: 
 4c14cc03f2c8178f161dadc185343813 1291 admin optional redhat-cluster_2.20080227-0ubuntu1.3.dsc
 6875cc2d955c7a7bd81bc2793e78ac12 53736 admin optional redhat-cluster_2.20080227-0ubuntu1.3.diff.gz
Original-Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>


More information about the Hardy-changes mailing list