[ubuntu/intrepid-security] redhat-cluster, redhat-cluster_2.20080826-0ubuntu1.3_lpia_translations.tar.gz, redhat-cluster_2.20080826-0ubuntu1.3_ia64_translations.tar.gz, redhat-cluster_2.20080826-0ubuntu1.3_sparc_translations.tar.gz (delayed), redhat-cluster_2.20080826-0ubuntu1.3_i386_translations.tar.gz, redhat-cluster_2.20080826-0ubuntu1.3_powerpc_translations.tar.gz, redhat-cluster_2.20080826-0ubuntu1.3_hppa_translations.tar.gz, redhat-cluster_2.20080826-0ubuntu1.3_amd64_translations.tar.gz 2.20080826-0ubuntu1.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Fri Dec 18 15:03:18 GMT 2009


redhat-cluster (2.20080826-0ubuntu1.3) intrepid-security; urgency=low

  * SECURITY UPDATE: insecure temporary file handling in fence_egenera
    - debian/patches/900_CVE-2008-4192.dpatch: move logfile to protected
      directory
    - CVE-2008-4192
  * SECURITY UPDATE: insecure temporary file handling in multiple places.
    - debian/patches/900_fence_apc_manpage.dpatch: don't reference /tmp/apclog
      in fence_apc man page, since it is not used
    - debian/patches/900_fence_vmware.dpatch: move logfile to protected
      directory
    - debian/patches/900_tempfix_ASEHAagent.dpatch: use mktemp instead of
      hard-coded file
    - debian/patches/900_tempfix_daemons.dpatch: move logfile to protected
      directory
    - debian/patches/900_tempfix_fs.dpatch: move logfile to protected
      directory
    - debian/patches/900_tempfix_gfs2_debugfs.dpatch: use mkdtemp() in misc.c
    - debian/patches/900_tempfix_gfs2_savemeta.dpatch: use mkstemp() in
      savemeta.c
    - debian/patches/900_tempfix_libgfs2.dpatch: use mkdtemp() in misc.c and
      clean out (now) unneeded functions
    - debian/patches/900_tempfix_lvm_by_vg.dpatch: don't log debugging
      information to temporary file
    - debian/patches/900_tempfix_oracledb.dpatch: use mktemp and move logfile
      to protected directory
    - debian/patches/900_tempfix_SAPDatabase.dpatch: use mktemp
    - debian/patches/900_tempfix_smb.dpatch: use mktemp
    - debian/patches/900_tempfix_svclib_nfslock.dpatch: use mktemp
    - Patches based on upstream changes
    - CVE-2008-6552
  * SECURITY UPDATE: buffer overflow when adding entries to ccsais xml block
    - debian/patches/901_ccsais_overflow.dpatch: define and check for
      MAXXMLNODES in plugins/ccsais/config.c
    - CVE-2008-6560
  * SECURITY UPDATE: buffer overflow when adding entries to same xml block
    - debian/patches/901_xmlconfig_overflow.dpatch: dynamically allocate
      memory instead of using static buffers in plugins/xml/config.c
    - CVE-XXXX-XXXX
  * debian/rgmanager.dirs: install /var/log/cluster

Date: Thu, 17 Dec 2009 13:01:28 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/redhat-cluster/2.20080826-0ubuntu1.3
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Dec 2009 13:01:28 -0600
Source: redhat-cluster
Binary: redhat-cluster-suite cman libccs3 libccs-dev libccs-perl libcman3 libcman-dev libdlm3 libdlm-dev libdlmcontrol3 libdlmcontrol-dev libfence3 libfence-dev gfs-tools gfs2-tools gnbd-client gnbd-server rgmanager redhat-cluster-source
Architecture: source
Version: 2.20080826-0ubuntu1.3
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 cman       - cluster manager
 gfs-tools  - global file system tools
 gfs2-tools - global file system 2 tools (EXPERIMENTAL)
 gnbd-client - global network block device - client tools
 gnbd-server - global network block device - server tools
 libccs-dev - cluster manager - development files
 libccs-perl - Perl module for using the libccs2 library
 libccs3    - cluster configuration - libraries
 libcman-dev - cluster manager - development files
 libcman3   - cluster manager - libraries
 libdlm-dev - distributed lock manager - development files
 libdlm3    - distributed lock manager - library
 libdlmcontrol-dev - distributed lock manager - development files
 libdlmcontrol3 - distributed lock manager - library
 libfence-dev - fenced - development files
 libfence3  - fence client - library
 redhat-cluster-source - Red Hat cluster suite - kernel modules source
 redhat-cluster-suite - Red Hat cluster suite (metapackage)
 rgmanager  - clustered resource group manager
Changes: 
 redhat-cluster (2.20080826-0ubuntu1.3) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: insecure temporary file handling in fence_egenera
     - debian/patches/900_CVE-2008-4192.dpatch: move logfile to protected
       directory
     - CVE-2008-4192
   * SECURITY UPDATE: insecure temporary file handling in multiple places.
     - debian/patches/900_fence_apc_manpage.dpatch: don't reference /tmp/apclog
       in fence_apc man page, since it is not used
     - debian/patches/900_fence_vmware.dpatch: move logfile to protected
       directory
     - debian/patches/900_tempfix_ASEHAagent.dpatch: use mktemp instead of
       hard-coded file
     - debian/patches/900_tempfix_daemons.dpatch: move logfile to protected
       directory
     - debian/patches/900_tempfix_fs.dpatch: move logfile to protected
       directory
     - debian/patches/900_tempfix_gfs2_debugfs.dpatch: use mkdtemp() in misc.c
     - debian/patches/900_tempfix_gfs2_savemeta.dpatch: use mkstemp() in
       savemeta.c
     - debian/patches/900_tempfix_libgfs2.dpatch: use mkdtemp() in misc.c and
       clean out (now) unneeded functions
     - debian/patches/900_tempfix_lvm_by_vg.dpatch: don't log debugging
       information to temporary file
     - debian/patches/900_tempfix_oracledb.dpatch: use mktemp and move logfile
       to protected directory
     - debian/patches/900_tempfix_SAPDatabase.dpatch: use mktemp
     - debian/patches/900_tempfix_smb.dpatch: use mktemp
     - debian/patches/900_tempfix_svclib_nfslock.dpatch: use mktemp
     - Patches based on upstream changes
     - CVE-2008-6552
   * SECURITY UPDATE: buffer overflow when adding entries to ccsais xml block
     - debian/patches/901_ccsais_overflow.dpatch: define and check for
       MAXXMLNODES in plugins/ccsais/config.c
     - CVE-2008-6560
   * SECURITY UPDATE: buffer overflow when adding entries to same xml block
     - debian/patches/901_xmlconfig_overflow.dpatch: dynamically allocate
       memory instead of using static buffers in plugins/xml/config.c
     - CVE-XXXX-XXXX
   * debian/rgmanager.dirs: install /var/log/cluster
Checksums-Sha1: 
 a2ca3c1b5717b543af5767b3ff558c258c47136d 1987 redhat-cluster_2.20080826-0ubuntu1.3.dsc
 b92b451d1a9f31b03047be797024786de15ee7ee 63441 redhat-cluster_2.20080826-0ubuntu1.3.diff.gz
Checksums-Sha256: 
 fa26098b08987653dac6adf33be7b1ae162738f4a271f146e160fb15030df72a 1987 redhat-cluster_2.20080826-0ubuntu1.3.dsc
 c10f04b35c97642723e1a1f6a6bb48c6108a058e0d59fce2eea7df001fa942e8 63441 redhat-cluster_2.20080826-0ubuntu1.3.diff.gz
Files: 
 07caa6016c84a0615960de2e5d2e7dee 1987 admin optional redhat-cluster_2.20080826-0ubuntu1.3.dsc
 5dab9d6c5e35bcf5e360165af7264c79 63441 admin optional redhat-cluster_2.20080826-0ubuntu1.3.diff.gz
Original-Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>


More information about the Intrepid-changes mailing list