Security Fixes

CVE-2011-2377

A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-0083 , CVE-2011-0085 , CVE-2011-2363

Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2364 , CVE-2011-2365 , CVE-2011-2374 , CVE-2011-2375 , CVE-2011-2376

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2371

An integer overflow flaw was found in the way Firefox handled JavaScript Array objects. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox.

CVE-2011-2373

A use-after-free flaw was found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox.

CVE-2011-2362

It was found that Firefox could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.18.

Bug Fix

BZ# 698313

With previous versions of Firefox on Red Hat Enterprise Linux 5, the "background-repeat" CSS (Cascading Style Sheets) property did not work (such images were not displayed and repeated as expected). All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

1.63.2. RHSA-2011:1164 — Critical: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.

Security Fixes

CVE-2011-2982

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-0084

A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2378

A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2981

A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox.

CVE-2011-2983

A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2984

It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

1.63.3. RHSA-2011:1242 — Important: firefox security update

Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority (CA) issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Firefox; however, affected certificates issued after this date cannot be re-enabled or used. (BZ# 734316 ) All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect.

1.63.4. RHSA-2011:1268 — Important: firefox security update

Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority (CA) as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate signed by that CA as untrusted. (BZ# 735483 ) All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.22. After installing the update, Firefox must be restarted for the changes to take effect.

1.63.5. RHSA-2011:1341 — Critical: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.

Security Fixes

CVE-2011-2995

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2372

A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.

CVE-2011-3000

A flaw was found in the way Firefox handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Firefox now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition.

CVE-2011-2999

A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy.

CVE-2011-2998

An integer underflow flaw was found in the way Firefox handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.23. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.23, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

1.63.6. RHSA-2011:1437 — Critical: firefox security update

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.

Security Fixes

CVE-2011-3647

A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox.

CVE-2011-3648

A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website.

CVE-2011-3650

A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

1.64. firstaidkit

1.64.1. RHEA-2011:0166 — firstaidkit enhancement update

Updated firstaidkit packages that add an enhancement are now available for Red Hat Enterprise Linux 6. FirstAidKit is a tool that runs automated diagnostics of an installed Red Hat Enterprise Linux system.

Enhancement

BZ# 584677

These updated packages introduce a new manual page with an outline of the basic concepts and format of the main configuration file (that is, /etc/firstaidkit/firstaidkit.conf by default). Note that this manual page does not replace a detailed description of available configuration options in the configuration file itself. Users of firstaidkit are advised to upgrade to these updated packages, which add this enhancement.

1.65. firstboot

1.65.1. RHBA-2011:0742 — firstboot bug fix and enhancement update

Updated firstboot packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The firstboot utility runs after installation. It guides the user through a series of steps that allows for easier configuration of the machine.

Bug Fixes

BZ# 658869

Previously, no screen was provided to change the root password in firstboot. Due to this lack, users had to change the settings of system-config-users to the root password within the Advanced window of firstboot's create user screen. This update adds a module to change the root password. Now, users can view a set the root password in firstboot, if run with the option "the --reconfig".

BZ# 659451

Previously, users could not skip the user creation screen. Due to this lack, users had to create a user account with an UID number above or equal to 500 to continue to the next step of the first boot process. With this update, the check for valid user accounts in the system checks whether a user account with a valid login shell is present and not only user accounts with an UID number above or equal to 500. If there's no such user account present firstboot shows a warning, but allows the user to go to the next step. Now, users can skip the user creation part of firstboot.

Enhancement

BZ# 463564

Previously, the firstboot utility did not run automatically after installation on IBM's System/390 architecture. Due to this issue, users had to run firstboot manually. This update adds automatic execution. Now, the firstboot utility runs automatically when the root user logs in to the system for the first time with a capable terminal. All firstboot users are advised to upgrade to these updated packages, which fix these bugs and adds this enhancement.

1.66. foomatic

1.66.1. RHSA-2011:1110 — Moderate: foomatic security update

An updated foomatic package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C.

Security Fix

CVE-2011-2964

An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the "lp" user. All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue.

1.67. freeradius

1.67.1. RHBA-2011:0610 — freeradius bug fix and enhancement update

Updated freeradius packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. FreeRADIUS is an open source RADIUS server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of it's operations via the RADIUS protocol. The FreeRADIUS packages have been upgraded to upstream version 2.1.10, which provides a number of bug fixes over the previous version. (BZ# 644100 )

Bug Fixes

BZ# 689045

Previously, the FreeRADIUS server failed to start when the rlm_perl or rlm_python modules were used due to unresolved symbols encountered by the dynamic loader. This update uses the dynamic loader option which must be explicitly turned on via lt_dladvise to allow loaded modules to globally export their symbols. Now, rlm_perl and rlm_python FreeRADIUS modules are successfully loaded and the FreeRADIUS server successfully starts in this configuration.

Enhancement

BZ# 599528

This update makes the radtest script available for testing with IPv6. All FreeRADIUS users are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.68. freetype

1.68.1. RHSA-2011:1085 — Important: freetype security update

Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine.

Security Fix

CVE-2011-0226

A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect.

1.68.2. RHSA-2011:1402 — Important: freetype security update

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.

Security Fix

CVE-2011-3256

Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

1.68.3. RHSA-2011:1455 — Important: freetype security update

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.

Security Fix

CVE-2011-3439

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

1.69. fuse

1.69.1. RHSA-2011:1083 — Moderate: fuse security update

Updated fuse packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. FUSE (Filesystem in Userspace) can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems.

Security Fix

CVE-2010-3879 , CVE-2011-0541 , CVE-2011-0542 , CVE-2011-0543

Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack. Note: The util-linux-ng RHBA-2011:0699 update must also be installed to fully correct the above flaws. All users should upgrade to these updated packages, which contain backported patches to correct these issues.

1.70. gcc

1.70.1. RHBA-2011:0663 — gcc bug fix update

A gcc update that resolves several compiler bugs is now available for Red Hat Enterprise Linux 6. The gcc packages include C, C++, Java, Fortran, Objective C, Objective C++ and Ada 95 GNU compilers, along with related support libraries.

Bug Fixes

BZ# 630166

These updated packages provide support for the "-mcmodel=medium" and "-mcmodel=large" options on the 64-bit PowerPC architecture. These new options provide the ability to extend the TOC addressing space up to 2GB.

BZ# 632366

gcc now has the ability to emit pre-fetch instructions for "memcmp", "memcpy" and "memset" in-line expansions when optimizing for IBM System z10 CPUs.

BZ# 624889

Previously, leaf functions that accessed TLS variables in the global or local dynamic model were not generating a large enough stack frame on PowerPC 64-bit. In this updated package, the generated stack frame is now larger than 112 bytes, resolving this issue.

BZ# 675132

Previously a regression in the gfortran compiler was causing the "-M" option to not be recognized. In these updated packages the "-M" option is now recognized and functions as expected.

BZ# 592502

Previously, the optimizations performed when calculating induction variables during the induction variable optimization (ivopts) pass were not as efficient as previous releases. In these updated packages, the optimizations performed during the induction variable optimization (ivopts) pass is improved.

BZ# 618258

Previously, if a Java application built with gcj attempted to submit a print job to a print queue that was disabled, the process would enter a busy loop. This update fixes this issue by first checking if the print queue is null before attempting to send it a print job.

BZ# 659582

Previously, using "always_inline" on a function when compiling with "-g" without any "-O" options would cause the compiler to insert debugging annotations in unexpected locations. Consequently, the unexpected annotations caused the compiler to crash with an internal error. In these updated packages, the compiler is modified to properly handle attributes which change optimization levels, such as always_inline, properly.

BZ# 632370

This update provides code optimizations for the IBM System z architecture.

BZ# 635015

The mask operand for the AVX mask load/store is fixed. All users of gcc are advised to upgrade to these updated packages which address these issues.

1.71. gdb

1.71.1. RHBA-2011:0638 — gdb bug fix and enhancement update

Updated gdb packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The GNU debugger, gdb, is a debugger for programs written in C, C++, and other languages. The gdb package has been upgraded to upstream version 7.2, which provides a number of bug fixes and enhancements over the previous version. (BZ# 649030 )

Bug Fixes

BZ# 611435

GDB crashed when reading a kernel core dump file because the value of temporary current inferior process was set to minus_one_ptid (all processes). The value is now set to null_ptid (no processes) and GDB displays the vmcore file.

BZ# 625239

When the gcore utility created a core file for an executable compiled with the "-Wl,-z,relro" parameter, GDB was unable to open it. This occurred because the file did not contain the list of shared libraries. Such core files now contain the shared library list and can be opened.

BZ# 629236

GDB Python's pretty-printing feature provides an easily-readable view on complex C++ STL data structures. GDB crashed when displaying such structures. This occurred when the pretty printer threw a Python exception and GDB crashed due to a NULL pointer dereference. GDB now displays the easily-readable view of any C++ STL data structure correctly.

BZ# 632259

GDB aborted unexpectedly if you set breakpoints on GNU-IFUNC functions and started the debugged program because the breakpoints could not resolve the target functions of the GNU-IFUNC functions at program startup. Breakpoints on GNU-IFUNC functions are now resolved when the program calls the target function.

BZ# 636298

With GDB, you can modify VSX registers on PowerPC platforms. Changing some VSX registers corrupted other VSX registers. GDB now sets VSX registers independently.

BZ# 639645

GDB aborted unexpectedly when an inferior shared library list changed during an inferior function call. This occurred because GDB reset all breakpoints including the temporary breakpoint, which was created by the call, and attempted to delete the breakpoint again after the call finished. The temporary breakpoint now remains valid during the entire inferior function call.

BZ# 639647

GDB could have hung when debugging multithreaded programs with the setuid() function because the siginfo_t information associated with a signal number got lost. GDB now no longer resubmits or reorders signals and the siginfo_t value is preserved.

BZ# 661773

GDB terminated unexpectedly after user run the "info program" command because a change of the shared library list corrupted the data in the internal GDB structure "bpstat". The structure now contains correct data even after a change in the shared library list and "info program" works as expected.

BZ# 663449

Test suite file break-interp.exp reported for PowerPC platforms several FAIL results. A number of fixes have been applied to address these issues and the test suite for PowerPC now runs successfully.

BZ# 682891

GDB crashed when attempting to access dynamic types, such as variable length arrays, using the GDB/MI interface. GDB now no longer crashes under these circumstances.

BZ# 688788

On the i686 architecture, the awatch and rwatch commands printed an error when entered before the program-to-be-debugged started. GDB now by default debugs on the native architecture and the commands can be used before the program-to-be-debugged starts.

Enhancements

BZ# 562758

Debugged programs may use C++ templates. C++ templates provide template symbols for instantiation of classes and functions. GDB debugged the template instances but the template symbols were not accessible. GDB now displays the template symbols while debugging the template instances.

BZ# 609782

Fortran supports array slicing. GDB could not slice multidimensional arrays. GDB now supports slicing of such arrays.

BZ# 673696

GDB did not display pthread_t for threads found in the core. GDB now displays pthread_t for the threads. Users are advised to upgrade to these packages, which resolve the bugs and add the enhancements.

1.72. ghostscript

1.72.1. RHBA-2011:0527 — ghostscript bug fix update

Updated ghostscript packages that fix various bugs are now available for Red Hat Enterprise Linux 6. The Ghostscript suite provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language), and an interpreter for PDF files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by most printers and displays. This enables users to display PostScript files and print them on non-PostScript printers.

Bug Fixes

BZ# 621118

Previously, including a large JBIG2 compressed image in the PDF input file could cause the pdf2ps conversion utility to terminate unexpectedly with a segmentation fault. This was caused by the fact that the result of the "jbig2_image_new" function call was not always checked properly. This error has been fixed, and the inclusion of JBIG2 images no longer causes pdf2ps to crash.

BZ# 629562

Due to incorrect object management, Ghostscript could attempt to read from uninitialized memory, which could lead to a segmentation fault. This update applies a backported patch that addresses this issue, and Ghostscript no longer crashes.

BZ# 629941

The Fontmap.local file installed with the ghostscript package allows a system administrator to override font substitutions. However, previous versions of the Ghostscript suite did not use this file at all. This error has been fixed, and the file is now used as expected.

BZ# 675692

Previously, using the ps2pdf utility to convert a PostScript file to the PDF format caused the resulting document to be created without working hyperlinks. This update applies an upstream patch that resolves this issue, and ps2pdf now crates PDF files with correct hyperlinks. All users of ghostscript are advised to upgrade to these updated packages, which fix these bugs.

1.72.2. RHBA-2011:0899 — ghostscript bug fix update

Updated ghostscript packages that fix a bug are now available for Red Hat Enterprise Linux 6. The Ghostscript suite provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language), and an interpreter for PDF files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by most printers and displays. This enables users to display PostScript files and print them on non-PostScript printers.

Bug Fix

BZ# 710651

Previously, the default paper size was selected in portrait orientation when printing documents in landscape orientation. Consequently, the output was printed in portrait orientation and the content was cropped on the right side. With this update, if the paper size matches in landscape mode, that paper size is selected and the landscape orientation is selected for printing. All users of ghostscript are advised to upgrade to these updated packages, which fix this bug.

1.73. gimp

1.73.1. RHSA-2011:0839 — Moderate: gimp security update

Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The GIMP (GNU Image Manipulation Program) is an image composition and editing program.

Security Fixes

CVE-2010-4543

A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

CVE-2010-4540 , CVE-2010-4541 , CVE-2010-4542

A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.

1.74. glib2

1.74.1. RHBA-2011:0535 — glib2 bug fix update

Updated glib2 packages that fix one bug are now available for Red Hat Enterprise Linux 6. GLib is a low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.

Bug Fix

BZ# 648498

Previously, snapshots from the Network File System (NFS) mounted home directories located on Network Appliance (NetApp) filers were treated as real mounts and were displayed on the desktop. Due to this behavior, users could not hide or unmount these items. By default, the GNOME desktop treated all mounts under user home directories as custom and put their icons on the desktop. This update follows common practice and hides mounts with path elements that start with a dot. All users are advised to upgrade to these updated packages, which fix this bug.

1.75. glibc

1.75.1. RHBA-2011:0584 — glibc bug fix and enhancement update

Updated glibc packages that fix numerous bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.

Bug Fixes

BZ# 646954

Due to an error in glibc libraries, a race condition could occur when traversing a list of currently loaded shared libraries, causing an application to terminate with an error. This error has been fixed, the race condition no longer occurs, and the list of shared libraries can now be traversed as expected.

BZ# 642584

On 64-bit x86 systems with support for AVX vector registers, an insufficient alignment of the thread descriptor could cause an application to crash during symbol resolution. With this update, the "TCB_ALIGNMENT" value has been increased to 32 bytes, and applications no longer crash.

BZ# 641128

Previously, the generic implementation of the strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected.

BZ# 656530

The long double square root function, sqrtl , sometimes returned an incorrect result if the relative magnitude difference between the high and low halves of the long double exceeded a certain number. This occurred because one of the variables used in the calculation was an unsigned integer. The integer is now signed and the function works correctly.

BZ# 623187

The futex(FUTEX_WAKE_OP) method did not default to futex(FUTEX_WAKE) when FUTEX_WAKE_OP was not supported by the kernel. This resulted in the method always failing on these systems. The code change in glibc pthread_cond_signal() that caused this issue has now been corrected.

BZ# 661982

The memmove, wmemmove and wmemset operations contained incorrect "__restrict" qualifiers, even though their arguments could overlap. This issue has now been corrected.

BZ# 656014

The name service cache daemon (nscd) cached the results of lookups for DNS records even when the DNS records had a time-to-live of 0. nscd now respects DNS time-to-live values, and does not cache the results in this situation.

BZ# 653905

Attempting to build the glibc RPM failed when %_enable_debug_packages was either not set, or set to 0. This has been corrected so that debug packages need not be set or enabled in order to build the glibc RPM.

BZ# 652661

An uninitialized variable prevented glibc from compiling with the G++ compiler when "sys/timex.h" was included. This has been corrected.

BZ# 647448

strchr did not handle its second parameter correctly when %rdi was aligned to a 16-byte boundary and glibc was enabled for multiple architectures on AMD64 or Intel 64 systems with CPUs that supported Supplemental Streaming SIMD Extension (SSE) 4.2. The method would therefore output incorrect results. This has been corrected, and strchr now gives the expected output.

BZ# 615701

glibc did not load nosegneg libraries in a 32-bit Xen domain U environment when hwcap 1 nosegneg was set in /etc/ld.so.conf.d/nosegneg.conf , causing the incorrect library to be used. This has been corrected so that the nosegneg libraries are loaded.

BZ# 692177

Previously, the sysconf(_SC_*CACHE) method returned 0 for all caches on systems with Intel Xeon processors. This occurred because glibc used cpuid leaf 2 rather than cpuid leaf 4. This update uses cpuid leaf 4 where possible, resolving this issue.

BZ# 689471

The strncmp method failed with a segmentation fault when used with Supplemental Streaming SIMD Extension 4 (SSE4). Several checks have been implemented to prevent this.

Enhancements

BZ# 601686

Several aspects of glibc code have been optimized for Supplemental Streaming SIMD Extension (SSE), including memcpy() , strcasecmp() , strnlen() , strcasestr() and strncasestr() .

BZ# 615090

Details about the MALLOC_PERTURB_ (M_PERTURB) operation, which can be used to debug the use of uninitialized or freed heap memory, have been added to the documentation.

BZ# 676076

Support for forthcoming AMD processors has been added to glibc 's memset operation. All users of glibc are advised to upgrade to these updated packages, which resolve these issues.

1.75.2. RHBA-2011:1179 — glibc bug fix update

Updated glibc packages that resolve several issues are now available for Red Hat Enterprise Linux 6. The glibc packages contain the standard C and the standard math libraries. These libraries are used by multiple programs on the system, and without these libraries, the Linux system cannot function properly.

Bug Fixes

BZ# 712125

Under certain circumstances, a threaded process could have been granted incomplete group membership of the user which was running the process. This was caused by glibc using its default method for group membership determination, which led to a situation in which multiple threads interfered with each other while attempting to retrieve information simultaneously. Due to the nature of the group membership determination method used, each thread ended up with a different subset of the entire result set. With this update, the group membership determination method has been modified to precede this interference.

BZ# 712407

When a process corrupted its heap, the malloc() function could have entered a deadlock situation while building up an error message string. This caused the process unresponsive. With this update, the code has been modified to use the mmap() function to allocate memory for the error message. This workaround ensures that the malloc() deadlock no longer occurs when allocating memory for an error message when the corrupted process heap is detected, and such a process is now normally aborted.

BZ# 712411

Prior to this update, the Name Service Caching Daemon (nscd) did not clear the host cache effectively when repopulating its values. The code has been modified to schedule nscd cache pruning more accurately.

BZ# 715387

Previously, nscd did not take into consideration time-to-live (TTL) parameters for the DNS records it was caching. With this update, the code has been modified so that nscd now respects TTL parameters when it answers requests for DNS records. All users of glibc are advised to upgrade to these updated packages, which resolve these issues.

1.76. gnome-panel

1.76.1. RHBA-2011:0710 — gnome-panel bug fix and enhancement update

Updated gnome-panel and libwnck packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The GNOME panel provides the window list, workspace switcher, menus, and other features for the GNOME desktop. libwnck allows applications to monitor information about open windows, workspaces, their names/icons, and so forth.

Bug Fixes

BZ# 607665

Previously, when a user connected two monitors to a computer and set the GNOME Panel to show hide buttons, the panel did not hide but moved to the adjacent monitor instead. This bug has been fixed, moving the panel to the adjacent monitor no longer takes place.

BZ# 633853

Previously, there was the untranslated text label "Top Panel" in the GNOME Panel's "Add to Panel" dialog. The problem applied to all non-English locales. The problem has been resolved so that the untranslated text label does not appear anymore in the "Add to Panel" dialog.

BZ# 633870

Previously, there was a conflicting accelerator key in the GNOME Panel's Date/Time context menu under the kn_IN locale. The fix for this bug has been provided so that there is no more a conflicting accelerator key in the Date/Time context menu.

Enhancements

BZ# 509061 , BZ# 673231

When windows were grouped by the GNOME Panel in the taskbar, they were grouped in an alphabetical order. Such behavior presented a problem when window title changed. This release introduces an option to disable grouping window alphabetically. The fix to enable the option has been applied both in the gnome-panel and the libwnck package.

BZ# 585312

Previously, when an external monitor was connected to a computer, a user was able to move a panel between monitors by pressing the Alt key and dragging a blank area of the panel. This update introduces an enhancement in that the user can now change the settings with regard to moving the panel between monitors in the GNOME Panel "Properties" dialog. All users requiring gnome-panel and libwnck should upgrade to these updated packages, which resolve these issues and add these enhancements.

1.77. gnome-power-manager

1.77.1. RHBA-2011:0722 — gnome-power-manager bug fix update

Updated gnome-power-manager packages that fix several bugs are now available. GNOME Power Manager uses the information and facilities provided by HAL to display icons and handle user callbacks in an interactive GNOME session.

Bug Fixes

BZ# 581525

Previously, the Help page for GNOME Power Manager was not displayed when users pressed F1 or selected Help from the menu bar. This has been corrected and the Help page now appears as expected.

BZ# 623674

The "do nothing" option, which allowed users to work on external monitors even when their laptop lid was closed, was removed. This prevented users from using external monitors while their laptop was closed. The "do nothing" option has been reinstated to allow this.

BZ# 624422

A bug in the docbook2man tool caused the GNOME Power Manager man page (man gnome-power-manager) to appear incorrectly. The man page has been manually corrected while this bug is in effect.

BZ# 640296

When an attempt to hibernate failed, an alert was displayed prompting users to check a help file. However, there was no link to the help file, which caused confusion. The alert no longer refers to the help file. All users of GNOME Power Manager are advised to upgrade to these updated packages, which resolve these issues.

1.78. gnome-terminal

1.78.1. RHBA-2011:0700 — gnome-terminal bug fix update

Updated gnome-terminal packages that fix one bug are now available for Red Hat Enterprise Linux 6. Gnome-terminal is a terminal emulator for GNOME. It supports translucent backgrounds, opening multiple terminals in a single window (tabs) and clickable URLs.

Bug Fix

BZ# 669113

Changes made to check boxes in the search dialog were not reflected in the terminal engine (vte). This led to confusion and wrong functionality. Problem has been fixed and users should get expected behaviour. All gnome-terminal users are advised to upgrade to these updated packages, which fix this bug.

1.79. gpxe

1.79.1. RHBA-2011:0694 — gpxe bug fix update

Updated gpxe packages that fix two bugs are now available for Red Hat Enterprise Linux 6. The gpxe packages provide an open source Preboot Execution Environment (PXE) implementation and bootloader. gPXE also supports additional protocols such as DNS, HTTP, iSCSI and ATA over Ethernet.

Bug Fixes

BZ# 661840

Devices that did not allow interrupts or required polling were not supported by gPXE UNDI code. This meant that booting did not work when using gPXE images on bare metal with some NICs, such as Emulex 10g. This patch allows the gPXE UNDI code to use polling for underlying devices that do not support interrupts. As a result it is now possible to use gPXE images to boot bare metal hosts using UNDI where it was not possible in some cases.

BZ# 672529

Virtual Machines (VM) with virtIO NIC could not access the PXE server, reaching a time out. This was because even though the VM could get an IP address from the DHCP server, it could not reach its own default gateway. The ARP requests that the VM sends were too large and thus not valid, so the default gateway did not answer those ARP requests. A patch has been added that sets the size of the transmitted Ethernet frame to header + data length, allowing the VM to boot via PXE. All gPXE users are advised to upgrade to these updated packages, which fix these bugs.

1.80. grub

1.80.1. RHEA-2011:0633 — grub enhancement update

An updated grub package that adds two enhancements is now available for Red Hat Enterprise Linux 6. The GRUB utility is responsible for booting the operating system kernel.

Enhancements

BZ# 553741

Prior to this update, GRUB only supported the MD5 password encryption. This update introduces support for the SHA-2 cryptographic algorithms, allowing users to encrypt passwords using SHA-256 and SHA-512 hash functions as well.

BZ# 654869

GRUB has been updated to allow booting from disk drives with 4KB sector size on UEFI systems. All users of grub are advised to upgrade to this updated package, which adds these enhancements.

1.80.2. RHBA-2011:1476 — grub bug fix update

An updated grub package that fixes one bug is now available for Red Hat Enterprise Linux 6. The GRUB utility is responsible for booting the operating system kernel.

Bug Fix

BZ# 742976

An attempt to install GRUB on a CCISS device may have caused the grub-install utility to report the following error: expr: non-numeric argument When this happened, grub-install failed to install GRUB on this device, but incorrectly reported success and returned a zero exit status. This update applies a patch that ensures that GRUB can now be successfully installed on such devices. All users of grub are advised to upgrade to this updated package, which fixes this bug.

1.81. gtk2

1.81.1. RHBA-2011:0693 — gtk2 bug fix update

Updated gtk2 packages that fix two file chooser bugs and two translation problems are now available for Red Hat Enterprise Linux 6. GTK+ is a multi-platform toolkit for creating graphical user interfaces.

Bug Fixes

BZ# 647922

In the "Open Files" dialog box, the file selected by default failed to be opened upon hitting Enter if the "Location" field was displayed. Users had to select the file manually to actually open it. This update provides a fix to address this issue and the file selected by default now opens correctly.

BZ# 647923

The "Open Files" dialog box failed to show contents of the directory selected by default upon hitting Enter if the "Location" field was displayed. Users had to select the directory manually to actually show its contents. This update provides a fix for this issue and the directory selected by default now shows its contents correctly.

BZ# 625440

There was a typo in the Marathi (mr_IN) and Telugu (te_IN) translations. Erroneous "calender:MY" string was part of those translations. This update provides corrected translations.

BZ# 636476

There was an inconsistency in the Guarati (gu_IN) translation. In ibus's Language Selection Tab, titles for "Up" and "Down" buttons and help labels at the bottom of the dialog box did not match. This update provides an updated translation. Users should upgrade to these updated packages, which resolve these issues.

1.82. gvfs

1.82.1. RHBA-2011:0536 — gvfs bug fix and enhancement update

Updated gvfs packages that fix multiple bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. GVFS is the GNOME desktop's virtual file system layer, which allows users to easily access local and remote data, including via the FTP, SFTP, WebDAV, CIFS and SMB protocols, among others. GVFS integrates with the GIO (GNOME I/O) abstraction layer.

Bug Fixes

BZ# 616145

A flaw in the GVFS client code prevented D-Bus communications from being parsed correctly. Due to this problem, Nautilus became unresponsive when the user attempted to view Trash if a folder with an attached emblem was moved to Trash. This update corrects an error in the enumeration code which resolves this problem. Now, Nautilus no longer becomes unresponsive in such cases.

BZ# 616838

Previously, an unused file descriptor was not closed after a fork. Due to this behavior, SELinux prevented /usr/bin/ssh access to the leaked /dev/ptmx file descriptor. This update closes the leaked file descriptor. Now, SELinux alerts no longer appear.

BZ# 636540

Previously, the gnome-disk-utility packages did not reflect current version requirements. Due to this lack, potential problems could arise with custom compiled packages. This update requires the correct version of gnome-disk-utility packages.

BZ# 645630

Previously, the gvfsd-archive command was unexpectedly aborted when the user attempted to mount an archive file a second time. This update changes the way the gvfsd-archive backend is finalized. Now, gvfsd-archive no longer aborts when the same archive files are mounted for the second time.

BZ# 667367

Running the "gvfs-mkdir --help" command caused "--delete-files" to appear instead of "--create-directories". This update fixes the gvfs-mkdir command's help output so that the correct options are displayed.

Enhancement

BZ# 624795

Previously, snapshots from the Network File System (NFS) mounted home directories located on Network Appliance (NetApp) filers were treated as real mounts and were displayed on the desktop. This behavior could cause confusion. This update checks and hides mounts with a path element starting with a dot. With this update, these mounts are hidden. Now, snapshot directories are no longer shown in the GUI. To apply this enhancement, the updated glib2 packages must be installed as well. Users of GVFS are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

1.83. hal

1.83.1. RHBA-2011:0724 — hal bug fix update

An updated hal package that fixes two bugs is now available for Red Hat Enterprise Linux 6. HAL is daemon for collecting and maintaining information from several sources about the hardware on a system.

Bug Fixes

BZ# 576048

Previously, the init script for hald did not parse a config file in /etc/sysconfig. This meant that the only way to pass extra parameters to the hald was to start them manually without the init script, or to modify the line that launches hald in the init script itself. This update changes the startup script to parse a config file in /etc/sysconfig for extra configuration parameters.

BZ# 676618

When checking hal-device on a device that did not exist, an error in dbus/hal communication was displayed. In this update, hal no longer tries to close shared DBus connections, and therefore avoids printing a warning. Users are advised to upgrade to this updated hal package, which resolves these issues.

1.84. hivex

1.84.1. RHBA-2011:0588 — hivex bug fix and enhancement update

Updated hivex packages that fix a bug and add an enhancement are now available for Red Hat Linux 6. Hive files are undocumented binary blobs that Windows uses to store the Windows Registry on the disk. Hivex is a library that can read and write to these files.

Bug Fix

BZ# 657017

Due to a problem with the Perl hivex bindings in the spec file, rebuilding of source packages could have failed if compiled from the source RPM. With this update, the issue no longer occurs.

Enhancement

BZ# 642631

The hivex package was updated to the upstream version 1.2.3. This enhancement provides several stability improvements. All hivex users are advised to upgrade to these updated hivex packages, which resolve this issue and add this enhancement.

1.85. hplip

1.85.1. RHBA-2011:0574 — hplip bug fix update

Updated hplip packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP) which provides drivers for Hewlett-Packard printers and multi-function peripherals.

Bug Fixes

BZ# 608003

Previously, certain Python scripts used the interpreter line "#!/usr/bin/env python". Due to this issue, these scripts used an incorrect version during the execution. With this update, the interpreter line is changed and uses the path /usr/bin/python.

BZ# 613707

Previously, the license text was missing. This update adds the license text to the hplip-common sub-package.

BZ# 616569

Previously, the hp-toolbox utility failed to add new printers due to incorrect handling of CUPS authentication in the cupsext Python extension. This update corrects the handling. Now, new printers can be added successfully.

BZ# 633899

Previously, the CUPS Web Interface button, displayed in hp-toolbox when no connected devices were shown, led to an incorrect URL. This update corrects this URL so that there is no error message shown.

BZ# 652255

This update upgrades HPLIP to the current version to allow support for a wider range of HP printers. All HPLIP users are advised to upgrade to these updated packages, which fix these bugs.

1.86. httpd

1.86.1. RHSA-2011:1245 — Important: httpd security update

Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below. The Apache HTTP Server is a popular web server.

Security Fix

CVE-2011-3192

A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

1.86.2. RHSA-2011:1391 — Moderate: httpd security and bug fix update

Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The Apache HTTP Server is a popular web server.

Security Fixes

CVE-2011-3368

It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

CVE-2011-3348

It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. Red Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue.

Bug Fix

BZ# 736592

The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

1.86.3. RHBA-2011:0706 — httpd bug fix update

Updated httpd packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. The Apache HTTP Server is a popular web server.

Bug Fixes

BZ# 631849

Due to a bug in the filter initialization process, filters configured using the mod_filter module were not handled correctly if a "sub-request" took place. For example, using the "FilterChain" directive to configure the "DEFLATE" compression filter with a Server-Side-Include page could result in pages which were only partially compressed. With this update, filters used with mod_filter operate correctly.

BZ# 657480

If arguments passed to the ab benchmarking program triggered a memory allocation failure, ab could terminate unexpectedly with a segmentation fault. With this update, the memory allocation failure is now trapped earlier, and the program exits gracefully with an error message. (BZ# 645846 ) * When executing the "service httpd stop" command, a 10-seconds timeout is used before terminating the httpd parent process in case of error. If this timeout was insufficient, resources did not allow the parent process to terminate cleanly and could be leaked. This update introduces the "STOP_TIMEOUT" environment variable, which can be used in the /etc/sysconfig/httpd configuration file to change the timeout. This can be used to allow a longer delay and fix resource leaks if the httpd parent is slow to terminate.

BZ# 676635

When configuring the httpd service, using a mod_ldap directive in the "VirtualHost" container caused the HTTP server to stop caching requests to a directory server. This update applies a patch that corrects this error, and the use of mod_ldap directives in the "VirtualHost" context no longer prevents the httpd service from caching LDAP requests.

BZ# 676831

Prior to this update, an attempt to use configuration with multiple virtual hosts sharing the same ID and private key file could prevent the httpd service from starting with an error message written to the error_log file. With this update, the underlying source code has been modified to address this issue, and the httpd service now starts as expected.

BZ# 679476

When using the prefork Multi-Processing Module (MPM), children processes with persistent connections (that is, with the "KeepAlive" directive set to "On") kept processing new requests even when a graceful restart had been issued. This update applies a patch that corrects this error, and children processes with the persistent connections no longer process new requests when a graceful restart is requested.

BZ# 684144

Previously, an attempt to start the httpd service with the mod_ssl module in FIPS mode failed. With this update, an upstream patch has been applied to implement support for the FIPS mode in the mod_ssl module, and httpd no longer fails to start. All users of httpd are advised to upgrade to these updated packages, which fix these bugs.

1.87. hwdata

1.87.1. RHEA-2011:0701 — hwdata enhancement update

An updated hwdata package that adds various enhancements is now available for Red Hat Enterprise Linux 6.1. The hwdata package contains tools for accessing and displaying hardware identification and configuration data.

Enhancements

BZ# 662673

The pci.ids database has been updated to include the information about the MegaRAID SAS Thunderbolt device.

BZ# 633837

The pci.ids database has been updated to include the information about the Matrox IMMv2 management controller and integrated MatroxG200eR video controller. Users of hwdata are advised to upgrade to this updated package, which adds these enhancements.

1.88. ibus

1.88.1. RHBA-2011:0518 — ibus bug fix update

Updated ibus packages that fix various bugs are now available for Red Hat Enterprise Linux 6. The IBus (Intelligent Input Bus for Linux OS) package is an input method platform.

Bug Fixes

BZ# 651915

ibus-x11 displayed at the incorrect window position and did not follow xterm for X11 applications in big endian 64-bit machines such as ppc64 and s390x. This was caused by the call_data->ic_attr[i].value being able to support only CARD32 data (32-bit) while the problematic machines were 64-bit machines. The code was changed to support 64-bit machines, thus ibus now works as expected.

BZ# 633330

ibus displayed incorrect text for the "up" and "down" buttons for the Kannada translation. The translated text was corrected, thus now the buttons display the correct translated text.

BZ# 635541

ibus displayed inconsistent translations on "up" and "down" buttons compared to text at the bottom of the window referring to "up" and "down" buttons for the Gujarati translation. Translation was amended for consistency and the button text and descriptive text at the bottom of the window are now the same. Users of ppc64, s390x machines, Gujarati, and Kannada, are advised to upgrade to these updated packages, which resolve these issues.

1.89. ibus-chewing

1.89.1. RHBA-2011:0737 — ibus-chewing bug fix update

An updated ibus-chewing package that fixes a bug is now available for Red Hat Enterprise Linux 6. IBus-chewing is an IBus front-end of Chewing, an intelligent Chinese input method for Zhuyin (BoPoMoFo) users.

Bug Fix

BZ# 627794

Previously, the IBus-chewing did not specify the rank parameter for the zh-TW locale in the input engine description file. This caused the IBus tool not to provide any default input method engine for the locale. This update adds the input method engines to the chewing.xml file and ibus-chewing is selected as the default input method for zh_TW users. All users of ibus-chewing are advised to upgrade to this updated package, which resolves this issue.

1.90. ibus-hangul

1.90.1. RHBA-2011:0538 — ibus-hangul bug fix update

An updated ibus-hangul package that fixes one bug is now available for Red Hat Enterprise Linux 6. The ibus-hangul package is a Korean language input engine platform for the IBus input method (IM).

Bug Fix

BZ# 610075

Previously, preedit was not restored when the candidate window was restored while focusing in. Due to this behavior, the candidate window remained open after focus changes. This update resolves this issue with a change in the code. Now, the candidate window is hidden as expected. Users who require Korean language input are advised to upgrade to this updated package, which fixes this bug.

1.91. ibus-m17n

1.91.1. RHBA-2011:0539 — ibus-m17n bug fix update

An updated ibus-m17n package that resolves several bugs is now available. The ibus-m17n is a multilingual input engine for the IBus input method platform.

Bug Fixes

BZ# 641243

When a new user and language were selected during login, ibus-m17n did not load all input methods provided for that language; only one input method was loaded and marked for use as the default input method. The user had to manually search for and add any other input methods that they wanted to use. All input methods for a given language are now loaded upon login, and can be accessed from the ibus-m17n Preferences tab.

BZ# 652201

ibus-m17n did not recognize the AltGr (ISO Level 3 Shift) key as a virtual modifier key, making it impossible to input the Rupee Symbol (U+20B9) with an Indic Keyboard. The AltGr key is now recognized by ibus-m17n. All users of ibus-m17n are advised to upgrade to this updated package, which resolves these issues.

1.92. ibutils

1.92.1. RHBA-2011:0814 — ibutils bug fix update

Updated ibutils packages that resolve an issue are now available for Red Hat Enterprise Linux 6. The ibutils package provides InfiniBand network and path diagnostics.

Bug Fix

BZ# 695204

Previous releases of the ibutils package were not built for the PowerPC 64-bit architecture. This has been fixed and the ibutils package is now built for the PowerPC 64-bit architecture as well. All users of ibutils are advised to upgrade to these updated packages, which resolve this issue.

1.93. icedtea-web

1.93.1. RHSA-2011:1100 — Moderate: icedtea-web security update

Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.

Security Fixes

CVE-2011-2514

A flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.

CVE-2011-2513

An information disclosure flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application or Java applet could use this flaw to determine the path to the cache directory used to store downloaded Java class and archive files, and therefore determine the user's login name. All icedtea-web users should upgrade to these updated packages, which contain backported patches to correct these issues.

1.93.2. RHSA-2011:1441 — Moderate: icedtea-web security update

Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.

Security Fix

CVE-2011-3377

A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.

1.94. im-chooser

1.94.1. RHBA-2011:0666 — im-chooser bug fix update

An updated im-chooser package that fixes a bug is now available for Red Hat Enterprise Linux 6. im-chooser is a GUI configuration tool to choose the Input Method to be used or disable Input Method usage on the desktop.

Bug Fix

BZ# 634146

The im-chooser window was not re-sizable. This caused the title bar text to run into the right-hand close box in some locales. With this update, the im-chooser window is now re-sizable, ensuring the title bar text displays properly no matter the current locale. All im-chooser users are advised to upgrade to this updated package, which resolves this issue.

1.95. imsettings

1.95.1. RHBA-2011:0521 — imsettings bug fix update

Updated imsettings packages that fix a bug are now available for Red Hat Enterprise Linux 6. The imsettings packages provide a library and command line tools to configure and control input-methods settings. Users normally access it through the "im-chooser" GUI tool.

Bug Fix

BZ# 616061

It was not possible to turn off the GTK XIM input-method module from imsettings. As a consequence, users were unable to enter Unicode characters using the Ctrl+Shift+U shortcut. With this update, the default GTK input-method is restored to gtk-im-context-simple, which allows Unicode input with the shortcut. Now only desktop locales that normally need X locale compose default to using the GTK XIM input-method module. Users of imsettings should upgrade to these updated packages, which fix this bug.

1.96. initscripts

1.96.1. RHBA-2011:0647 — initscripts bug fix and enhancement update

An enhanced initscripts package that fixes various bugs and provides an enhancement is now available for Red Hat Enterprise Linux 6. The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly.

Bug Fixes

BZ# 558575

Previously, initscripts used quoted strings as values following the =~ operators and the strings were thus matched as literal strings. However, they should be matched as regular expressions. With this update, the quotes were dropped and the strings are matched as regular expressions as expected.

BZ# 598850

Previously, some systems failed to access the harware clock on system shutdown. This happened because the shutdown script ran the hwclock tool, which attempted to access the /dev/rtc device even if it did not exist. With this update, initscripts verifies if the /dev/rtc device exists before attempting to run the hwclock tool.

BZ# 612934

The ifdown command could have failed to stop an NIC (Network Interface Controller) with a warning that the connection was unknown. This happened because, in some cases, the function, which verifies whether the NIC is managed by NetworkManager, returned an incorrect result. With this update, the function returns the correct result and the ifdown command stops the NIC correctly.

BZ# 620461

Previously, if there was a bind mount for the / directory, the system could have failed to remount the root directory as a read-only file system on shutdown. This occurred because the script attempted to remount the defined bind mount instead of the root directory. With this update, the root directory is remounted successfully.

BZ# 629257

Previously, a conflict between the sulogin tool and the login shell could have prevented the user from entering the root password in single-user mode. This occurred when switching from runlevel 3 because the login shell was not terminated and attempted to accept the input for the sulogin tool. With this update, the tty.conf and serial.conf files have been modified to have the login shell stopped when changing to runlevels S and the problem no longer occurs.

BZ# 632584

On interactive startup, in some locals, the shortcut of the Continue key in the respective language did not work. This occurred due to an error in the local po files. With this update, the po files have been updated and the shortcuts work as expected.

BZ# 633984

Previously, the network service did not support configurations with multiple IP addresses with the new syntax (IPADDRESSn/PREFIXn). This caused conflicts between network configurations set with the network service and network configurations set with the NetworkManager tool. With this update, the network service supports the configurations with multiple IP addresses with the new syntax and the conflicts no longer occur.

BZ# 634996

Previously, the tty.conf file contained a comment with a typographical mistake ( "sepcified" ). With this update, the word is spelled correctly ( "specified" ).

BZ# 635360

Previously, the system was not able to create a logical network with the VLAN (virtual local area network) tag value 0 . With this update, this tag value is allowed.

BZ# 637058

Previously, the /etc/sysconfig/clock file did not document where the user can configure whether the hwclock tool should be using the local time or UTC (Coordinated Universal Time). This update adds comments documenting the setting location into the sysconfig.txt file.

BZ# 645861

Previously, the /etc/ppp/ipv6-up and /etc/ppp/ip-up.ipv6to4 scripts used the incorrect alias ipv6_exec_ip and failed to bring up the routes. This update modifies the scripts so that they uses the ip command and the routes are now brought up as expected.

BZ# 648966

For IPoIB (IP over InfiniBand) child interfaces, the value of the DEVICETYPE variable was calculated incorrectly. This happened because the calculation preserved the period ( . ) sign in the device name. This could have caused failure of the ifup-ib and ifdown-ib scripts. With this update, DEVICETYPE is resolved correctly.

BZ# 654101

On shutdown, the system tried to deactivate the sit IPv6 over IPv4 tunnel device even though it was not active. With this update, the system verifies if the device is active before attempting to shut it down.

BZ# 658138

Previously, the kexec-disable script was run when switching to runlevel 1. Because the kdump service is disabled in runlevel 1, the script freed the memory reserved for kdump . After the user changed from runlevel 1 to runlevel 3, which has kdump enabled, the system had set reserved memory size to 0 and kdump failed to start up. With this update, the kexec-disable job is no longer run in runlevel 1.

BZ# 660036

Previously, all architectures used identical shmmax (maximum size of a shared memory segment) and shmall (maximum size of the total shared memory) values. However, the values vary depending on the system architecture. This update provides the settings of these values for various architectures.

BZ# 664051

Previously, various errors occurred when some devices were inserted (for example, PCI network card). This happened because the biodevname tool assigned them interface names containing hash ( # ) signs, which were forbidden in such names. With this update, interface names can contain hash ( # ) signs and the problem no longer occurs.

BZ# 667211

Previously, initscripts did not distinguish between the period ( . ) signs used by the sysctl device, which were delimiting the paths, and the period ( . ) signs used by VLANs, which were delimiting IDs. This caused that all sysctl calls to the VLAN interfaces failed. With this update, when calling a sysctl device, initscripts substitutes the periods in its name with forward slash ( / ) signs and the sysctl calls to a VLAN interface succeed.

BZ# 669110

Previously, a slave network interface of a bonded interface failed to start if it defined the setting MASTER in double quotes (for example, as "bond0" ). With this update, the respective scripts have been adapted to parse the value definition correctly even if double-quoted.

BZ# 670154

The ifdown command could have failed to stop a bridge device with a warning that the connection was unknown. This happened because the function, which verified whether the device is managed by NetworkManager , returned an incorrect result. With this update, the function returns a correct result and the ifdown command stops the bridge device correctly.

BZ# 674397

Section 8 of the sys-unconfig manual page contained various typographical mistakes. With this update, the man page is updated and the mistakes are corrected.

BZ# 676708

Previously, a name of a VLAN interface had to start with the eth prefix followed by digits. If the user provided a name, which did not follow these requirements, the interface could not be started or stopped. With this update, the user can provide a custom name and the interface can be operated correctly.

BZ# 696110

Previously, the netfs startup script attempted to run the mdadm tool always when the /etc/mdadm.conf file existed and could have failed if mdadm was not installed. With this update, the script first verifies if the mdadm tool is installed and only then runs its binary.

BZ# 682879

The system could have failed to unmount the NFS (Network File System) shares on shutdown. This occurred because the system failed to unmount the NFS shares if they were in use. With this update, the unmouting of NFS shares on shutdown has been updated and the NFS shares are unmounted successfully even if in use.

Enhancement

BZ# 633323

With this update, the IBM System z profile was updated to allow an optimized performance setting for System z. All users are advised to upgrade to this updated package, which fixes these bugs and provides this enhancement.

1.97. iok

1.97.1. RHBA-2011:0555 — iok bug fix update

An updated iok package that fixes a bug is now available for Red Hat Enterprise Linux 6. iok is an Indic on-screen virtual keyboard that supports the Assamese, Bengali, Gujarati, Hindi, Kannada, Marathi, Malayalam, Punjabi, Oriya, Sindhi, Tamil and Telugu languages. Currently, iok works with Inscript and xkb keymaps for Indian languages, and is able to parse and display non-Inscript keymaps as well.

Bug Fix

BZ# 636756

The file that contains the Oriya translations for iok contained some entries with Latin text appended to the Oriya text. The Latin text caused the key size to increase, thus the keyboard became too large to fit in the display area. The Latin text has now been removed from the Oriya translation, causing the Oriya keyboard and keys size to conform to other languages. Users are advised to upgrade to this updated iok package, which resolves this issue.

1.98. ipa

1.98.1. RHBA-2011:1314 — ipa bug fix update

Updated ipa packages that fix a bug are now available for Red Hat Enterprise Linux 6. Red Hat Enterprise Identity (IPA) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS.

Bug Fix

BZ# 729805

Prior to this update, GSSAPI credential delegation was disabled in the curl utility due to a security issue. As a result, applications that rely on delegation did not work properly. This update utilizes a new constructor argument in the xmlrpc-c client API to set the new CURLOPT_GSSAPI_DELEGATION curl option. This option enables the credential delegation, thus fixing this bug. Users of ipa are advised to upgrade to these updated packages, which fix this bug.

1.98.2. RHBA-2011:0865 — ipa bug fix update

Updated ipa packages that fix several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Enterprise Identity (IPA) is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of IPA servers to meet the authentication and identity management requirements of the large scale Linux and Unix deployments.

Bug Fixes

BZ# 709329

When an IPA server was installed and then a replica package for a replica server was generated, the installation of the replica server failed. With this update, the installation process waits for the 389DS (389 Directory Server) tasks to complete before restarting the server, fixing this bug.

BZ# 709330

Previously, the ipa service was not enabled via the chkconfig tool during the installation of a replica server. Subsequently, when the replica server was restarted, the ipa service was not started. With this update, replica servers are properly configured to start on boot.

BZ# 709331

After a replica server was installed, the Managed Entries were not properly configured on replica servers. Subsequently, users had to manually add the configuration using the ldapmodify tool after the replica installation, and then restart the services with the "ipactl restart" command. This bug has been fixed and the configuration is now automatically added as expected.

BZ# 709332

When a new reverse zone was created via the ipa-replica-prepare script, the wrong DNS entry was updated, which eventually caused an installation of a replica server to fail. This bug has been fixed and when the named service is restarted after a replica package has been created, the correct DNS entries are now set up for an installation of a replica server. All users of ipa are advised to upgrade to these updated packages, which fix these bugs.

1.99. ipmitool

1.99.1. RHEA-2011:0775 — ipmitool enhancement update

An enhanced ipmitool package is now available for Red Hat Enterprise Linux 6. The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface specification (IPMI). IPMI is an open standard for machine health, inventory, and remote power control.

Enhancements

BZ# 631649

The update adds the "delloem" command extensions for Dell OEM hardware, which provide support for Peripheral Component Interconnect Express (PCIe) solutions, LCD setting on panel, NIC setting, and power monitoring. This update also provides manual pages for the "delloem" command extensions.

BZ# 663793

This update integrates the Linux Multiple Device (MD) driver with ipmitool to indicate SES (SCSI enclosure services) status and drive activities for PCIe SSD based solutions. Users of ipmitool are advised to upgrade to this updated package, which adds these enhancements.

1.100. iproute

1.100.1. RHBA-2011:0757 — iproute bug fix and enhancement update

Updated iproute packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The iproute packages contain networking utilities designed to use the advanced networking capabilities of the Linux kernel.

Bug Fix

BZ# 636943

If the "ip" command was used to create a veth device pair, and the "peer" parameter was specified but the "name" parameter was not used, a segmentation fault occurred. The "name" parameter was an unnecessary requirement for this operation. The need for this parameter has been removed and the command now works as expected.

BZ# 641918

The ss man page contained a reference to a nonexistent file. This reference has been updated with the correct file location.

BZ# 678986

Previously, attempting to flush a secondary device with "ip secondary" would fail. This issue has now been corrected and secondary devices are flushed as expected.

Enhancement

BZ# 670295

Support for adding, deleting, and modifying security contexts or security labels in ipsec policies has been added to the "ip xfrm" command. All users of iproute are advised to upgrade to these updated packages, which correct these issues and add this enhancement.

1.101. iprutils

1.101.1. RHEA-2011:0643 — iprutils enhancement update

An updated iprutils package that adds an enhancement is now available for Red Hat Enterprise Linux 6. The iprutils package provides utilities to manage and configure SCSI devices that are supported by the "ipr" SCSI storage device driver.

Enhancement

BZ# 633328

The iprutils package has been updated to provide support for the 6Gb SAS RAID storage controller on 64-bit IBM POWER7. All users of iprutils are advised to upgrade to this updated package, which adds this enhancement.

1.101.2. RHBA-2011:1474 — iprutils bug fix update

An updated iprutils package that fixes multiple bugs is now available for Red Hat Enterprise Linux 6. The iprutils package provides utilities to manage and configure SCSI devices that are supported by the IBM Power RAID SCSI storage device driver.

Bug Fixes

BZ# 747621

Due to an incorrectly placed call of the sysfs_close_bus() structure in the iprlib code, some of the iprutils programs could terminate unexpectedly with a segmentation fault during their initialization. This problem has been corrected, and iprutils programs no longer crash.

BZ# 747621

The find_multipath_vset routine used the ARRAY_SIZE() macro to calculate the length of the SCSI device serial number. Previously, the length was calculated incorrectly, which could have led to false positives when looking for the corresponding vset. As a consequence, attempting to delete arrays failed: the target and the second array were set to be read/write protected, writing to both arrays was not possible, and the system had to be rebooted. To fix the problem, the IPR_SERIAL_NUM_LEN macro is now used instead of ARRAY_SIZE.

BZ# 747621

With the maximum number of devices attached to one of the new Silicon Integrated Systems (SiS) 64-bit adapters, the configuration data could have grown over the buffer size. With this update, the buffer size has been increased, which fixes the problem and ensures enough space for any possible future growth. All users of iprutils are advised to upgrade to this updated package, which fixes these bugs.

1.102. iptables

1.102.1. RHBA-2011:0557 — iptables bug fix and enhancement update

Updated iptables packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The iptables utility controls the network packet filtering code in the Linux kernel.

Bug Fixes

BZ# 590186

Previously, ip6tables did not support Portable Transparent Proxy Solution (TPROXY). Due to this lack, the IPv6 transparent proxy support was missing and IPv6 transparency was not available. This update adds this option.

BZ# 644273

Previously, the command "service iptables save" did not restore the context for the save file and the save backup file. It also used /tmp for the temporary file. Due to the wrong context of the save and save backup file, there could be an error the next time the save functionality is used. This update restores the context and also saves the temporary files correctly.

Enhancement

BZ# 642393

Previously, iptables did not support auditing. Due to this issue, information for remote address/port, target address/port, protocol, and result (success/fail) could not be recorded as an audit event. This update adds the required audit support. This enhancement depends on the presence of auditing support in the kernel. All iptables users are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

1.102.2. RHBA-2012:0336 — iptables bug fix update

Updated iptables packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support. The iptables utility controls the network packet filtering code in the Linux kernel.

Bug Fix

BZ# 786871

The option parser of the iptables utility did not correctly handle the "-m mark" and "-m conmark" options in the same rule. Therefore, the iptables command failed when issued with both options. This update modifies behavior of the option parser so that iptables now works as expected with the "-m mark" and "-m conmark" options specified. All users of iptables are advised to upgrade to these updated packages, which fix this bug.

1.103. iputils

1.103.1. RHBA-2011:0546 — iputils bug fix update

An updated iputils package that fixes various bugs is now available for Red Hat Enterprise Linux 6. The iputils package contains basic utilities for monitoring a network, including ping.

Bug Fixes

BZ# 630022

The ping and ping6 commands were previously not compiled as position independent executables (PIE). In this update, they are now built as PIE executables.

BZ# 671579

Previously, the tracepath6 program that is included in the iputils package failed to resolve a target when using the "-n" option and a hostname as the target. The fix for this problem has been provided so that tracepath6 now works as expected.

BZ# 688332

Previously, when the rdisc utility that is included in the iputils package was run on a system with an interface having two IP addresses assigned to the interface, an error was issued and rdisc failed to start. The bug has been fixed and the rdisc start failure no longer occurs. All iputils users should upgrade to this updated package, which resolves these issues.

1.104. irqbalance

1.104.1. RHBA-2011:0804 — irqbalance bug fix update

An updated irqbalance package that fixes one bug is now available for Red Hat Enterprise Linux 6. irqbalance is a daemon that evenly distributes IRQ load across multiple CPUs for enhanced performance.

Bug Fix

BZ# 630023

irqbalance was not previously built with PIE and RELRO enabled, as they were in Red Hat Enterprise Linux 5. In this update, irqbalance is built as a PIE executable and is using RELRO protection. Users of irqbalance are advised to upgrade to this updated package, which fixes this bug.

1.105. iscsi-initiator-utils

1.105.1. RHBA-2011:0733 — iscsi-initiator-utils bug fix and enhancement update

Updated iscsi-initiator-utils packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The iscsi package provides the server daemon for the Internet Small Computer System Interface (iSCSI) protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks.

Bug Fixes

BZ# 691902

When performing SendTargets discovery, the "iface" NIC binding was ignored. Instead, iscsiadm used the network device determined by the "route" command. SendTargets discovery now occurs through the NIC specified in the "iface" binding information.

BZ# 631821

If SendTargets discovery required multiple TEXT commands because of a long target list, iscsiadm did not set the Initiator Task Tag in compliance with RFC-3720 as published by the Internet Engineering Task Force. This issue has been fixed, and iscsiadm now sets the Initiator Task Tag correctly.

BZ# 634021

Attempting to reboot or shut down a system with a running iSCSI daemon caused the system to stop responding because iSCSI sessions remained running. All iSCSI sessions now shut down correctly, so no issues are encountered on shut down or reboot.

BZ# 689359

Previously, iSCSI did not work on the Broadcom NetXtreme II 1GbE Quad Port Copper Adapter (BCM57712) when connected to a Data Center Bridging-enabled (DCB-enabled) switch over VLAN. This occurred because VLAN tagging was set twice, once by uIP and once by the DCB firmware. This update corrects this issue with VLAN tagging.

BZ# 640115

The ISCSI_ERR_INVALID_HOST error event was not being handled correctly, leaving iSCSI sessions in memory when the iSCSI driver was attempting to shut down. This resulted in the driver failing to respond during shutdown of sessions that used the Broadcom NetXtreme II Network Adapter driver.

BZ# 593269

The iscsiadm and iscsid commands depended on files in /usr, but did not require that /usr was mounted when they were used. This resulted in failures without useful error messages when the user attempted to use these commands when /usr was not mounted. This issue has been corrected, and these failures no longer occur.

BZ# 658428

Starting or stopping the iSCSI service while accessing the root partition directly through an iSCSI disk could cause iSCSI to become unresponsive and incorrect status information to be reported. Attempting to stop the iSCSI service in this circumstance now warns that iSCSI cannot be shut down while Root is on an iSCSI disk, and all statuses are reported correctly.

BZ# 599539

The brcm_iscsiuio usage message displayed in response to the brcm_iscsiuio --help command contained two unsupported options: --foreground and --pid . The man page omitted five supported options: --debug , --help , -h , -p and --version . The unsupported options have been removed from the usage message, and all supported options have been added to the brcm_iscsiuio man page.

BZ# 599542

The iscsiadm usage message displayed in response to the iscsiadm --help command omitted 24 supported options. Additionally, the iscsiadm man page omitted one supported option ( --host ) and contained one unsupported option ( --info ). These errors have now been corrected.

BZ# 624437

iscsiadm did not accept host names or aliases as valid values for the --portal argument when in "node" mode. This resulted in failure, because iscsiadm expected the value returned during discovery as the value for --portal . iscsiadm now attempts to match a host name to the IP address returned during discovery, so this issue no longer occurs.

BZ# 688783

If debug message logging was disabled, the iSCSI daemon failed to set the socket priority according to the Data Center Bridging application priority setting, which resulted in packets being sent with the default priority incorrectly. Socket priority is now set based on the Data Center Bridging application priority setting in this situation.

Enhancements

BZ# 640340

When iscsiadm failed or exited incorrectly, it did not output useful error codes. Meaningful error codes now exist for these situations, and are described further in the iscsiadm man page.

BZ# 523492

Support for Data Center Bridging has been added to the iSCSI driver.

BZ# 635899

brcm_iscsiuio provides the ARP and DHCP functionality to offload iSCSI functionality. Support has been added for IPv6, VLAN, and several new Broadcom network cards. All users of iscsi-initiator-utils are advised to upgrade to these updated packages, which provide these bug fixes and add these enhancements.

1.106. iwl5000-firmware

1.106.1. RHBA-2011:0903 — iwl5000-firmware bug fix update

An updated iwl5000-firmware package that fixes a bug is now available for Red Hat Enterprise Linux 6. The iwl5000-firmware package provides the iwlagn wireless driver with the firmware it requires to function correctly with Intel Wireless WiFi Link 5000 series adapters. This update upgrades the iwl5000 firmware to upstream version 8.83.5.1, which provides a number of bug fixes over the previous version. (BZ# 709522 ) Users of iwl5000-firmware are advised to upgrade to this updated package which fixes this bug.

1.107. iwl6000-firmware

1.107.1. RHBA-2011:0549 — iwl6000-firmware bug fix update

An updated iwl6000-firmware package is now available for Red Hat Enterprise Linux 6. The iwl6000-firmware package provides the iwlagn wireless driver with the firmware it requires to function correctly with Intel Wireless WiFi Link 6000 series adapters. This update upgrades the iwl6000 firmware to upstream version 9.221.4.1, which provides a number of bug fixes over the previous version. (BZ# 568034 ) Users of wireless devices which use iwl6000 firmware are advised to upgrade to this updated package.

1.108. iwl6050-firmware

1.108.1. RHBA-2011:0551 — iwl6050-firmware bug fix update

An updated iwl6050-firmware package is now available for Red Hat Enterprise Linux 6. The iwl6050-firmware package provides the iwlagn wireless driver with the firmware it requires to function correctly with Intel Wireless WiFi Link 6050 series adapters. This update upgrades the iwl6050 firmware to upstream version 41.28.5.1, which provides a number of bug fixes over the previous version. (BZ# 663748 ) Users of wireless devices which use iwl6050 firmware are advised to upgrade to this updated package.

1.109. java-1.5.0-ibm

1.109.1. RHSA-2011:1478 — Critical: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

Security Fixes

CVE-2011-3545 , CVE-2011-3547 , CVE-2011-3548 , CVE-2011-3549 , CVE-2011-3552 , CVE-2011-3554 , CVE-2011-3556

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.109.2. RHSA-2011:1087 — Critical: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

Security Fixes

CVE-2011-0802 , CVE-2011-0814 , CVE-2011-0862 , CVE-2011-0865 , CVE-2011-0867 , CVE-2011-0871 , CVE-2011-0873

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP5 Java release. All running instances of IBM Java must be restarted for this update to take effect.

1.110. java-1.6.0-ibm

1.110.1. RHSA-2011:0938 — Critical: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

Security Fixes

CVE-2011-0802 , CVE-2011-0814 , CVE-2011-0862 , CVE-2011-0863 , CVE-2011-0865 , CVE-2011-0867 , CVE-2011-0868 , CVE-2011-0869 , CVE-2011-0871 , CVE-2011-0873

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9-FP2 Java release. All running instances of IBM Java must be restarted for the update to take effect.

1.111. java-1.6.0-openjdk

1.111.1. RHSA-2011:0856 — Critical: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.

Security Fixes

CVE-2011-0862

Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application.

CVE-2011-0871

It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing.

CVE-2011-0864

A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.

CVE-2011-0867

An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code.

CVE-2011-0868

An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D.

CVE-2011-0869

It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests.

CVE-2011-0865

A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

1.111.2. RHSA-2011:1380 — Critical: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.

Security Fixes

CVE-2011-3556

A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry.

CVE-2011-3557

A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges.

CVE-2011-3521

A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input.

CVE-2011-3544

It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions.

CVE-2011-3548

A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions.

CVE-2011-3551

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions.

CVE-2011-3554

An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges.

CVE-2011-3560

It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy.

CVE-2011-3389

A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection.

CVE-2011-3547

Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command. An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads.

CVE-2011-3558

A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash.

CVE-2011-3553

The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information.

CVE-2011-3552

It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

1.111.3. RHBA-2011:0632 — java-1.6.0-openjdk bug fix and enhancement update

Updated java-1.6.0-openjdk packages that fix various bugs and provide several enhancements are now available for Red Hat Enterprise Linux 6. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The java-1.6.0-openjdk package has been upgraded to upstream version 1.9.7, which provides a number of bug fixes and enhancements over the previous version. (BZ# 658208 )

Bug Fix

BZ# 659300

In Java GUI (graphical user interface) applications, placeholder characters were displayed when run in the Japanese locale. This happened because the fontconfig file defined a mapping to an unavailable font. With this update, the IPA or VLGothic fonts are mapped instead and Japanese characters are displayed correctly. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.

1.112. java-1.6.0-sun

1.112.1. RHSA-2011:1384 — Critical: java-1.6.0-sun security update

Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.

Security Fixes

CVE-2011-3389 , CVE-2011-3516 , CVE-2011-3521 , CVE-2011-3544 , CVE-2011-3545 , CVE-2011-3546 , CVE-2011-3547 , CVE-2011-3548 , CVE-2011-3549 , CVE-2011-3550 , CVE-2011-3551 , CVE-2011-3552 , CVE-2011-3553 , CVE-2011-3554 , CVE-2011-3555 , CVE-2011-3556 , CVE-2011-3557 , CVE-2011-3558 , CVE-2011-3560 , CVE-2011-3561

This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.

1.112.2. RHSA-2011:0860 — Critical: java-1.6.0-sun security update

Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.

Security Fixes

CVE-2011-0802 , CVE-2011-0814 , CVE-2011-0862 , CVE-2011-0863 , CVE-2011-0864 , CVE-2011-0865 , CVE-2011-0867 , CVE-2011-0868 , CVE-2011-0869 , CVE-2011-0871 , CVE-2011-0873

This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 26 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.

1.113. jss

1.113.1. RHBA-2011:0621 — jss bug fix update

Updated jss packages that fix two bugs are now available for Red Hat Enterprise 6. JSS is a Java binding to Network Security Services (NSS), which provides SSL/TLS network protocols and other security services in the Public Key Infrastructure (PKI) suite. JSS is primarily utilized by the Certificate Server.

Bug Fixes

BZ# 656094

With this update, JSS has been upgraded to upstream version 4.2.6, which provides a number of bug fixes over the previous version. This rebase is necessary to support the Certificate Server.

BZ# 676179

Previously, JSS did not release a PK11 slot. Due to this problem, a resource leak occurred and prevented NSS from shutting down because NSS detected that resources were still in use. This update corrects the resource leak and allows NSS to shutdown. All users of JSS are advised to upgrade to these updated packages, which fix these bugs.

1.114. kabi-whitelists

1.114.1. RHEA-2011:0797 — kabi-whitelists enhancement update

An updated kabi-whitelists package that adds two enhancements is now available for Red Hat Enterprise Linux 6. The kabi-whitelists package contains reference files documenting interfaces provided by the Red Hat Enterprise Linux 6 kernel that are considered to be stable by Red Hat kernel engineering, and safe for longer term use by third party loadable device drivers, as well as for other purposes.

Enhancements

BZ# 636975

This update removes the "blk_queue_ordered" and the "blk_queue_physical_block_size" symbols from the Red Hat Enterprise Linux 6.0 kernel ABI whitelists.

BZ# 682967

This update adds several newly approved interfaces to the kernel ABI whitelists. Note: It is not necessary to install the kabi-whitelists package in order to use Driver Updates. The kabi-whitelists package only provides reference files for use by those creating Driver Update packages, or for those who wish to enable support for verification of kernel ABI compatibility by installing the appropriate Yum plugin. Users of kabi-whitelists are advised to upgrade to this updated package, which adds these enhancements.

1.115. kdelibs

1.115.1. RHSA-2011:1364 — Moderate: kdelibs security and enhancement update

Updated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The kdelibs packages provide libraries for the K Desktop Environment (KDE).

Security Fix

CVE-2011-3365

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid.

Enhancement

BZ# 743951

kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. Users should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.

1.115.2. RHSA-2011:1385 — Moderate: kdelibs and kdelibs3 security update

Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).

Security Fix

CVE-2011-3365

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

1.116. kernel

1.116.1. RHBA-2012:1197 — kernel bug fix update

Updated kernel packages that fix two bugs are now available for Red Hat Enterprise Linux 6 Extended Update Support. The kernel packages contain the Linux kernel, the core of any Linux operating system. When an NTP server asserts the STA_INS flag (Leap Second Insert), the kernel starts an hrtimer (high-resolution timer) with a countdown clock. This hrtimer expires at end of the current month, midnight UTC, and inserts a second into the kernel timekeeping structures. A scheduled leap second occurred on June 30 2012 midnight UTC.

Bug Fixes

BZ# 840948

Previously in the kernel, when the leap second hrtimer was started, it was possible that the kernel livelocked on the xtime_lock variable. This update fixes the problem by using a mixture of separate subsystem locks (timekeeping and ntp) and removing the xtime_lock variable, thus avoiding the livelock scenarios that could occur in the kernel.

BZ# 847364

After the leap second was inserted, applications calling system calls that used futexes consumed almost 100% of available CPU time. This occurred because the kernel's timekeeping structure update did not properly update these futexes. The futexes repeatedly expired, re-armed, and then expired immediately again. This update fixes the problem by properly updating the futex expiration times by calling the clock_was_set_delayed() function, an interrupt-safe method of the clock_was_set() function. All users are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.

1.116.2. RHBA-2012:1310 — kernel bug fix and enhancement update

Updated kernel packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 6 Extended Update Support. [Updated 23 Oct 2012] This advisory has been updated with an accurate value of the clock drift for BZ#853951 (+/- 20 MHz). This update does not change the packages in any way. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Bug Fixes

BZ# 844943

Prior to this update, the find_busiest_group() function used sched_group->cpu_power in the denominator of a fraction with a value of 0. Consequently, a kernel panic occurred. This update prevents the divide by zero in the kernel and the panic no longer occurs.

BZ# 846830

Previously, the TCP socket bound to NFS server contained a stale skb_hints socket buffer. Consequently, kernel could terminate unexpectedly. A patch has been provided to address this issue and skb_hints is now properly cleared from the socket, thus preventing this bug.

BZ# 853255

Previously, when a server attempted to shut down a socket, the svc_tcp_sendto() function set the XPT_CLOSE variable if the entire reply failed to be transmitted. However, before XPT_CLOSE could be acted upon, other threads could send further replies before the socket was really shut down. Consequently, data corruption could occur in the RPC record marker. With this update, send operations on a closed socket are stopped immediately, thus preventing this bug.

BZ# 853951

When a PIT (Programmable Interval Timer) MSB (Most Significant Byte) transition occurred very close to an SMI (System Management Interrupt) execution, the pit_verify_msb() function did not see the MSB transition. Consequently, the pit_expect_msb() function returned success incorrectly, eventually causing a large clock drift in the quick_pit_calibrate() function. As a result, the TSC (Time Stamp Counter) calibration on some systems was off by +/- 20 MHz, which led to inaccurate timekeeping or ntp synchronization failures. This update fixes pit_expect_msb() and the clock drift no longer occurs in the described scenario.

Enhancement

BZ# 847731

This update adds support for the Proportional Rate Reduction (PRR) algorithms for the TCP protocol. This algorithm determines TCP's sending rate in fast recovery. PRR avoids excessive window reductions and improves accuracy of the amount of data sent during loss recovery. In addition, a number of other enhancements and bug fixes for TCP are part of this update. All users are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. The system must be rebooted for this update to take effect.

1.116.3. RHBA-2013:0240 — kernel bug fix update

Updated kernel packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Bug Fix

BZ# 891859

On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows 2012 server failed due to the fact that the Windows server contains support for the minor version 1 (v4.1) of the NFS version 4 protocol only, along with support for versions 2 and 3. The lack of the minor version 0 (v4.0) support caused Red Hat Enterprise Linux 6 clients to fail instead of rolling back to version 3 as expected. This update fixes this bug and mounting an NFS export works as expected. All users are advised to upgrade to these updated packages, which fix this bug. The system must be rebooted for this update to take effect.

1.116.4. RHSA-2011:0542 — Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update

Important

This update has already been released as the security errata RHSA-2011:0542 Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the first regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes

* Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. ( CVE-2011-1494 , CVE-2011-1495 , Important) * A flaw was found in the Linux kernel's Ethernet bonding driver implementation. Packets coming in from network devices that have more than 16 receive queues to a bonding interface could cause a denial of service. ( CVE-2011-1581 , Important) * A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). ( CVE-2010-4251 , Moderate) * A flaw was found in the Linux kernel's Transparent Huge Pages (THP) implementation. A local, unprivileged user could abuse this flaw to allow the user stack (when it is using huge pages) to grow and cause a denial of service. ( CVE-2011-0999 , Moderate) * A flaw was found in the transmit methods (xmit) for the loopback and InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS) implementation. A local, unprivileged user could use this flaw to cause a denial of service. ( CVE-2011-1023 , Moderate) * A flaw in the Linux kernel's Event Poll (epoll) implementation could allow a local, unprivileged user to cause a denial of service. ( CVE-2011-1082 , Moderate) * An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share. ( CVE-2011-1090 , Moderate) * A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partitions. ( CVE-2011-1010 , Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. ( CVE-2011-1163 , Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. ( CVE-2011-1170 , CVE-2011-1171 , CVE-2011-1172 , Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163; and Vasiliy Kulikov for reporting CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172.

Bug Fixes

BZ# 622327

Previously, an operation such as madvise(MADV_MERGEABLE) may have split VMAs (Virtual Memory Area) without checking if any huge page had to be split into regular pages, leading to huge pages to be still mapped in VMA ranges that would not be large enough to fit huge pages. With this update, huge pages are checked whether they have been split when any VMA is being truncated.

BZ# 640576

Occasionally, the anon_vma variable could contain the value null in the page_address_in_vma function and cause kernel panic. With this update, kernel panic no longer occurs.

BZ# 640579

Previously, building under memory pressure with KSM (Kernel Shared Memory) caused KSM to collapse with an internal compiler error indicating an error in swapping. With this update, data corruption during swapping no longer occurs.

BZ# 640611

The fork() system call led to an rmap walk finding the parent huge-pmd twice instead of once, thus causing a discrepancy between the mapcount and page_mapcount check, which could have led to erratic page counts for subpages. This fix ensures that the rmap walk is accurate when a process is forked, thus resolving the issue.

BZ# 642570

The fork() system call led to an rmap walk finding the parent huge-pmd twice instead of once, thus causing a discrepancy between the mapcount and page_mapcount check, which could have led to erratic page counts for subpages. This fix ensures that the rmap walk is accurate when a process is forked, thus resolving the issue.

BZ# 646384

Running certain workload tests on a Non-Uniform Memory Architecture (NUMA) system could cause kernel panic at mm/migrate.c:113. This was due to a false positive BUG_ON. With this update, the false positive BUG_ON has been removed.

BZ# 622640

If an Intel 82598 10 Gigabit Ethernet Controller was configured in a way that caused peer-to-peer traffic to be sent to the Intel X58 I/O hub (IOH), a PCIe credit starvation problem occurred. As a result, the system would hang. With this update, the system continues to work and does not hang.

BZ# 637332

The ixgbe driver has been upgraded to upstream version 3.0.12, which provides a number of bug fixes and enhancements over the previous version.

BZ# 696337

During light or no network traffic, the active-backup interface bond using ARP monitoring with validation could go down and return due to an overflow or underflow of system timer interrupt ticks (jiffies). With this update, the jiffies calculation issues problems have been fixed and a bond interface works as expected.

BZ# 609516

Booting a system via the Extensible Firmware Interface (EFI) could result in a low resolution of the boot screen due to a VGA palette corruption. With this update, the VGA palette corruption no longer occurs and the boot screen is displayed in the correct resolution and colors.

BZ# 626454

Systems with an updated Video BIOS for the AMD RS880 would not properly boot with KMS (Kernel mode-setting) enabled. With this update, the Video BIOS boots successfully when KMS is enabled.

BZ# 640870

This update fixes the slow memory leak in the i915 module in DRM (Direct Rendering Manager) and GEM (Graphics Execution Manager).

BZ# 640871

Previously, a race condition in the TTM (Translation Table Maps) module of the DRM (Direct Rendering Manager) between the object destruction thread and object eviction could result in a major loss of large objects reference counts. Consequently, this caused a major amount of memory leak. With this update, the race condition no longer occurs and any memory leaks are prevented.

BZ# 644896

When booting the latest Red Hat Enterprise Linux 6 kernel (-78.el6), the system hanged shortly after the booting. Access to the file system died and the console started outputting soft lockup messages from the TTM code. With this update, the aforementioned behavior no longer occurs and the system boots as expected.

BZ# 530618

Under some circumstances, a kernel panic on installation or boot may occur if the "Interrupt Remapping" feature is enabled in the BIOS. To work around this issue, disable interrupt remapping in the BIOS.

BZ# 681017

Under some circumstances, faulty logic in the system BIOS could report that ASPM (Active State Power Management) was not supported on the system, but leave ASPM enabled on a device. This could lead to AER (Advanced Error Reporting) errors that the kernel was unable to handle. With this update, the kernel proactively disables ASPM on devices when the BIOS reports that ASPM is not supported, safely eliminating the aforementioned issues.

BZ# 624628

Prior to this update, a guest could use the poll() function to find out whether the host-side connection was open or closed. However, with a SIGIO signal, this can be done asynchronously, without having to explicitly poll each port. With this update, a SIGIO signal is sent for any host connect/disconnect events. Once the SIGIO signal is received, the open/close status of virtio-serial ports can be obtained using the poll() system call.

BZ# 628805

The virtio-console device did not handle the hot-unplug operation properly. As a result, virtio-console could access the memory outside the driver's memory area and cause kernel panic on the guest. With this update, multiple fixes to the virtio-console device resolved this issue and the hot-unplug operation works as expected.

BZ# 634232

Applications and agents using virtio serial ports would block messages even though there were messages queued up and ready to be read in the virtqueue. This was due to virtio_console's poll function checking whether a port was NULL to determine if a read operation would result in a block of the port. However, in some cases, a port can be NULL even though there are buffers left in the virtqueue to be read. This update introduces a more sophisticated method of checking whether a port contains any data; thus, preventing queued up messages from being incorrectly blocked.

BZ# 635535

Prior to this update, user space could submit (using the write() operation) a buffer with zero length to be written to the host, causing the qemu hypervisor instance running on that host to crash. This was caused by the write() operation triggering a virtqueue event on the host, causing a NULL buffer to be accessed. With this update, user space is no longer allowed to submit zero-sized buffers and the aforementioned crash no longer occur.

BZ# 643750

Using a virtio serial port from an application, filling it until the write command returns -EAGAIN and then executing a select command for the write command, caused the select command to not return any values when using the virtio serial port in a non-blocking mode. When used in blocking mode, the write command waited until the host indicated it had used up the buffers. This was due to the fact that the poll operation waited for the port->waitqueue pointer; however, nothing woke the waitqueue when there was room again in the queue. With this update, the queue is woken via host notifications so that buffers consumed by the host can be reclaimed, the queue freed, and the application write operations may proceed again.

BZ# 643751

If a host was slow in reading data or did not read data at all, blocking write() calls not only blocked the program that called the write() call but also the entire guest. This was caused by the write() calls waiting until an acknowledgment that the data consumed was received from the host. With this update, write() calls no longer wait for such acknowledgment: control is immediately returned to the user space application. This ensures that even if the host is busy processing other data or is not consuming data at all, the guest is not blocked.

BZ# 605786

Please note that in future versions of Red Hat Enterprise Linux 6 (i.e. Red Hat Enterprise Linux 6.1 and later) the auto value setting of the crashkernel= parameter (i.e. crashkernel=auto) is deprecated.

BZ# 675102

Prior to this update, the /usr/include/linux/fs.h file was broken, causing other packages to fail to build. With this update, the underlying source code has been modified to address this issue, and packages no longer fail to build.

BZ# 629178

Prior to this update, the execve utility exhibited the following flaw. When an argument and any environment data were copied from an old task's user stack to the user stack of a newly-execve'd task, the kernel would not allow the process to be interrupted or rescheduled. Therefore, when the argument or environment string data was (abnormally) large, there was no "interactivity" with the process while the execve() function was transferring the data. With this update, fatal signals (like CTRL+c) can now be received and handled and a process is allowed to yield to higher priority processes during the data transfer.

BZ# 616296

While not mandated by any specification, Linux systems rely on NMIs (Non-maskable Interrupts) being blocked by an IF-enabling (Interrupt Flag) STI instruction (an x86 instruction that enables interrupts; Set Interrupts); this is also the common behavior of all known hardware. Prior to this update, kernel panic could occur on guests using NMIs extensively (for example, a Linux system with the nmi_watchdog kernel parameter enabled). With this update, an NMI is disallowed when interrupts are blocked by an STI. This is done by checking for the condition and requesting an interrupt window exit if it occurs. As a result, kernel panic no longer occurs.

BZ# 645898

Prior to this update, running context-switch intensive workloads on KVM guests resulted in a large number of exits (kvm_exit) due to control register (CR) accesses by the guest, thus, resulting in poor performance. This update includes a number of optimizations which allow the guest not to exit to the hypervisor in the aforementioned case and improve the overall performance.

BZ# 626814

In some cases the NFS server fails to notify NFSv4 clients about renames and unlinks done by other clients, or by non-NFS users of the server. An application on a client may then be able to open the file at its old pathname (and read old cached data from it, and perform read locks on it), long after the file no longer exists at that pathname on the server. To work around this issue, use NFSv3 instead of NFSv4. Alternatively, turn off support for leases by writing 0 to /proc/sys/fs/leases-enable (ideally on boot, before the nfs server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance.

BZ# 695488

In a four node cluster environment, a deadlock could occur on machines in the cluster when the nodes accessed a GFS2 file system. This resulted in memory fragmentation which caused the number of network packet fragments in requests to exceed the network hardware limit. The network hardware firmware dropped the network packets exceeding this limit. With this update, the network packet fragmentation was reduced to the limit of the network hardware, no longer causing problems during memory fragmentation.

BZ# 627741

The zfcpdump (kdump) kernel on IBM System z could not be debugged using the dump analysis tool crash, because the vmlinux file in the kernel-kdump-debuginfo RPM did not contain DWARF debug information. With this update, the CONFIG_DEBUG_KERNEL parameter is set to yes and the needed debug information is provided.

BZ# 647365

On IBM System z systems, user space programs could access the /dev/mem file (which contains an image of main memory), where an accidental memory (write) access could potentially be harmful. To restrict access to memory from user space through the /dev/mem file, the CONFIG_STRICT_DEVMEM configuration option has been enabled for the default kernel. The kdump and debug kernels have this option switched off by default.

BZ# 668470

If a CPU is set offline, the nohz_load_balancer CPU is updated. However, under certain circumstances, the nohz_load_balancer CPU would not be updated, causing the offlined CPU to be enqueued with various timers which never expired. As a result, the system could become unresponsive. With this update, the nohz_load_balancer CPU is always updated; systems no longer become unresponsive.

BZ# 636678

Previously, in order to install Snapshot 13, boot parameter nomodeset xforcevesa had to be added to the kernel command line, otherwise, the screen turned black and prevented the installation. With this update, the aforementioned boot parameter no longer has to be specified and the installation works as expected.

BZ# 635710

The qla2xxx driver for QLogic Fibre Channel Host Bus Adapters (HBAs) has been updated to upstream version 8.03.05.01.06.1-k0, which provides a number of bug fixes and enhancements over the previous version.

BZ# 695478

The driver for the NetXen NX3031 network adapter did not support more than 14 fragments for a non-TSO (TCP Segmentation Offload) packet, which could have caused network failures. This update corrects the driver.

BZ# 641764

Previously, accounting of reclaimable inodes did not work correctly. When an inode was reclaimed it was only deleted from the per-AG (per Allocation Group) tree. Neither the counter was decreased, nor was the parent tree's AG entry untagged properly. This caused the system to hang indefinitely. With this update, the accounting of reclaimable inodes works properly and the system remains responsive.

BZ# 632021

If a Xen guest which specifies a physical path such as /dev/sda1 in its /etc/fstab configuration file, instead of a labeled path, then the following workaround procedure should be followed: The "xen_emul_unplug=never" option should be added to the guest's kernel boot line. The /etc/fstab entry should be modified to specify a partition such as /dev/xvda1 for the /boot partition, or a proper partition label should be used for the file systems on the emulated block device. Finally, if the Xen guest configuration spec uses a line similar to the following:

disk = [ 'file:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]

…then that line should be changed to:

disk = [ 'tap:aio:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]

This line needs to be changed because the Xen para-virtualized disk driver is not supported with file-backed I/O.

BZ# 680126

Using the pam_tty_audit.so module (which enables or disables TTY auditing for specified users) in the /etc/pam.d/sudo file and in the /etc/pam.d/system-auth file when the audit package is not installed resulted in soft lock-ups on CPUs. As a result, the kernel became unresponsive. This was due to the kernel exiting immediately after TTY auditing was disabled, without emptying the buffer, which caused the kernel to spin in a loop, copying 0 bytes at each iteration and attempting to push each time without any effect. With this update, a locking mechanism is introduced to prevent the aforementioned behavior.

BZ# 625914

Previously, a kernel module not shipped by Red Hat was successfully loaded when the FIPS boot option was enabled. With this update, kernel self-integrity is improved by rejecting to load kernel modules which are not shipped by Red Hat when the FIPS boot option is enabled.

BZ# 631547

Previously the cxgb3 (Chelsio Communications T3 10Gb Ethernet) adapter experienced parity errors. With this update, the parity errors are correctly detected and the cxgb3 adapter successfully recovers from them.

BZ# 698016

When the iscsi driver detected the platform option-rom, it bypassed its local defaults and used the platform-provided parameters. With this update, if the platform specifies invalid OEM parameters, a warning message is printed, and the iSCSI driver falls back on its sensible internal default parameters rather than failing to load the driver altogether.

BZ# 694106

After a raid45->raid0 takeover operation, another takeover operation (for example, raid0->raid5) resulted in kernel panic. This was due to the 'degraded' and 'plug' variables from the mddev structure not being cleared after the raid4->raid0 takeover. With this update, aforementioned variables are properly cleared, and no longer cause kernel panic.

BZ# 550724

In some cases, under a small system load involve some I/O operation, processes started to lock up in the D state (that is, became unresponsive). The system load could in some cases climb steadily. This was due to the way the event channel IRQ (Interrupt Request) was set up. Xen events behave like edge-triggered IRQs, however, the kernel was setting them up as level-triggered IRQs. As a result, any action using Xen event channels could lock up a process in the D state. With this update, the handling has been changed from edge-triggered IRQs to level-triggered IRQs and process no longer lock up in the D state.

BZ# 643371

A race condition occurred when Xen was presented with an inconsistent page type resulting in the crash of the kernel. With this update, the race condition is prevented and kernel crashes no longer occur.

BZ# 645198

The Red Hat Enterprise Linux kernel can now be tainted with a "tech preview" status. If a kernel module causes the tainted status, then running the command "cat /proc/modules" will display a "(T)" next to any module that is tainting the kernel. For more information about Technology Previews, refer to: https://access.redhat.com/support/offerings/techpreview/

Important

Running a kernel with the tainted flag set may limit the amount of support that Red Hat can provide for the system.

BZ# 694913

The "perf" subsystem failed to load on HP ProLiant servers, and messages similar to the following were logged to the console at boot time:

NMI watchdog disabled for cpu1: unable to create perf event: -2

This update includes a patch that allows the "perf" subsystem to load when using these servers, but only using the same counter that the BIOS uses. The implications of this are that "perf" statistics could be corrupted.

BZ# 643667

Previously, Red Hat Enterprise Linux 6 enabled the CONFIG_IMA option in the kernel. This caused the kernel to track all inodes in the system in a radix tree, leading to a huge waste of memory. With this update, an optimized version of a tree (rbtree) is used and memory is no longer wasted.

BZ# 615309

Direct Asynchronous I/O (AIO) which is not issued on file system block boundaries, and falls into a hole in a sparse file on ext4 or xfs file systems, may corrupt file data if multiple I/O operations modify the same file system block. Specifically, if qemu-kvm is used with the aio=native I/O mode over a sparse device image hosted on the ext4 or xfs filesystem, guest file system corruption will occur if partitions are not aligned with the host file system block size. This issue can be avoided by using one of the following techniques: Align AIOs on file system block boundaries, or do not write to sparse files using AIO on xfs or ext4 filesystems. KVM: Use a non-sparse system image file or allocate the space by zeroing out the entire file. KVM: Create the image using an ext3 host filesystem instead of ext4. KVM: Invoke qemu-kvm with aio=threads (this is the default). KVM: Align all partitions within the guest image to the host's file system block boundary (default 4k).

BZ# 624909

Running a fsstress test which issues various operations on a ext4 filesystem when usrquota is enabled, the following JBD (Journaling Block Device) error was output in /var/log/messages:

JBD: Spotted dirty metadata buffer (dev = sda10, blocknr = 17635). There's a risk of filesystem corruption in case of system crash.

With this update, by always journaling the quota file modification in an ext4 file system the aforementioned message no longer appears in the logs.

BZ# 593766

The /var/log/messages file could have slowly filled up with error messages similar to the following: ACPI Error: Illegal I/O port address/length above 64K: 0x0000000000400020/4 (20090903/hwvalid-154) ACPI Exception: AE_LIMIT, Returned by Handler for [SystemIO] (20090903/evregion-424) ACPI Error (psparse-0537): Method parse/execution failed [\_GPE._L09] (Node ffff8800797cd298), AE_LIMIT ACPI Exception: AE_LIMIT, while evaluating GPE method [_L09] (20090903/evgpe-568) This error message no longer occurs with this update.

BZ# 653245

The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities such as kernel heap addresses. With this update, a new CONFIG_SECURITY_DMESG_RESTRICT option has been added to config-generic-rhel which prevents unprivileged users from reading the kernel syslog. This option is by default turned off (0), which means no restrictions.

BZ# 627653

A regression was discovered that caused kernel panic during the booting of any SGI UV100 and UV1000 system unless the virtefi command line option was passed to the kernel by GRUB. With this update, the need for the virtefi command line option is removed and the kernel will boots as expected without it.

BZ# 659480

Prior to this update, running the hwclock --systohc command could halt a running system. This was due to the interrupt transactions being looped back from a local IOH (Input/Output Hub), through the IOH to a local CPU (erroneously), which caused a conflict with I/O port operations and other transactions. With this update, the conflicts are avoided and the system continues to run after executing the hwclock --systohc command.

BZ# 621304

The RELEASE_LOCKOWNER operation has been implemented for the NFSv4 client in order to avoid an exhaustion of NFS server state IDs, which could result in an NFS4ERR_RESOURCE error. Additionally, this update introduces NFSv4 lock state tracking in read/write requests and lock owners labeling.

BZ# 626515

An implementation of the SHA (Secure Hash Algorithm) hashing algorithm for the IBM System z architecture did not produce correct hashes and could potentially cause memory corruption due to broken partial block handling. A partial block could break when it was followed by an update which filled it with leftover bytes. Instead of storing the new leftover bytes at the start of the buffer, they were stored immediately after the previous partial block. With this update, the index pointer is reset, thus resolving the aforementioned partial block handling issue.

BZ# 661113

Outgoing packets were not fragmented after receiving the icmpv6 pkt-too-big message when using the IPSecv6 tunnel mode. This was due to the lack of IPv6 fragmentation support over an IPsec tunnel. With this update, IPv6 fragmentation is fully supported and works as expected when using the IPSecv6 tunnel mode.

BZ# 630810

Prior to this update, performing live migration back and forth during guest installation with network adapters based on the 8168c chipset or the 8111c chipset triggered an rtl8169_interrupt hang due to a RxFIFO overflow. With this update, infinite loops in the IRQ (Interrupt Request) handler caused by RxFIFO overflows are prevented and the aforementioned hang no longer occurs.

BZ# 629066

When booting a Red Hat Enterprise Linux 5.5 kernel on a guest on an AMD host system running Red Hat Enterprise Linux 6, the guest kernel crashes due to an unsupported MSR (Model Specific Registers) read of the MSR_K7_CLK_CTL model. With this update, KVM support was added for the MSR_K7_CLK_CTL model specific register used in the AMD K7 CPU models, thus, the kernel crashes no longer occur.

BZ# 629836

Previously, a Windows XP host experienced the stop error screen (i.e. the "Blue Screen Of Death" error) when booted with the CPU mode name. With this update, a Windows XP host no longer experiences the aforementioned error due to added KVM (Kernel-based Virtual Machine) support for the MSR_EBC_FREQUENCY_ID model specific register.

BZ# 629085

Under certain circumstances, a kernel thread that handles incoming messages from a server could unexpectedly exit by itself. As a result, the kernel thread would free some data structures which could then be referenced by another data structure, resulting in a kernel panic. With this update, kernel threads no longer unexpectedly exit; thus, kernel panic no longer occurs in the aforementioned case.

BZ# 641408

Previously, calling the elevator_change function immediately after the blk_init_queue function resulted in a null pointer dereference. With this update, the null pointer dereference no longer occurs.

BZ# 623199

In certain network setups (specifically, using VLAN on certain NICs where packets are sent through the VLAN GRO rx path), sending packets from an active ethernet port to another inactive ethernet port could affect the network's bridge and cause the bridge to acquire a wrong bridge port. This resulted in all packets not being passed along in the network. With this update, the underlying source code has been modified to address this issue, and network traffic works as expected.

BZ# 683496

Prior to this update, adding a bond over a bridge inside a virtual guest caused the kernel to crash due to a NULL dereference. This update improves the tests for the presence of VLANs configured above bonding (additionally, this update fixes a regression introduced by the patch for BZ#633571) . The new logic determines whether a registration has occurred, instead of testing that the internal vlan_list of a bond is empty. Previously, the system panicked and crashed when vlan_list was not empty, but the vlgrp pointer was still NULL.

BZ# 592879

The memory cgroup controller has its own Out of Memory routine (OOM killer) and kills a process at an OOM event. However, a race condition could cause the pagefault_out_of_memory function to be called after the memory cgroup's OOM. This invoked the generic OOM killer and a panic_on_oom could occur. With this update, only the memory cgroup's OOM killer is invoked and used to kill a process should an OOM occur.

BZ# 613812

This update provides a number of patches that resolve a mutual exclusion fault which could cause the kernel to become unresponsive.

BZ# 634500

Previously, MADV_HUGEPAGE was missing in the include/asm-generic/mman-common.h file which caused madvise to fail to utilize TPH. With this update, the madvise option was removed from /sys/kernel/mm/redhat_transparent_hugepage/enabled since MADV_HUGEPAGE was removed from the madvise system call.

BZ# 619818

If device-mapper-multipath is used, and the default path failure timeout value (/sys/class/fc_remote_ports/rport-xxx/dev_loss_tmo) is changed, that the timeout value will revert to the default value after a path fails, and later restored. Note that this issue will present the lpfc, qla2xxx, ibmfc or fnic Fibre Channel drivers. To work around this issue the dev_loss_tmo value must be adjusted after each path fail/restore event

BZ# 633907

During an installation through Cisco NPV (N port virtualization) to Brocade, adding a LUN (Logical Unit Number) through Add Advanced Target did not work properly. This was caused by the faulty resending of FLOGI (Fabric Login) when a Fibre Channel switch in the NPV mode rejected requests with zero Destination ID. With this update, the LUN is seen and able to be selected for installation.

BZ# 633915

An I/O operation could fast fail when using Device Mapper Multipathing (dm-multipath) if the I/O operation could be retried by the scsi layer. This prevented the multipath layer from starting its error recovery procedure and resulted in unnecessary log messages in the appropriate log files. This update includes a number of optimizations that resolve the aforementioned issue.

BZ# 636233

Previously, timing issues could cause the FIP (FCoE Initialization Protocol) FLOGIs to timeout even if there were no problems. This caused the kernel to go into a non-FIP mode even though it should have been in the FIP mode. With this update, the timing issues no longer occur and the kernel no longer switches to the non-FIP mode when logging to the Fibre Channel Switch/Forwarder.

BZ# 636771

A Red Hat Enterprise Linux 6.0 host (with root on a local disk) with dm-multipath configured on multiple LUNs (Logical Unit Number) hit kernel panic (at scsi_error_handler) with target controller faults during an I/O operation on the dm-multipath devices. This was caused by multipath using the blk_abort_queue() function to allow lower latency path deactivation. The call to blk_abort_queue proved to be unsafe due to a race (between blk_abort_queue and scsi_request_fn). With this update, the race has been resolved and kernel panic no longer occurs on Red Hat Enterprise Linux 6.0 hosts.

BZ# 638297

When an scsi command timed out and the fcoe/libfc driver aborted the command, a race could occur during the clean-up of the command which could result in kernel panic. With this update, the locking mechanism in the clean-up and abort paths was modified, thus, fixing the aforementioned issue.

BZ# 643237

Prior to this update, when using Red Hat Enterprise Linux 6 with a qla4xxx driver and FC (Fibre Channel) drivers using the fc class, a device might have been put in the offline state due to a transport problem. Once the transport problem was resolved, the device was not usable until a user manually corrected the state. This update enables the transition from the offline state to the running state, thus, fixing the problem.

BZ# 668114

Operating in the FIP (FCoE Initialization Protocol) mode and performing operations that bring up ports could cause the fcoe.ko and fnic.ko modules to not be able to re-login when a port was brought back up. This was due to a bug in the FCoE (Fiber Channel over Ethernet) layer causing improper handling of FCoE LOGO frames while in the FIP mode. With this update, FCoE LOGO frames are properly handled when in the FIP mode and the fcoe.ko and fnic.ko modules no longer fail to re-login.

BZ# 632631

Previously, the s390 tape block driver crashed whenever it tried to switch the I/O scheduler. With this update, an official in-kernel API (elevator_change()) is used to switch the I/O scheduler safely; thus, the crashes no longer occurs.

BZ# 635199

The barrier implementation in the Red Hat Enterprise Linux 6 kernel works by completely draining the I/O scheduler's queue, then issuing a preflush, a barrier, and finally a postflush request. However, since the supported file systems in Red Hat Enterprise Linux 6 all implement their own ordering guarantees, the block layer need only provide a mechanism to ensure that a barrier request is ordered with respect to other I/O already in the disk cache. This mechanism avoids I/O stalls experienced by queue draining. The block layer will be updated in future kernels to provide this more efficient mechanism of ensuring ordering. Workloads that include heavy fsync or metadata activity will see an overall improvement in disk performance. Users taking advantage of the proportional weight I/O controller will also see a boost in performance. In preparation for the block layer updates, third party file system developers need to ensure that data ordering surrounding journal commits are handled within the file system itself, since the block layer will no longer provide this functionality. These future block layer improvements will change some kernel interfaces such that symbols which are not on the kABI whitelist shall be modified. This may result in the need to recompile third party file system or storage drivers.

BZ# 636994

Handling ALUA (Asymmetric Logical Unit Access) transitioning states did not work properly due to a faulty SCSI (Small Computer System Interface) ALUA handler. With this update, optimized state transitioning prevents the aforementioned behavior.

BZ# 637805

Previously, a write request may have merged with a discard request. This could have posed a potential risk for 3rd party drivers which could possibly issue a discard without waiting properly. With this update, discarding of write block I/O requests by preventing merges of discard and write requests in one block I/O has been introduced, resolving the possible risks.

BZ# 638525

Previously, the /proc/maps file which is read by LVM2 (Logical Volume Manager) contained inconsistencies.

BZ# 644380

Running the Virtual Desktop Server Manager (VDSM) and performing an lvextend during an intensive Virtual Guest power up caused this operation to fail. Since lvextend was blocked, all components became non-responsive: vgs and lvs commands froze the session, Virtual Guests became Paused or Not Responding. This was caused by a faulty use of a lock. With this update, performing an lvextend operation works as expected.

BZ# 658293

The lack of synchronization between the clearing of the QUEUE_FLAG_CLUSTER flag and the setting of the no_cluster flag in the queue_limits variable caused corruption of data. Note that this issue only occurred on hardware that did not support segment merging (that is, clustering). With this update, the synchronization between the aforementioned flags works as expected, thus, corruption of data no longer occurs.

BZ# 669411

Deleting an SCSI (Small Computer System Interface) device attached to a device handler caused applications running in user space, which were performing I/O operations on that device, to become unresponsive. This was due to the fact that the SCSI device handler's activation did not propagate the SCSI device deletion via an error code and a callback to the Device-Mapper Multipath. With this update, deletion of an SCSI device attached to a device handler is properly handled and no longer causes certain applications to become unresponsive.

BZ# 670572

For a device that used a Target Portal Group (TPG) ID which occupied the full 2 bytes in the RTPG (Report Target Port Groups) response (with either byte exceeding the maximum value that may be stored in a signed char), the kernel's calculated TPG ID would never match the group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the Asymmetric Access State (AAS) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.

BZ# 680140

Deleting an SCSI (Small Computer System Interface) device attached to a device handler caused applications running in user space, which were performing I/O operations on that device, to become unresponsive. This was due to the fact that the SCSI device handler's activation did not propagate the SCSI device deletion via an error code and a callback to the Device-Mapper Multipath. With this update, deletion of an SCSI device attached to a device handler is properly handled and no longer causes certain applications to become unresponsive.

BZ# 647367

Migrating a guest could have resulted in dirty values for the guest being retained in memory, which could have caused both the guest and qemu to crash. The trigger for this was memory pages being both write-protected and dirty simultaneously. With this update, memory pages in the current bitmap are either dirty or write-protected when migrating a guest, with the result that neither qemu nor guest operating systems crash following a migration.

BZ# 676579

Intensive usage of resources on a guest lead to a failure of networking on that guest: packets could no longer be received. The failure occurred when a DMA (Direct Memory Access) ring was consumed before NAPI (New API; an interface for networking devices which makes use of interrupt mitigation techniques) was enabled which resulted in a failure to receive the next interrupt request. The regular interrupt handler was not affected in this situation (because it can process packets in-place), however, the OOM (Out Of Memory) handler did not detect the aforementioned situation and caused networking to fail. With this update, NAPI is subsequently scheduled for each napi_enable operation; thus, networking no longer fails under the aforementioned circumstances.

BZ# 626956

The kernel panicked when booting the kdump kernel on a s390 system with an initramfs that contained an odd number of bytes. With this update, an initramfs with sufficient padding such that it contains an even number of bytes is generated; thus, the kernel no longer panics.

BZ# 631246

Previously, the destination MAC address validation was not checking for NPIV (N_Port ID Virtualization) addresses, which results in FCoE (Fibre Channel over Ethernet) frames being dropped. With this update, the destination MAC address check for FCoE frames has been modified so that multiple N_port IDs can be multiplexed on a single physical N_port.

BZ# 641315

Reading the /proc/vmcore file on a Red Hat Enterprise Linux 6 system was not optimal because it did not always take advantage of reading through the cached memory. With this update, access to the /dev/oldmem device in the /proc/vmcore file is cached, resulting in faster copying to user space.

BZ# 665110

Bonding, when operating in the ARP monitoring mode, made erroneous assumptions regarding the ownership of ARP frames when it received them for processing. Specifically, it was assumed that the bonding driver code was the only execution context which had access to the ARP frames network buffer data. As a result, an operation was attempted on the said buffer (specifically, to modify the size of the data buffer) which was forbidden by the kernel when a buffer was shared among several execution contexts. The result of such an operation on a shared buffer could lead to data corruption. Consequently, trying to prevent the corruption, the kernel panicked. This shared state in the network buffer could be forced to occur, for example, when running the tcpdump utility to monitor traffic on the bonding interface. Every buffer the bond interface received would be shared between the driver and the tcpdump process, thus, resulting in the aforementioned kernel panic. With this update, for the particular affected path in the bonding driver, each inbound frame is checked whether it is in the shared state. In case a buffer is shared, a private copy is made for exclusive use by the bonding driver, thus, preventing the kernel panic.

BZ# 672937

Reading the /proc/vmcore file was previously significantly slower on a Red Hat Enterprise Linux 6 system when compared to a Red Hat Enterprise Linux 5 system. This update enables caching of memory accesses; reading of the /proc/vmcore file is now noticeably faster.

BZ# 680478

The kdump kernel (the second kernel) could in some cases become unresponsive due to a pending IPI (Inter-processor Interrupt) from the first kernel. The kernel tries to handle the IPI, but fails to do so due to a NULL pointer dereference. With this update, the underlying source code has been modified to address this issue, and kdump no longer hangs.

BZ# 625585

Physical CPU Hotplug is not supported on Red Hat Enterprise Linux 6 i686.

BZ# 681870

A Peripheral Component Interconnect Express (PCIe) Active State Power Management (ASPM) was not being properly enabled on some platforms. This resulted in the system becoming unresponsive and followed by a Non-Maskable Interrupt (NMI) on some HP ProLiant systems in the Hewlett Packard Smart Array (HPSA) or on some network cards. With this update, the underlying source code has been modified to address this issue.

BZ# 694891

Intel Xeon processor E7 family processors have an issue in which some c-state transitions can cause false correctable Machine Check Exception (MCE) errors to be reported from MCE bank 6 to the user. On some E7 processor family systems, this resulted in "floods" of MCE errors. This patch disables MCE error reporting for bank 6.

BZ# 634703

Systems that have an Emulex FC controller (with SLI-3 based firmware) installed could return a kernel panic during installation. With this update, kernel panic no longer occurs during installation.

BZ# 651584

Kernel panic could occur when the gfs2_glock_hold function was called within the gfs2_process_unlinked_inode function. This was due to the fact that gfs2_glock_hold was being called without a reference already held on the inode in question. This update, resolves this problem by changing the order in which it acquires references to match that of the NFS code; thus, kernel panic no longer occurs.

BZ# 695751

A previously applied patch accidentally removed a check that handled invalid EEPROM (Electrically Erasable Programmable Read-Only Memory) sizes. Without this check the EEPROM validation failed if the EEPROM size was invalid, causing the NIC (Network Interface Controller) to not function properly. This update reintroduces the aforementioned patch, fixing the problem.

BZ# 628951

PowerPC systems having more than 1 TB of RAM could randomly crash or become unresponsive due to an incorrect setup of the Segment Lookaside Buffer (SLB) entry for the kernel stack. With this update, the SLB entry is properly set up.

BZ# 636978

Previously, the vmstat (virtual memory statistics) tool incorrectly reported the disk I/O as swap-in on ppc64 and other architectures that do not support the TRANSPARENT_HUGEPAGE configuration option in the kernel. With this update, the vmstat tool no longer reports incorrect statistics and works as expected.

BZ# 676640

The bnx2i driver could cause a system crash on IBM POWER7 systems. The driver's page tables were not set up properly on Big Endian machines, causing extended error handling (EEH) errors on PowerPC machines. With this update, the page tables are properly set up and a system crash no longer occurs in the aforementioned case.

BZ# 678099

A race condition could occur during a threaded coredump causing some threads to not have a full register set. With this update, the underlying source code has been modified to address this issue and prevent the aforementioned race condition.

BZ# 681668

If an EEH (Enhanced I/O Error Handling) error occurred too early in the boot process, the kernel panicked with an error message similar to the following: Unable to handle kernel paging request for data at address 0x00000468 Oops: Kernel access of bad area, sig: 11 [#1]

This situation is detected and avoided with this update, with the result that the machine continues to boot normally.

BZ# 683115

A race condition caused by a missing mutual exclusion lock in the device_pm_pre_add() function and the device_pm_pre_add_cleanup() function could occur during the booting of an IBM Power system. As a result, error diagnostic messages were displayed in dmesg. This update adds the missing mutual exclusion lock, resolving this issue.

BZ# 684961

On the PowerPC architecture, a PCI adapter with two functions, one of which uses MSI (Message Signaled Interrupts), and one of which uses MSI-X (an extended version of MSI), could have triggered an EEH (Enhanced I/O Error Handling) from an MSI-X signal when MSI was disabled using an older interface. With this update, the newer interface is used to disable MSI, with the result that the adapter no longer signals a stray MSI-X interrupt, and no EEH is registered.

BZ# 694327

A previously released patch added a spin_unlock into the dtl_disable function for the virtual processor dispatch trace log file. However, the dtl_function did not include a spin_unlock which could cause a deadlock to occur. With this update, the missing spin_unlock has been added, and a deadlock no longer occurs.

BZ# 695678

Section 14.11.3.2 "H_REGISTER_VPA" in the POWER Architecture Platform Reference (PAPR) specified that Dispatch Trace Log (DTL) buffers could not cross Active Memory Sharing (AMS) environments and memory entitlement granule boundaries (of size 4kB). However, kmalloc (a method for allocating memory in the kernel) did not guarantee an alignment of the allocation beyond 8 bytes. This update adds a special kmem cache for DLT buffers with the aforementioned alignment requirement.

BZ# 593566

Certain scan requests failed to complete before the network interface was brought down. As a result, a warning will appear in the kernel log regarding wdev_cleanup_work. In some cases connectivity may be lost until the next reboot. If connectivity is restored, then the warning may be safely ignored. In other cases, the driver module may need to be reloaded or the system may need to be rebooted.

BZ# 633836

Installing a debug kernel caused the PERC (Dell PowerEdge RAID Controller) 700 adapter to enter an undefined state and produce incorrect error messages. This has been corrected so that installing the debug kernel no longer causes the PERC 700 adapter to enter an undefined state and display erroneous RAID DIMM error messages.

BZ# 664832

Systems Management Applications using the libsmbios package could become unresponsive on Dell PowerEdge servers (specifically, Dell PowerEdge 2970 and Dell PowerEdge SC1435). The dcdbas driver can perform an I/O write operation which causes an SMI (System Management Interrupt) to occur. However, the SMI handler processed the SMI well after the outb function was processed, which caused random failures resulting in the aforementioned hang. With this update, the underlying source code has been modified to address this issue, and systems management applications using the libsmbios package no longer become unresponsive.

BZ# 692673

If an error occurred during an I/O operation, the SCSI driver reset the megaraid_sas controller to restore it to normal state. However, on Red Hat Enterprise Linux 6, the waiting time to allow a full reset completion for the megaraid_sas controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset.

BZ# 638269

The lock reclaim operation on a Red Hat Enterprise Linux 6 NFSv4 client did not work properly when, after a server reboot, an I/O operation which resulted in a STALE_STATEID response was performed before the RENEW call was sent to the server. This behavior was caused due to the improper use of the state flags. While investigating this bug, a different bug was discovered in the state recovery operation which resulted in a reclaim thread looping in the nfs4_reclaim_open_state() function. With this update, both operations have been fixed and work as expected.

BZ# 680549

Previously, the UDP (User Datagram Protocol) transmit path ran under a socket lock due to the corking feature, which limited scalability due to having to transmit to the same socket in multiple threads. With this update, the transmit path has been made lockless when corking is not used, which greatly increases UDP transmit speed.

BZ# 630060

On a system configured with an HP Smart Array controller, during the kdump process, the capturing kernel could have become unresponsive and the following error message logged:

NMI: IOCK error (debug interrupt?)

As a workaround, the system can be configured by blacklisting the hpsa module in a configuration file such as /etc/modules.d/blacklist.conf, and specifying the disk_timeout option so that saving the vmcore over the network is possible.

BZ# 700430

Under certain circumstances, a command could be left unprocessed when using either the cciss or the hpsa driver. This was because the HP Smart Array controller considered all commands to be completed when, in fact, some commands were still left in the completion queue. This could cause the file system to become read-only or panic and the whole system to become unstable. With this update, an extra read operation has been added to both of the aforementioned drivers, fixing this issue.

BZ# 617137

On platforms using an Intel 7500 or an Intel 5500 chipset (or their derivatives), occasionally, a VT-d specification defined error occurred in the kdump kernel (the second kernel). As a result of the VT-d error, on some platforms, an SMI (System Management Interrupt) was issued and the system became unresponsive. With this update, a VT-d error is properly handled so that an SMI is no longer issued, and the system no longer hangs.

BZ# 664364

Invocating an EFI (Extensible Firmware Interface) call caused a restart or a failure to boot to occur on a system with more than 512GB of memory because the EFI page tables did not map the whole kernel space. EFI page tables used only one PGD (Page Global Directory) entry to map the kernel space; thus, virtual addresses higher than PAGE_OFFSET + 512GB could not be accessed. With this update, EFI page tables map the whole kernel space.

BZ# 655231

A previously introduced patch that prevented kbuild to attempt to sign an out-of-the-tree module only fixed this issue for cases when a full kernel tree was used for compiling. Using the kernel-devel package for compilation remained broken. This update allows out-of-the-tree modules to compile using the kernel-devel package only.

BZ# 703504

Prior to this update, external modules could be built using the "-Werr" option, which resulted in a failure to build any major third party module. This update, disables the "-Werr" option for external modules, fixing the issue.

Enhancements

BZ# 628676

The zfcpdump tool was not able to mount ext4 file systems. Because ext4 is the default file system on Red Hat Enterprise Linux 6, with this update, ext4 file system support was added for the zfcpdump tool.

BZ# 629205

The zfcpdump tool was not able to mount ext2 file systems. With this update, ext2 file system support was added for the zfcpdump tool.

BZ# 636922

The ALSA HDA audio driver has been updated to improve support for new chipsets and HDA audio codecs.

BZ# 693050

The perf subsystem's trace command has been replaced with the script command. Users should now use the script command.

BZ# 633571

This update provides VLAN null tagging support (VLAN ID 0 can be used in tags).

BZ# 591796 , BZ# 591797 , BZ# 624615 , BZ# 637237

USB 3.0 support has been changed from Technology Preview to full support, and supports Power Management as well as other chips other than NEC. Users should upgrade to these updated packages, which contain backported patches to correct these issues, fix these bugs, and add these enhancement. The system must be rebooted for this update to take effect.

1.116.5. RHSA-2011:0836 — Important: kernel security and bug fix update

Important

This update has already been released as the security errata RHSA-2011:0836 Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes

* An integer underflow flaw, leading to a buffer overflow, was found in the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. ( CVE-2011-1770 , Important) * Missing sanity checks were found in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON() , resulting in a local denial of service. ( CVE-2010-3858 , Moderate) * A missing validation check was found in the bcm_release() and raw_release() functions in the Linux kernel's Controller Area Network (CAN) implementation. This could allow a local, unprivileged user to cause a denial of service. ( CVE-2011-1598 , CVE-2011-1748 , Moderate) * The fix for Red Hat Bugzilla bug 656461, as provided in RHSA-2011:0542, introduced a regression in the cifs_close() function in the Linux kernel's Common Internet File System (CIFS) implementation. A local, unprivileged user with write access to a CIFS file system could use this flaw to cause a denial of service. ( CVE-2011-1771 , Moderate) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770; Brad Spengler for reporting CVE-2010-3858; and Oliver Hartkopp for reporting CVE-2011-1748.

Bug Fixes

BZ# 704000

This update includes two fixes for the bna driver, specifically: A memory leak was caused by an unintentional assignment of the NULL value to the RX path destroy callback function pointer after a correct initialization. During a kernel crash, the bna driver control path state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly.

BZ# 704002

This update adds a missing patch to the ixgbe driver to use the kernel's generic routine to set and obtain the DCB (Data Center Bridging) priority. Without this fix, applications could not properly query the DCB priority.

BZ# 704009

Prior to this update, the interrupt service routine was performing unnecessary MMIO operation during performance testing on IBM POWER7 machines. With this update, the logic of the routine has been modified so that there are fewer MMIO operations in the performance path of the code. Additionally, as a result of the aforementioned change, an existing condition was exposed where the IPR driver (the controller device driver) could return an unexpected HRRQ (Host Receive Request) interrupt. The original code flagged the interrupt as unexpected and then reset the adapter. After further analysis, it was confirmed that this condition could occasionally occur and the interrupt can be safely ignored. Additional code provided by this update detects this condition, clears the interrupt, and allows the driver to continue without resetting the adapter.

BZ# 704011

After receiving an ABTS response, the FCoE (Fibre Channel over Ethernet) DDP error status was cleared. As a result, the FCoE DDP context invalidation was incorrectly bypassed and caused memory corruption. With this update, the underlying source code has been modified to address this issue, and memory corruption no longer occurs.

BZ# 704014

The Brocade BFA FC/FCoE driver was previously selectively marked as a Technology Preview based on the type of the adapter. With this update, the Brocade BFA FC/FCoE driver is always marked as a Technology Preview .

BZ# 704280

This update standardizes the printed format of UUIDs (Universally Unique Identifier)/GUIDs (Globally Unique Identifier) by using an additional extension to the %p format specifier (which is used to show the memory address value of a pointer).

BZ# 704282

The Brocade BFA FC SCSI driver ( bfa driver) has been upgraded to version 2.3.2.4. Additionally, this update provides the following two fixes: A firmware download memory leak was caused by the release_firmware() function not being called after the request_firmware() function. Similarly, the firmware download interface has been fixed and now works as expected. During a kernel crash, the bfa I/O control state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.116.6. RHSA-2011:0928 — Important: kernel security and bug fix update

Important

This update has already been released as the security errata RHSA-2011:0928 Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes

* It was found that the receive hook in the ipip_init() function in the ipip module, and in the ipgre_init() function in the ip_gre module, could be called before network namespaces setup is complete. If packets were received at the time the ipip or ip_gre module was still being loaded into the kernel, it could cause a denial of service. ( CVE-2011-1767 , CVE-2011-1768 , Moderate) * It was found that an mmap() call with the MAP_PRIVATE flag on /dev/zero would create transparent hugepages and trigger a certain robustness check. A local, unprivileged user could use this flaw to cause a denial of service. ( CVE-2011-2479 , Moderate)

Bug Fixes

BZ# 712413

Deleting the lost+found directory on a file system with inodes of size greater than 128 bytes and reusing inode 11 for a different file caused the extended attributes for inode 11 (which were set before a umount operation) to not be saved after a file system remount. As a result, the extended attributes were lost after the remount. With this update, inodes store their extended attributes under all circumstances.

BZ# 711540

Disk read operations on a memory constrained system could cause allocations to stall. As a result, the system performance would drop considerably. With this update, latencies seen in page reclaim operations have been reduced and their efficiency improved; thus, fixing this issue.

BZ# 711528

Multiple GFS2 nodes attempted to unlink, rename, or manipulate files at the same time, causing various forms of file system corruption, panics, and withdraws. This update adds multiple checks for dinode 's i_nlink value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.

BZ# 711535

Migration of a Windows XP virtual guest during the early stage of a boot caused the virtual guest OS to fail to boot correctly. With this update, the underlying source code has been modified to address this issue, and the virtual guest OS no longer fails to boot.

BZ# 713135

When using certain SELinux policies, such as the MLS policy, it was not possible to properly mount the cgroupfs file system due to the way security checks were applied to the new cgroupfs inodes during the mount operation. With this update, the security checks applied during the mount operation have been changed so that they always succeed, and the cgroupfs file system can now be successfully mounted and used with the MLS SELinux policy. This issue did not affect systems which used the default targeted policy.

BZ# 711546

Prior to this update, Red Hat Enterprise Linux Xen (up to version 5.6) did not hide 1 GB pages and RDTSCP (enumeration features of CPUID), causing guest soft lock ups on AMD hosts when the guest's memory was greater than 8 GB. With this update, a Red Hat Enterprise Linux 6 HVM (Hardware Virtual Machine) guest is able to run on Red Hat Enterprise Linux Xen 5.6 and lower.

BZ# 714190

A kernel panic in the mpt2sas driver could occur on an IBM system using a drive with SMART (Self-Monitoring, Analysis and Reporting Technology) issues. This was because the driver was sending an SEP request while the kernel was in the interrupt context , causing the driver to enter the sleep state. With this update, a fake event is not executed from the interrupt context, assuring the SEP request is properly issued.

BZ# 713494

When VLANs stacked on top of multiqueue devices passed through these devices, the queue_mapping value was not properly decremented because the VLAN devices called the physical devices via the ndo_select_queue method. This update removes the multiqueue functionality, resolving this issue.

BZ# 713492

Prior to this update, code was missing from the netif_set_real_num_tx_queues() function which prevented an increment of the real number of TX queues (the real_num_tx_queues value). This update adds the missing code; thus, resolving this issue.

BZ# 711524

Prior to this update, interrupts were enabled before the dispatch log for the boot CPU was set up, causing kernel panic if a timer interrupt occurred before the log was set up. This update adds a check to the scan_dispatch_log function to ensure the dispatch log has been allocated.

BZ# 712414

Prior to this update, in the __cache_alloc() function, the ac variable could be changed after cache_alloc_refill() and the following kmemleak_erase() function could receive an incorrect pointer, causing kernel panic. With this update, the ac variable is updated after the cache_alloc_refill() unconditionally.

BZ# 711520

Due to an uninitialized variable (specifically, the isr_ack variable), a virtual guest could become unresponsive when migrated while being rebooted. With this update, the said variable is properly initialized, and virtual guests no longer hang in the aforementioned scenario.

BZ# 713458

A previously introduced update intended to prevent IOMMU (I/O Memory Management Unit) domain exhaustion introduced two regressions. The first regression was a race where a domain pointer could be freed while a lazy flush algorithm still had a reference to it, eventually causing kernel panic. The second regression was an erroneous reference removal for identity mapped and VM IOMMU domains, causing I/O errors. Both of these regressions could only be triggered on Intel based platforms, supporting VT-d, booted with the intel_iommu=on boot option. With this update, the underlying source code of the intel-iommu driver has been modified to resolve both of these problems. A forced flush is now used to avoid the lazy use after free issue, and extra checks have been added to avoid the erroneous reference removal.

BZ# 713831

Previously, auditing system calls used a simple check to determine whether a return value was positive or negative, which also determined the success of the system call. With an exception of few, this worked on most platforms and with most system calls. For example, the 32 bit mmap system call on the AMD64 architecture could return a pointer which appeared to be of value negative even though pointers are normally of unsigned values. This resulted in the success field being incorrect. This patch fixes the success field for all system calls on all architectures.

BZ# 709381

A previously released patch for BZ# 625487 introduced a kABI (Kernel Application Binary Interface) workaround that extended struct sock (the network layer representation of sockets) by putting the extension structure in the memory right after the original structure. As a result, the prot->obj_size pointer had to be adjusted in the proto_register function. Prior to this update, the adjustment was done only if the alloc_slab parameter of the proto_register function was not 0 . When the alloc_slab parameter was 0 , drivers performed allocations themselves using sk_alloc and as the allocated memory was lower than needed, a memory corruption could occur. With this update, the underlying source code has been modified to address this issue, and a memory corruption no longer occurs.

BZ# 682989

Prior to this update, the /proc/diskstats file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.

Enhancements

BZ# 711550

This updates introduces a kernel module option that allows the disabling of the Flow Director.

BZ# 711548

This update adds XTS (XEX-based Tweaked CodeBook) AES256 self-tests to meet the FIPS-140 requirements.

BZ# 711545

This update reduces the overhead of probes provided by kprobe (a dynamic instrumentation system), and enhances the performance of SystemTap . Users should upgrade to these updated packages, which contain backported patches to correct these issues and add the enhancement. The system must be rebooted for this update to take effect.

1.116.7. RHSA-2011:1189 — Important: kernel security and bug fix update

Important

This update has already been released as the security errata RHSA-2011:1189 Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes

* Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. ( CVE-2011-1898 , Important) * Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. ( CVE-2011-2491 , Important) * Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially-crafted request to a target system via Bluetooth. ( CVE-2011-2497 , Important) * Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. ( CVE-2011-2517 , Important) * Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. ( CVE-2011-2695 , Important) * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. ( CVE-2011-1576 , Moderate) * Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. ( CVE-2011-1593 , Moderate) * Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm / ksmtuned services. ( CVE-2011-2183 , Moderate) * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. ( CVE-2011-2213 , Moderate) * Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. ( CVE-2011-2689 , Moderate) * Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. ( CVE-2011-1182 , Low) * Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. ( CVE-2011-1776 , Low) * Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. ( CVE-2011-2492 , Low) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. ( CVE-2011-2495 , Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491; Dan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.

Bug Fixes

BZ# 719925

This update fixes a regression in which a client would use an UNCHECKED NFS CREATE call when an open system call was attempted with the O_EXCL | O_CREAT flag combination. An EXCLUSIVE NFS CREATE call should have been used instead to ensure that O_EXCL semantics were preserved. As a result, an application could be led to believe that it had created the file when it was in fact created by another application.

BZ# 714982

In a GFS2 file system, when the responsibility for deallocation was passed from one node to another, the receiving node may not have had a fully up-to-date inode state. If the sending node has changed the important parts of the state in the mean time (block allocation/deallocation) then this resulted in triggering an assert during the deallocation on the receiving node. With this update, the inode state is refreshed correctly during deallocation on the receiving node, ensuring that deallocation proceeds normally.

BZ# 720914

Prior to this update, the ehea driver caused a kernel oops during a memory hotplug if the ports were not up. With this update, the waitqueues are initialized during the port probe operation, instead of during the port open operation.

BZ# 725329

Older versions of be2net cards firmware may not recognize certain commands and return illegal/unsupported errors, causing confusing error messages to appear in the logs. With this update, the driver handles these errors gracefully and does not log them.

BZ# 726308

This patch fixes the inability of the be2net driver to work in a kdump environment. It clears an interrupt bit (in the card) that may be set while the driver is probed by the kdump kernel after a crash.

BZ# 715397

The hpsa driver has been updated to provide a fix for hpsa driver kdump failures.

BZ# 716539

Memory limit for x86_64 domU PV guests has been increased to 128 GB: CONFIG_XEN_MAX_DOMAIN_MEMORY=128 .

BZ# 726095

The patch that fixed BZ# 556572 introduced a bug where the page lock was being released too soon, allowing the do_wp_page function to reuse the wrprotected page before PageKsm would be set in page->mapping . With this update, a new version of the original fix was introduced, thus fixing this issue.

BZ# 717018

While running gfs2_grow , the file system became unresponsive. This was due to the log not getting flushed when a node dropped its rindex glock so that another node could grow the file system. If the log did not get flushed, GFS2 could corrupt the sd_log_le_rg list, ultimately causing a hang. With this update, a log flush is forced when the rindex glock is invalidated; gfs2_grow completes as expected and the file system remains accessible.

BZ# 719928

After hot plugging one of the disks of a non-boot 2-disk RAID1 pair, the md driver would enter an infinite resync loop thinking there was a spare disk available, when, in fact, there was none. This update adds an additional check to detect the previously mentioned situation; thus, fixing this issue.

BZ# 723807

This update fixes two bugs related to Rx checksum offloading. These bugs caused a data corruption transferred over r8169 NIC when Rx checksum offloading was enabled.

BZ# 719910

The 128-bit multiply operation in the pvclock.h function was missing an output constraint for EDX which caused a register corruption to appear. As a result, Red Hat Enterprise Linux 3.8 and Red Hat Enterprise Linux 3.9 KVM guests with a Red Hat Enterprise Linux 6.1 KVM host kernel exhibited time inconsistencies. With this update, the underlying source code has been modified to address this issue, and time runs as expected on the aforementioned systems.

Enhancements

BZ# 713827

This update adds parallel port printing support for Red Hat Enterprise Linux 6.

BZ# 723820

Prior to this update, the be2net driver was using the BE3 chipset in legacy mode. This update enables this chipset to work in a native mode, making it possible to use all 4 ports on a 4-port integrated NIC. Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

1.116.8. RHSA-2011:1350 — Important: kernel security, bug fix, and enhancement update

Important

This update has already been released as the security errata RHSA-2011:1350 . Updated kernel packages that fix multiple security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes

* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. ( CVE-2011-1745 , CVE-2011-2022 , Important) * An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. ( CVE-2011-1746 , Important) * A race condition flaw was found in the Linux kernel's eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update, which provides the user-space part of the fix, must also be installed. ( CVE-2011-1833 , Moderate) * A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use. ( CVE-2011-2484 , Moderate) * A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. ( CVE-2011-2496 , Moderate) * A flaw was found in the Linux kernel's Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. ( CVE-2011-2521 , Moderate) * A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. ( CVE-2011-2723 , Moderate) * A flaw was found in the way the Linux kernel's Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. ( CVE-2011-2918 , Moderate) * A flaw was found in the Linux kernel's Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space. ( CVE-2011-1160 , Low) * Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. ( CVE-2011-2898 , Low) Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the Ubuntu Security Team for reporting CVE-2011-1833; Robert Swiecki for reporting CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent Meshier for reporting CVE-2011-2723; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833.

Bug Fixes

BZ# 727618

When an event caused the ibmvscsi driver to reset its CRQ, re-registering the CRQ returned H_CLOSED, indicating that the Virtual I/O Server was not ready to receive commands. As a consequence, the ibmvscsi driver offlined the adapter and did not recover. With this update, the interrupt is re-enabled after the reset so that when the Virtual I/O server is ready and sends a CRQ init, it is able to receive it and resume initialization of the VSCSI adapter.

BZ# 728522

Suspending a system to RAM and consequently resuming it caused USB3.0 ports to not work properly. This was because a USB3.0 device configured for MSIX would, during the resume operation, incorrectly read its previous interrupt state. This would lead it to fall back to a legacy mode and appear unresponsive. With this update, the interrupt state is cached, allowing the driver to properly resume its previous state.

BZ# 736065

Prior to this update, kdump failed to create a vmcore file after triggering a crash on POWER7 systems with Dynamic DMA Windows enabled. This update provides a number of fixes that address this issue.

BZ# 713463

Prior to this update, loading the FS-Cache kernel module would cause the kernel to be tainted as a Technology Preview via the mark_tech_preview() function, which would cause kernel lock debugging to be disabled by the add_taint() function. However, the NFS and CIFS modules depend on the FS-Cache module so using either NFS or CIFS would cause the FS-Cache module to be loaded and the kernel tainted. With this update, FS-Cache only taints the kernel when a cache is brought online (for instance by starting the cachefilesd service) and, additionally, the add_taint() function has been modified so that it does not disable lock debugging for informational-only taints.

BZ# 723551

A race between the FSFREEZE ioctl() command to freeze an ext4 file system and mmap I/O operations would result in a deadlock if these two operations ran simultaneously. This update provides a number of patches to address this issue, and a deadlock no longer occurs in the previously-described scenario.

BZ# 710047

If a user configured 2 logical disks on a RAID volume, whose disks are larger than 2 TB, where the start of the second logical disk is after the 2 TB mark, and FastPath was enabled, FastPath reads to the second logical disk were read from the incorrect location on the disk. However, writes were not affected and always went to the correct disk location. With this update, the driver detects the LBA > 0xffffffff & cdb_len < 16 condition, then converts the CDB from the OS to a 16 byte CDB, before firing it as a FastPath I/O operation.

BZ# 727838

A Windows Server 2008 32-bit guest installation failed on a Red Hat Enterprise Linux 6.1 Snap2 KVM host when allocating more than one virtual CPU ( vcpus > 1 ) during the installation. As soon the installation started after booting from ISO, a blue screen with the following error occurred:

A problem has been detected and windows has been shut down to prevent damage to your computer.

This was because a valid microcode update signature was not reported to the guest. This update fixes this issue by reporting a non-zero microcode update signature to the guest.

BZ# 732379

Prior to this update, the following message appeared in kernel log files: [bnx2x_extract_max_cfg:1079(eth11)]Illegal configuration detected for Max BW - using 100 instead The above message appeared on bnx2x interfaces in the multi-function mode which were not used and had no link, thus, not indicating any actual problems with connectivity. With this update, the message has been removed and no longer appears in kernel log files.

BZ# 726626

Previously, the inet6_sk_generic() function was using the obj_size variable to compute the address of its inner structure, causing memory corruption. With this update, the sk_alloc_size() is called every time there is a request for allocation, and memory corruption no longer occurs.

BZ# 739477

Due to the partial support of IPv6 multicast snooping, IPv6 multicast packets may have been dropped. This update fixes IPv6 multicast snooping so that packets are no longer dropped.

Enhancement

BZ# 732382

With this update, the JSM driver has been updated to support for enabling the Bell2 (with PLX chip) 2-port adapter on POWER7 systems. Additionally, EEH support has been added for to JSM driver. Users should upgrade to these updated packages, which contain backported patches to correct these issues and add the enhancement. The system must be rebooted for this update to take effect.

1.116.9. RHSA-2011:1465 — Important: kernel security and bug fix update

Important

This update has already been released as the security errata RHSA-2011:1465 . Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes

* IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. ( CVE-2011-2699 , Important) * A signedness issue was found in the Linux kernel's CIFS (Common Internet File System) implementation. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. ( CVE-2011-3191 , Important) * A flaw was found in the way the Linux kernel handled fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on. A remote attacker could use this flaw to cause a denial of service. ( CVE-2011-4326 , Important) * The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. ( CVE-2011-3188 , Moderate) * A buffer overflow flaw was found in the Linux kernel's FUSE (Filesystem in Userspace) implementation. A local user in the fuse group who has access to mount a FUSE file system could use this flaw to cause a denial of service. ( CVE-2011-3353 , Moderate) * A flaw was found in the b43 driver in the Linux kernel. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially-crafted frame to that interface could cause a denial of service. ( CVE-2011-3359 , Moderate) * A flaw was found in the way CIFS shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. ( CVE-2011-3363 , Moderate) * A flaw was found in the way the Linux kernel handled VLAN 0 frames with the priority tag set. When using certain network drivers, an attacker on the local network could use this flaw to cause a denial of service. ( CVE-2011-3593 , Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. ( CVE-2011-1162 , Low) * A heap overflow flaw was found in the Linux kernel's EFI GUID Partition Table (GPT) implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partition tables. ( CVE-2011-1577 , Low) * The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. ( CVE-2011-2494 , Low) * It was found that the perf tool, a part of the Linux kernel's Performance Events implementation, could load its configuration file from the current working directory. If a local user with access to the perf tool were tricked into running perf in a directory that contains a specially-crafted configuration file, it could cause perf to overwrite arbitrary files and directories accessible to that user. ( CVE-2011-2905 , Low) Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699; Darren Lavender for reporting CVE-2011-3191; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Gideon Naim for reporting CVE-2011-3593; Peter Huewe for reporting CVE-2011-1162; Timo Warns for reporting CVE-2011-1577; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.

Bug Fixes

BZ# 734774

When a host was in recovery mode and a SCSI scan operation was initiated, the scan operation failed and provided no error output. This bug has been fixed and the SCSI layer now waits for recovery of the host to complete scan operations for devices.

BZ# 737570

While executing a multi-threaded process by multiple CPUs, page-directory-pointer-table entry (PDPTE) registers were not fully flushed from the CPU cache when a Page Global Directory (PGD) entry was changed in x86 Physical Address Extension (PAE) mode. As a consequence, the process failed to respond for a long time before it successfully finished. With this update, the kernel has been modified to flush the Translation Lookaside Buffer (TLB) for each CPU using a page table that has changed. Multi-threaded processes now finish without hanging.

BZ# 740352

When a CPU is about to modify data protected by the RCU (Read Copy Update) mechanism, it has to wait for other CPUs in the system to pass a quiescent state. Previously, the guest mode was not considered a quiescent state. As a consequence, if a CPU was in the guest mode for a long time, another CPU had to wait a long time in order to modify RCU-protected data. With this update, the rcu_virt_note_context_switch() function, which marks the guest mode as a quiescent state, has been added to the kernel, thus resolving this issue.

BZ# 741167

A workaround to the megaraid_sas driver was provided to address an issue but as a side effect of the workaround, megaraid_sas stopped to report certain enclosures, CD-ROM drives, and other devices. The underlying problem for the issue has been fixed as reported in BZ#741166. With this update, the original workaround has been reverted, and megaraid_sas now reports many different devices as before.

BZ# 741166

Previously, some enclosure devices with a broken firmware reported incorrect values. As a consequence, kernel sometimes terminated unexpectedly. A patch has been provided to address this issue, and the kernel crashes no longer occur even if an enclosure device reports incorrect or duplicate data.

BZ# 741704

During connection shut down or reconnection, the iSCSI software initiator module, iscsi_tcp, was setting callbacks to the NULL value and freeing connections while the network layer was still using the callbacks. As a consequence, kernel terminated unexpectedly. A patch has been provided to address this issue and the crashes no longer occur in the described scenario.

BZ# 743510

When a SCTP (Stream Control Transmission Protocol) packet contained two COOKIE_ECHO chunks and nothing else, the SCTP state machine disabled output processing for the socket while processing the first COOKIE_ECHO chunk, then lost the association and forgot to re-enable output processing for the socket. As a consequence, any data which needed to be sent to a peer were blocked and the socket appeared to be unresponsive. With this update, a new SCTP command has been added to the kernel code, which sets the association explicitly; the command is used when processing the second COOKIE_ECHO chunk to restore the context for SCTP state machine, thus fixing this bug.

BZ# 743807

Some system vendors desired the Wake-on-Lan capability to be accessible on more than the first on-board port of an Intel i350 network adapter. Due to a bug in the igb driver, this was not possible. This bug has been fixed and igb now honors the EEPROM setting for the second port.

BZ# 745413

When a kernel NFS server was being stopped, kernel sometimes terminated unexpectedly. A bug has been fixed in the wait_for_completion_interruptible_timeout() function and the crashes no longer occur in the described scenario.

BZ# 745557

The ACPI (Advanced Control and Power Interface) core places all events to the kacpi_notify queue including PCI hotplug events. When the acpiphp driver was loaded and a PCI card with a PCI-to-PCI bridge was removed from the system, the code path attempted to empty the kacpi_notify queue which causes a deadlock, and the kacpi_notify thread became unresponsive. With this update, the call sequence has been fixed, and the bridge is now cleaned-up properly in the described scenario.

BZ# 747868

On IBM System z, if a Linux instance with large amounts of anonymous memory runs into a memory shortage the first time, all pages on the active or inactive lists are considered referenced. This causes the memory management on IBM System z to do a full check over all page cache pages and start writeback for all of them. As a consequence, the system became temporarily unresponsive when the described situation occurred. With this update, only pages with active mappers are checked and the page scan now does not cause the hangs.

BZ# 740230

When a NFS server returned more than two GETATTR bitmap words in response to the FATTR4_ACL attribute request, decoding operations of the nfs4_getfacl() function failed. A patch has been provided to address this issue and the ACLs are now returned in the described scenario.

BZ# 744811

In error recovery, most SCSI error recovery stages send a TUR (Test Unit Ready) command for every bad command when a driver error handler reports success. When several bad commands pointed to a same device, the device was probed multiple times. When the device was in a state where the device did not respond to commands even after a recovery function returned success, the error handler had to wait for the commands to time out. This significantly impeded the recovery process. With this update, SCSI mid-layer error routines to send test commands have been fixed to respond once per device instead of once per bad command, thus reducing error recovery time considerably.

BZ# 748808

A scenario for this bug involves two hosts, configured to use IPv4 network, and two guests, configured to use IPv6 network. When a guest on host A attempted to send a large UDP datagram to host B, host A terminated unexpectedly. With this update, the ipv6_select_ident() function has been fixed to accept the in6_addr parameter and to use the destination address in IPv6 header when no route is attached, and the crashes no longer occur in the described scenario. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.116.10. RHBA-2012:0549 — kernel bug fix update

Updated kernel packages that fix three bugs and add two enhancements are now available for Red Hat Enterprise Linux 6 Extended Update Support. [Updated 12 June 2012] This advisory has been updated with the correct description for bug 811298. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Bug Fixes

BZ# 807425

An unwanted interrupt was generated when a PCI driver switched the interrupt mechanism from the Message Signaled Interrupt (MSI or MSI-X) to the INTx emulation while shutting down a device. Due to this, an interrupt handler was called repeatedly, and the system became unresponsive. On certain systems, the interrupt handler of Intelligent Platform Management Interface (IPMI) was called while shutting down a device on the way to reboot the system after running kdump. In such a case, soft lockups were performed repeatedly and the shutdown process never finished. With this update, the user can choose not to use MSI or MSI-X for the PCI Express Native Hotplug driver. The switching between the interrupt mechanisms is no longer performed so that the unwanted interrupt is not generated.

BZ# 810453

Previously, the eth_type_trans() function was called with the VLAN device type set. If a VLAN device contained a MAC address different from the original device, an incorrect packet type was assigned to the host. Consequently, if the VLAN devices were set up on a bonding interface in Adaptive Load Balancing (ALB) mode, the TCP connection could not be established. With this update, the eth_type_trans() function is called with the original device, ensuring that the connection is established as expected.

BZ# 811298

Due to incorrect use of the list_for_each_entry_safe() macro, the enumeration of remote procedure calls (RPCs) priority wait queue tasks stored in the tk_wait.links list failed. As a consequence, the rpc_wake_up() and rpc_wake_up_status() functions failed to wake up all tasks. This caused the system to become unresponsive and could significantly decrease system performance. Now, the list_for_each_entry_safe() macro is no longer used in rpc_wake_up(), ensuring reasonable system performance.

Enhancements

BZ# 801714

The qlge 10 Gigabit Ethernet driver for QLogic 81XX converged network adapter family has been updated to version 1.00.00.29, which provides a number of bug fixes over the previous version.

BZ# 806905

The Intelligent Platform Management Interface (IPMI) specification requires a minimum communication timeout of five seconds. Previously, the kernel incorrectly used a timeout of 1 second. This could result in failures to communicate with Baseboard Management Controllers (BMC) under certain circumstances. With this update, the timeout has been increased to five seconds to prevent such problems. All users of kernel are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. The system must be rebooted for this update to take effect.

1.116.11. RHBA-2012:0424 — kernel bug fix update

Updated kernel packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6 Extended Update Support. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Bug Fixes

BZ# 789912

Socket callbacks use the svc_xprt_enqueue() function to add sockets to the sp_sockets list. In normal operation, a server thread will later take the socket off that list. Previously, on the nfsd daemon shutdown, still-running svc_xprt_enqueue() could re-add a socket to the sp_sockets list just before it was deleted. Consequently, the system could terminate unexpectedly due to memory corruption in the sunrpc module. With this update, the XPT_BUSY flag is set on every socket before shutdown and svc_xprt_enqueue() now checks this flag, thus preventing this bug.

BZ# 795332

Due to a race condition, running the "ifenslave -d bond0 eth0" command to remove the slave interface from the bonding device could cause the system to crash when a networking packet was being received at the same time. With this update, the race condition has been fixed and the system no longer crashes under these circumstances.

BZ# 795337

In rare cases, a BUG_ON() macro could be triggered, causing the nfsd daemon to fail. The BUG_ON() macro checked the xpt_pool field, which was not actually used for anything. This update removes both the BUG_ON() macro and the xpt_pool field, fixing the problem.

BZ# 795817

An insufficiently well-designed calculation in the CPU accelerator in the previous version of the kernel packages caused an arithmetic overflow in the sched_clock() function when system uptime exceeded 208.5 days. This overflow led to a kernel panic on systems using the Time Stamp Counter (TSC) or Virtual Machine Interface (VMI) clock source. This update corrects the aforementioned calculation so that this arithmetic overflow and kernel panic can no longer occur under these circumstances.

BZ# 796826

On a system that created and deleted lots of dynamic devices, the 31-bit Linux ifindex object failed to fit in the 16-bit macvtap minor range, resulting in unusable macvtap devices. The problem primarily occurred in a libvirt-controlled environment when many virtual machines were started or restarted, and caused libvirt to report the following message: Error starting domain: cannot open macvtap tap device /dev/tap222364: No such device or address With this update, the macvtap's minor device number allocation has been modified so that virtual machines can now be started and restarted as expected in the described scenario.

BZ# 799942

The dm_mirror module can send discard requests. However, the dm_io interface did not support discard requests, and running an LVM mirror over a discard-enabled device led to a kernel panic. This update adds support for the discard requests to the dm_io interface, so that kernel panics no longer occur in the described scenario. All users of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.

1.116.12. RHBA-2011:1846 — kernel bug fix update

Updated kernel packages that fix two bugs are now available for Red Hat Enterprise Linux 6 Extended Update Support. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Bug Fixes

BZ# 751995

Previously, the idle_balance() function dropped or retook the rq->lock parameter, leaving the previous task vulnerable to the set_tsk_need_resched() function. Now, the parameter is cleared in setup_thread_stack() after a return from balancing and no successfully descheduled or never scheduled task has it set, thus fixing this bug.

BZ# 757670

A software bug related to Context Caching existed in the Intel IOMMU support module. On some newer Intel systems, the Context Cache mode has changed from previous hardware versions, potentially exposing a Context coherency race. The bug was exposed when performing a series of hot plug and unplug operations of a Virtual Function network device which was immediately configured into the network stack, i.e., successfully performed dynamic host configuration protocol (DHCP). When the coherency race occurred, the assigned device would not work properly in the guest virtual machine. With this update, the Context coherency is corrected and the race and potentially resulting device assignment failure no longer occurs. All users of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.

1.116.13. RHBA-2011:0874 — kernel bug fix update

Updated kernel packages that fix various bugs are now available for Red Hat Enterprise Linux 6. The kernel packages contain the Linux kernel, the core of any Linux operating system.

Bug Fixes

BZ# 710609

Xen guests cannot make use of all CPU features, and in some cases they are even risky to be advertised. One such feature is CONSTANT_TSC. This feature prevents the TSC (Time Stamp Counter) from being marked as unstable, which allows the sched_clock_stable option to be enabled. Having the sched_clock_stable option enabled is problematic for Xen PV guests because the sched_clock() function has been overridden with the xen_sched_clock() function, which is not synchronized between virtual CPUs. This update provides a patch, which sets all x86_power features to 0 as a preventive measure against other potentially dangerous assumptions the kernel could make based on the features, fixing this issue.

BZ# 712191

Issues for which a host had older hypervisor code running on newer hardware, which exposed the new CPU features to the guests, were discovered. This was dangerous because newer guest kernels (such as Red Hat Enterprise Linux 6) may have attempted to use those features or assume certain machine behaviors that it would not be able to process because it was, in fact, a Xen guest. One such place was the intel_idle driver which attempts to use the MWAIT and MONITOR instructions. These instructions are invalid operations for a Xen PV guest. This update provides a patch, which masks the MWAIT instruction to avoid this issue. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.117. kexec-tools

1.117.1. RHBA-2011:0736 — kexec-tools bug fix update

The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. The kexec-tools package provides the /sbin/kexec binary and ancillary utilities that form the user-space component of the kernel's kexec feature.

Bug Fixes

BZ# 605411

The kdump crash recovery service allows users to specify a raw device (that is, a raw disk or partition) as a target location for core dumps. Previously, when a kernel crash occurred and a core dump was written to such a raw device, kdump was unable to retrieve it after a reboot. With this update, the corresponding init script has been updated to search the configured raw device for the presence of a core dump upon the service startup. Now, when the kdump service is started and a core dump is found on the raw device, the init script retrieves it and creates a proper vmcore file in a local file system.

BZ# 607400

Due to various unrelated errors in the underlying source code, the kexec utility may not have worked properly on the SGI Altix UV architecture. This update applies a set of patches to address these issues, and kexec now works on this architecture as expected.

BZ# 619682

Prior to this update, the kdump.conf (5) manual page did not provide a description of the blacklist directive. This update corrects this error, and the blacklist directive is now included in the “ OPTIONS ” section of the kdump.conf (5) manual page as expected.

BZ# 626318

When running the firstboot application in a language other than English, certain messages regarding the configuration of the kdump crash recovery service were presented to a user in the original English version. This update corrects this error, and the Kdump section of the firstboot application no longer contains untranslated strings.

BZ# 626606

Prior to this update, an attempt to run the mkdumprd utility on a system without the /etc/modprobe.d/modprobe.conf file caused the utility to stop responding. With this update, this error no longer occurs, and mkdumprd now works as expected.

BZ# 626746

Due to an error in the init script, the kdump service did not take into account the value of the path option in the /etc/kdump.conf configuration file, and always saved the vmcore file to the /var/crash/ directory. This update adapts the corresponding init script to ensure that kdump uses the directory specified in the configuration.

BZ# 627118

In accordance with the current version of the Filesystem Hierarchy Standard (FHS), the makedumpfile utility is now installed in the /usr/sbin/ directory.

BZ# 627834

Previously, configuring the kdump service to store core dumps over a network on a system that used channel bonding or bridging caused the mkdumprd utility to display the following error message on the service startup:

Netmask is missed!

With this update, the underlying source code has been adapted to address this issue, and makedumpfile no longer displays this message when channel bonding or bridging is in use.

BZ# 628817

The kdump crash recovery service is unable to operate in Xen environment. With this update, an attempt to start kdump in such an environment fails with the “ Kdump is not supported on this kernel ” message.

BZ# 628827

The commented section of the /etc/kdump.conf configuration file contains the following line:

#core_collector cp --sparse=always

However, uncommenting this line without including /bin/cp in the initial RAM disk (that is, by using the extra_bins directive) would cause the kdump crash recovery service to fail. This update corrects this error, and the above line is now followed by #extra_bins /bin/cp .

BZ# 630305

Due to an error in the translation, when running the firstboot application in the Malayalam language (that is, the ml_IN language code), certain keyboard shortcuts on the Kdump screen did not work. This update corrects the Malayalam translation of the firstboot application, and all shortcuts can now be used as expected.

BZ# 630309

When running the firstboot application in the Malayalam language (that is, the ml_IN language code), the first paragraph on the Kdump screen contained an incorrect string. This update adapts the Malayalam translation of the firstboot application, and the Kdump screen is now translated correctly.

BZ# 642735

Prior to this update, an attempt to start the kdump service on a system with a large amount of memory (that is, 1TB and more) caused kdump to terminate unexpectedly with a segmentation fault. With this update, the underlying source code has been adapted to address this issue, and kdump no longer crashes

BZ# 642855

Due to an error in DHCP NAK handling, previous versions of kdump may have failed to resolve an IP address when storing a core dump to a remote server. This update corrects this error, and kdump no longer fails.

BZ# 645441

Prior to this update, the kdump crash recovery service failed to start on IBM System x3850 X5 machines. This update applies an upstream patch that extends the size of kcore ELF headers. Now, kdump can be started on such machines as expected.

BZ# 652191

Previously, configuring the kdump service to store core dumps to a remote machine over the SSH protocol and changing the core collector to cp caused it to name core dump files vmcore.flat , even when the SCP (Secure Copy) protocol was used. This update corrects this error, and kdump now only uses the .flat file extension when the makedumpfile utility is used as the core collector.

BZ# 652724

Previously, when a system did not have enough memory to use kdump , the Kdump screen of the firstboot application incorrectly displayed the Enable kdump? check box as selected, but did not allow a user to change it. This error has been fixed, and the Enable kdump? check box is no longer displayed when the kdump service cannot be configured.

BZ# 654245

When the kdump crash recovery service was already enabled, an attempt to use the firstboot application to change its configuration may have failed with the following message:

Insufficient memory to configure kdump!

This update adapts the underlying source code to verify that kdump is not running before displaying this message.

BZ# 669655

Previously, when the root partition was mounted as a read-only file system, the mkdumprd utility was unable to create a temporary directory and failed to build an initial RAM disk (that is, initrd ). This update adapts mkdumprd to use the /boot/ directory in this case. As a result, mounting the root partition as a read-only file system no longer renders mkdumprd unable to create an initial RAM disk.

BZ# 671013

Due to an error in the mkdumprd utility, updating a disk drive firmware could render the kdump crash recovery service unable to recognize the disk drive. This update adapts the mkdumprd utility to ignore disk drive firmware revisions, and kdump now works as expected.

BZ# 674893

Due to known issues with the hpsa and cciss drivers, kdump is unable to save core dumps to certain HP Smart Array Controllers that use these drivers. This update ensures that the kdump service is disabled on such controllers.

BZ# 676758

Prior to this update, an attempt to boot a system with the new syntax of the crashkernel kernel parameter (such as crashkernel=4G-:256M ) caused the firstboot application to terminate unexpectedly during the configuration of kdump . This update applies a patch to address this issue, and firstboot no longer crashes.

BZ# 679310

When using the Russian translation (that is, the ru_RU language code) of the firstboot application, the first paragraph on the Kdump screen incorrectly contained the — string. This update corrects this error, and the Kdump section of the firstboot application is now translated correctly.

BZ# 680741

Prior to this update, running the makedumpfile -V command caused the makedumpfile utility to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that removes -V from the list of supported command line options, and running the above command no longer causes makedumpfile to crash.

BZ# 683713

Due to a typing error in the underlying source code of the mkdumprd utility, configuring the kdump service to store core dumps to a raw device caused it to display a message similar to the following when a kernel crash occurred:

kill: cannot kill pid 887: No such process

This update corrects this error, and kdump no longer display the above error message upon a kernel crash.

BZ# 683735

When configured to use a raw device as a target location for core dumps, the kdump service recovers the dump file at next startup. Previously, an attempt to use this configuration without the core_collector option specified in the configuration file caused kdump to fail to recover the core dump. With this update, the underlying source code has been adapted to use the makedumpfile utility by default, and kdump is now able to recover core dumps as expected.

BZ# 688150

When the firstboot application is used to configure the kdump crash recovery service, a dialog box appears and prompts a user to reboot the system in order for the changes to take effect. Previously, closing this dialog box by clicking the Close button had the same effect as clicking Yes , and incorrectly initiated the system restart. This error no longer occurs, and clicking the Close button now only closes the dialog box as expected.

BZ# 691632

Under certain circumstances, the kdump service may have failed to create a core dump with the following error:

readmem: Can't read the dump memory(/proc/vmcore). Cannot allocate memory

This update fixes this regression, and kdump no longer fails to store the core dump.

BZ# 692264

Prior to this update, the mkdumprd utility was not allowed to create temporary files in the tmpfs file system, rendering the kdump service unable to start in a diskless environment. With this update, the underlying source code has been adapted to allow the use of the tmpfs file system, so that kdump is now able to start on diskless nodes as expected.

BZ# 692449

Previously, running the makedumpfile utility with the dump level (that is, the -d option) set to 16 or 31 may have caused the utility to fail. This update applies a patch that addresses this issue, and makedumpfile now works as expected.

BZ# 692685

With this update, the mkdumprd utility has been adapted to provide support for the --override-resettable option. This allows system administrators to start the kdump service on otherwise unsupported devices, such as HP Smart Array Controllers that use the hpsa or cciss driver.

BZ# 693015

Prior to this update, the kdump crash recovery service was unable to find an LVM device identified by a universally unique identifier (UUID). Consequent to this, when a system crashed, kdump may have failed to write a core dump to such a device. This update fixes this error, and kdump now locates LVM devices according to their UUIDs as expected.

Enhancements

BZ# 598064

After the installation of Red Hat Enterprise Linux 6, the firstboot application now allows users to edit the content of the /etc/kdump.conf configuration file.

BZ# 632709

Support for IBM System z has been added.

BZ# 672109

Previously, when the makedumpfile utility was used to translate a core dump file to the kdump-compressed format, it removed the ELF note section. Since this section contains potentially important information, this update adapts makedumpfile preserve this section in the kdump-compressed core dump files. All users of kexec-tools are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.

1.117.2. RHBA-2011:1387 — kexec-tools bug fix update

An updated kexec-tools package that fixes two bugs is now available for Red Hat Enterprise Linux 6. The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel.

Bug Fixes

BZ# 719917

Previously, the mkdumprd utility failed to parse the /etc/mdadm.cof configuration file. As a consequence, mkdumprd failed to create an initial ramdisk for kdump crash recovery and the kdump service failed to start. With this update, mkdumprd has been modified so that it now parses the configuration file and builds initrd correctly. The kdump service now starts as expected.

BZ# 726603

On the PowerPC 64 architecture, the kexec utiliity experienced a segmentation fault when the kdump service was started on a system containing more than 1 TB of RAM. As a result, it was not possible to capture a crash kernel on such a system. This has been fixed with this update so that kexec no longer crashes when kdump starts on a system with greater than 1 TB of physical memory, and kdump can now works as expected. All users of kexec-tools are advised to upgrade to this updated package, which fixes these bugs.

1.118. krb5

1.118.1. RHSA-2011:1379 — Moderate: krb5 security update

Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).

Security Fixes

CVE-2011-1527 , CVE-2011-1528 , CVE-2011-1529

Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original reporter of CVE-2011-1527 . All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically.

1.118.2. RHBA-2011:0571 — krb5 bugfix update

Updated krb5 packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). Kerberos has been upgraded to version 1.9, which provides a number of bug fixes over the previous version. (BZ# 642417 )

Bug Fixes

BZ# 595841 , BZ# 595842

Previously, no IPv6 suport was available for kprop, kpropd, kadmin and kadmind. This update adds IPv6 support to these utilities.

BZ# 627039

Previously, the krbPwdExpiration attribute in the principal's entry would often be ignored when the realm database was stored in a directory server. This update fixes this problem and this attribute is no longer ignored.

BZ# 629022

Previously, kinit with smart card login did not authenticate to the KDC correctly if the certificate on the smart card did not contain a subjectAltName extension or multiple certificates were available and krb5.conf was configured to select according to the value of the keyUsage extension in the certificates. This update continues to look for certificates with the right extension and corrects the valuation.

BZ# 630587

Previously, the init script for the kpropd was not Linux Standards Base (LSB) compliant. With this update, this init script is LSB compliant.

BZ# 630968

Previously, the KDC log files were not rotated by default. This update corrects this problem. Now these log files are rotated correctly.

BZ# 646499

Previously, logins failed if the user had a .k5login file which did not explicitly contain the user's principal name. With this update, this check can be disabled using the "k5login_authoritative" setting in krb5.conf.

BZ# 679612

Previously, GSSAPI authentication from Windows clients using cross-realm authentication failed if the client's ticket included a Privilege Attribute Certificate (PAC) with a failed signature check. Failed signature checks are now ignored. All krb5 users are advised to upgrade to these updated packages, which fix these bugs.

1.118.3. RHBA-2011:0907 — krb5 bug fix update

Updated krb5 packages that fixes a bug is now available for Red Hat Enterprise Linux 6. Kerberos is a network authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, a KDC (Key Distribution Center).

Bug Fix

BZ# 714866

Certain versions of the KDC software (included for example in Red Hat Enterprise Linux 2.1 and 3) reject requests, which include KDC options the software does not recognize, and do not support the "canonicalize" option. When a client was configured to use one of these versions of the KDC software, the client failed to obtain credentials for authentication to other services. This interoperability regression was introduced in the update to Red Hat Enterprise Linux 6.1. With this update, an upstream patch has been provided to fix this bug. Users of krb5 are advised to upgrade to these updated packages, which fix this bug.

1.119. krb5-appl

1.119.1. RHSA-2011:0920 — Important: krb5-appl security update

Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below. The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others.

Security Fix

CVE-2011-1526

It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group. Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Tim Zingelman as the original reporter. All krb5-appl users should upgrade to these updated packages, which contain a backported patch to correct this issue.

1.119.2. RHBA-2011:0687 — krb5-appl bug fix update

Updated krb5-appl packages are now available for Red Hat Enterprise Linux 6. The krb5-appl package contains Kerberos-aware versions of telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others.

Bug Fix

BZ# 632442

kshd, the Kerberos-aware version of rshd, unnecessarily failed if the name of the local user account being accessed was more than 16 characters long. This occurred despite the user name being accepted by klogind, the Kerberos-aware version of rlogind. In this update, kshd was modified to accept user names with the length of up to 32 characters as accepted by klogind. Users are advised to upgrade to these updated krb5-appl packages, which resolve this issue.

1.120. ldapjdk

1.120.1. RHBA-2011:0803 — ldapjdk bug fix update

An updated ldapjdk package that fixes one bug is now available for Red Hat Enterprise Linux 6. The Mozilla LDAP SDKs enable you to write applications which access, manage, and update the information stored in an LDAP directory.

Bug Fix

BZ# 684028

When parsing an attribute definition from a directory server schema entry, the ldapjdk parser did not properly handle the ORDERING and SUBSTR matching rule specifications. This bug was being encountered by: 1) RHDS customers using the 389-ds-console code; 2) Custom applications while using the LDAPSchemaElement.getOptionalValues() or LDAPAttributeSchema.getValue() methods to get a string representation of an LDAP attribute that has multiple matching rule types present. The offending method in ldapjdk was fixed so that new attributes with multiple matching rule types are created properly. All users of ldapjdk are advised to upgrade to this updated package, which fixes this bug.

1.121. libarchive

1.121.1. RHSA-2011:1507 — Moderate: libarchive security update

Updated libarchive packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The libarchive programming library can create and read several different streaming archive formats, including GNU tar and cpio. It can also read ISO 9660 CD-ROM images.

Security Fixes

CVE-2011-1777 , CVE-2011-1778

Two heap-based buffer overflow flaws were discovered in libarchive. If a user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image or tar archive with an application using libarchive, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libarchive users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libarchive must be restarted for this update to take effect.

1.122. libcacard

1.122.1. RHBA-2011:0583 — libcacard bug fix and enhancement update

New libcacard packages, and an updated spice-client package that fixes number of bugs and adds various enhancements, are now available for Red Hat Enterprise Linux 6. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol designed for virtual environments which allows users to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet. The spice-client package contains the spicec program, which renders a virtual desktop using the SPICE protocol. The new libcacard package contains Common Access Card (CAC) emulation library. The spice-client package has been upgraded to upstream version 0.8.0, which provides a number of bug fixes and enhancements over the previous version. (BZ# 671383 )

Bug Fixes

BZ# 630825 , BZ# 626975

When a kernel panic occurred on a guest, spice-client blinked the LED lights for the Num lock and Caps Lock keys even when it did not have keyboard focus, making it virtually impossible to type in another window. This bug has been fixed and both keys now work as expected.

BZ# 628573

The X Window Server occasionally used over 80% of CPU time while the client was in full-screen mode, which caused the user's desktop session to become very unresponsive. This bug has been fixed and the undesired overhead no longer occurs.

BZ# 642149

When switching to full-screen mode using the Shift+F11 shortcut, spice-client did not work properly with certain window managers such as Compiz. This bug has been fixed and the full-screen mode now works as expected in modern window managers.

BZ# 644292

When running the "spicec --controller" command without having set the SPICE_XPI_SOCKET environment variable, users could experience unexpected termination caused by a segmentation fault. This bug has been fixed and spicec now exits cleanly with an error message in this particular scenario.

BZ# 653535

Using the Red Hat Enterprise Virtualization Manager, when a guest connected to a virtual machine (VM) via spicec, the window received title that differed from the VM name. This bug has been fixed and the user window's title now matches the name of the VM.

BZ# 655029

A watermark banner was visible during the whole session and it obstructed the user's view. This update disables the banner so that it no longer obstructs the view.

BZ# 670238

When spice-client was set to use JPEG compression for images, the client sometimes terminated unexpectedly. This bug has been fixed and the spice-client now handles JPEG images properly.

BZ# 670274

If the client failed verification because of a subject mismatch between the supplied host and the actual host, the error message given was too short to be useful. With this update, the error message is now sufficiently informative.

BZ# 670276

The spicec program incorrectly parsed long arguments when an equal sign ("=") was used. As a result, an error message was given and the client did not start. This bug has been fixed and the client now behaves as expected.

BZ# 675767

When a spice-client hotkey was set to Ctrl+Alt, users were unable to send, using Sticky-Alt, a Ctrl+Alt+key key sequence to a guest. That prevented various functionality such as switching focus to the console or setting keyboard shortcuts. This bug has been fixed and users can send the client a key sequence with Ctrl and Alt keys using Sticky-Alt even if a spice-client hotkey is set to Ctrl+Alt.

BZ# 679467

Status changes of the Caps Lock and Num Lock key were not synchronized from the guest to the client. With this update a guest and a client always synchronize their status of the Caps Lock and Num Lock keys.

BZ# 680763

Sometimes, spicec became stuck when exiting from full-screen mode if it received an asynchronous X Window system error. With this update, spicec now correctly calls the appropriate "_exit()" function in this rare circumstance so that spicec does not become stuck if this situation occurs. Enhancements

BZ# 644258

With an appropriate spice-server installed and a spice-agent running, users of spice-client can now copy-and-paste between the guest and the client.

BZ# 545936

With this update, the following features have been added to the spice-client package to support a WAN (wide area network) environment: lossy compression for RGBA images on WAN connections, zlib compression (over GLZ) on WAN connections, an option to disable guest display effects such as animations, and an option to set guest color-depth.

BZ# 675085

The spice-server and spice-client packages use common libraries in Red Hat Enterprise Linux 6.1. This renders the following packages obsolete: cairo-spice version 1.8.7.2 and earlier, ffmpeg-spice version 0.4.9-1 and earlier, pixman-spice version 0.13.3-6 and earlier, and spice-common version 0.4.2-8 and earlier. These removed and obsoleted packages are now recorded in the spice-server.spec file. Note that if both spice-client and spice-server are installed on a system, upgrading one of them will also cause the other to be upgraded.

BZ# 641829

The spice-client package now supports Common Access Cards (CACs), allowing single sign-on and other card services such as encryption.

BZ# 641831

The spice-client package now supports Red Hat Enterprise Linux Single Sign-On (SSO) functionality with properly-configured smart card readers. Users of spice-client should upgrade to these updated packages, which fix these bugs and add these enhancements.

1.123. libcgroup

1.123.1. RHBA-2011:0577 — libcgroup bug fix and enhancement update

Updated libcgroup packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 6. The libcgroup packages provide tools and libraries to control and monitor control groups.

Bug Fixes

BZ# 620368

With this update, the cgred and cgconfig services return proper exit codes when an error occurs.

BZ# 622462

The cgconfig service was erroneously setting values of configured parameters in the reverse order as they were written in the /etc/cgconfig.conf file. With this update, the cgconfig service now correctly sets parameter values in the same order as they appear in the configuration file.

BZ# 626127

The cgget command (which prints parameters of given cgroups) did not correctly display information about resource controllers due to a small buffer size. With this update, the buffer is no longer limited in size and the cgget command displays correct information.

BZ# 628895

The cgcreate command changed the current working directory when creating a cgroup. The command restored the working directory to the previous location, however, some directory changes could have been refused (for example, SELinux; resulting in cryptic security denials). With this update, the cgcreate command no longer changes the current working directory and therefore no longer incurs any SELinux denials.

BZ# 635984

After re-mounting a hierarchy of cgroups, the lssubsys command displayed incorrect information about the mounted hierarchies. This update fixes the faulty parsing of mounted hierarchies which are now correctly displayed.

BZ# 650984

The cgred service failed to start if the cgconfig service was not running and returned the following error: "libcgroup initialization failed, 50001". With this update, a more human-readable error message is returned when the cgred service is started before the cgconfig service.

BZ# 667957

The cgclassify command returned exit code 1 even if no errors occurred. With this update, exit code 0 is returned in the aforementioned case.

BZ# 679698

The /etc/cgconfig.conf file could not contain parameter values with special characters such as commas. Therefore, it was not possible to set certain values for some parameters (for example, cpuset.cpus=0,2). With this update, the cgconfig.conf parser allows enclosing the parameter values inside double quotes which allow special characters to be defined inside them (for example, cpuset.cpus="0,2").

Enhancement

BZ# 649195

The libcgroup package now includes the cgsnapshot tool which is used to write the current state of control groups to a configuration file. Users are advised to upgrade to these updated libcgroup packages, which resolve these issues and add this enhancement.

1.124. libcmpiutil

1.124.1. RHEA-2011:0641 — libcmpiutil enhancement update

An enhanced libcmpiutil package is now available for Red Hat Enterprise Linux 6. The libcmpiutil library provides an API for performing common tasks with various Common Manageability Programming Interface (CMPI) providers.

Enhancement

BZ# 633332

The libcmpiutil package has been upgraded to upstream version 8.5.4, which improves performance and is a prerequisite for the new interfaces provided by the libvirt-cim package update as the package depends on the libcmpiutil library. Users of libcmpiutil are advised to upgrade to this updated package, which adds this enhancement.

1.125. libcxgb3

1.125.1. RHBA-2011:0758 — libcxgb3 bug fix and enhancement update

Updated libcxgb3 packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. libcxgb3 is a device-specific driver for use with the libibverbs InfiniBand/iWARP verbs library. This driver enables Chelsio Internet Wide Area RDMA Protocol (iWARP) capable ethernet devices. This update upgrades libcxgb3 to upstream version 7.10, which provides multiple bug fixes and enhancements over the previous version. (BZ# 675025 ) All users of libcxgb3 are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.126. libdfp

1.126.1. RHBA-2011:0659 — libdfp bugfix update

Updated libdfp packages that fix various bugs are now available for Red Hat Enterprise Linux 6. The libdfp packages contain the Decimal Floating Point C Library, which is inter alia used for converting strings into decimal floating point numbers. The libdfp packages have been upgraded to upstream version 1.0.6, which provides a number of bug fixes over the previous version. (BZ# 642693 )

Bug Fixes

BZ# 625495

Previously, converting a string into a decimal floating point number greater than zero and less than one caused an error. During this conversion, the first decimal digit disappeared; consequently all following computations were done with wrong numbers. This bug has been fixed so that the conversion into the decimal floating point number now works as expected.

BZ# 628670

Under some circumstances, libdfp encountered an issue while converting a value from a string into a decimal floating point number with the conversion command "strtod32". The "strtod64" and "strtod128" commands, which are also included in libdfp, did work correctly. The problem has been resolved so that the conversion now proceeds properly.

BZ# 673222

Previously, there were several testsuite failures encountered when building the libdfp packages for the IBM S/390 architecture. These testsuite failures have been corrected with this update and thus no longer occur. All users requiring libdfp should upgrade to these updated packages, which fix these bugs.

1.127. libgcrypt

1.127.1. RHBA-2011:0726 — libgcrypt bug fix update

An updated libgcrypt package that fixes various bugs is now available for Red Hat Enterprise Linux 6. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.

Bug Fixes

BZ# 576549

Previously, the build time test did not support FIPS (Federal Information Processing Standard) mode and failed in this mode. This update modifies the test so that it passes successfully on machines set to use FIPS mode.

BZ# 669084

In FIPS mode, libgcrypt used the /dev/random device as the source for the RNG (Random Number Generator) seed. This caused the RNG initialization in FIPS mode to take several minutes. With this update, libgcrypt uses the /dev/urandom device for the RNG seed and RNG initialization no longer causes any delays. All users of libgcrypt are advised to upgrade to this updated package, which resolves these issues.

1.127.2. RHEA-2011:0846 — libgcrypt enhancement update

An updated libgcrypt package that adds an enhancement is now available for Red Hat Enterprise Linux 6. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.

Enhancement

BZ# 709059

With this update, the libgcrypt API for the DSA algorithm has been enhanced to allow for presetting the prime (P) and the subprime (Q) parameters when generating the base (G) parameter. This is necessary for the algorithm correctness validation according to the FIPS-186-3 standard. All users of libgcrypt are advised to upgrade to this updated package, which adds this enhancement.

1.127.3. RHEA-2011:0515 — libgcrypt enhancement update

An updated libgcrypt package that introduces a feature enhancement is now available for Red Hat Enterprise Linux 6. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.

Enhancement

BZ# 703490

In FIPS mode, libgcrypt can now use a configurable source of RNG (Random Number Generator) seed. On systems with sufficient amount of entropy gathered from the kernel entropy sources or systems with hardware RNGs, the system administrator can add the "/etc/gcrypt/rngseed" symbolic link pointing to the "/dev/random" device node or a hardware RNG device. This symbolic link will be then opened and read by the libgcrypt library to initialize its RNG. All users of libgcrypt are advised to upgrade to this updated package, which adds this enhancement.

1.128. libgssglue

1.128.1. RHBA-2011:0789 — libgssglue bug fix update

Updated libgssglue packages that fix two bugs are now available. The libgssglue packages provide a library required by programs in the rpcbind package. This library exports a GSSAPI interface that calls GSSAPI routines in other libraries.

Bug Fixes

BZ# 558941

Previously, the libgssglue library files were placed in the "/usr/lib/" or "/usr/lib64/" directory, depending on the architecture. As the library is required by rpcbind which is installed in "/sbin/", this update moves the libgssglue library files to "/lib/" or "/lib64/".

BZ# 681660

Previously, it was not possible to install both the 32-bit and 64-bit -devel packages simultaneously. This update resolves this multi-arch conflict. All libgssglue and rpcbind users should install these updated packages, which address these issues.

1.129. libguestfs

1.129.1. RHSA-2011:0586 — Low: libguestfs security, bug fix, and enhancement update

libguestfs is a library for accessing and modifying guest disk images. Updated libguestfs packages that fix one security issue and several bugs, and add a number of enhancements, are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are linked to from the security descriptions below.

Security Fix

libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were accessible to the user on that host by running a program that utilized the libguestfs library. ( CVE-2010-3851 ) Libguestfs has been rebased to upstream version 1.7.17, which includes the following bug fixes and enhancement ( BZ#613593 ):

BZ# 600144

The guestfish mkmountpoint and umount-all commands are considered incompatible. Mount points created with the mkmountpoint command become invalid after the umount-all command is used. This is now documented in the guestfish man page. Customers should note that it is possible to safely unmount devices that were mounted with mkmountpoint by using the umount command.

BZ# 612308

The -net and vlan=... options in the qemu package are deprecated. To avoid relying on these deprecated options, libguestfs now uses the -netdev option instead.

BZ# 615223

The guestfish vfs-type command could not determine the type of a file system newly created by guestfish . This occurred because the vfs-type command tried to read the type from a cache file ( blkid.c ) that had not yet been updated. The cache file is now deleted between file system creation and attempting to read the file system type, resulting in updated file system information for vfs-type to read.

BZ# 617440

If the $HOME variable was not set, guestfish did not expand a path containing ~ (tilde) into a path to the user's home directory. Guestfish now examines the current user's passwd file for the location of the user's home directory so that a path containing ~ can be expanded correctly. Additionally, an off-by-one error was discovered in the same path-expansion algorithm. This error could potentially cause a crash. The off-by-one error has been corrected so that this crash is no longer possible.

BZ# 627468

The virt-inspector and virt-v2v tools did not work for Windows guests if an additional package, libguestfs-winsupport , was not installed. The error message did not explicitly state that this missing package could be responsible for the error. An additional note has been added to make the error output more useful when attempting to use these tools with Windows guests.

BZ# 627832

Some guestfish commands print integer results. In some cases, namely for file permissions, the natural radix for these results is octal. Instead, guestfish returned decimal integer results for commands such as umask . This has been corrected, and guestfish commands that return integers now return them in the natural radix for that number.

BZ# 627833

The get-e2uuid command retrieved file system UUIDs via tune2fs -l . This failed on journaling block devices (JBDs) and other devices that were not second, third or fourth extended file systems (ext2, ext3 or ext4). get-e2uuid has been reimplemented so that it retrieves UUIDs via blkid instead of tune2fs -l , resolving this issue. However, since the get-e2uuid command has been deprecated, customers are advised to retrieve UUIDs with the vfs-uuid command instead.

BZ# 633174

Some guestfish commands would hang when applied to non-regular files. This had some security implications in that a guest could replace regular configuration files with, for example, character devices, and cause virt-inspector and other programs to hang. guestfish commands have been modified and can now handle non-regular files. Additionally, virt-inspector has been rewritten as virt-inspector2 , which is both more powerful, and more careful about untrusted files from the guest.

BZ# 639601

libguestfs documentation did not specify that special characters should be surrounded by quotes or otherwise "escaped" when used with the virt-ls at the command line. The following has been added to the libguestfs documentation: Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as # and space. You may need to quote or escape these characters on the command line. See the shell manual page sh(1) for details.

BZ# 639602

libguestfs documentation did not specify that special characters should be surrounded by quotes or otherwise "escaped" when used with the virt-list-filesystems at the command line. The following has been added to the libguestfs documentation: Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as # and space. You may need to quote or escape these characters on the command line. See the shell manual page sh(1) for details.

BZ# 657472

The guestfish checksum command contained a file descriptor that was not closed properly in an error path. If the checksum command resulted in an error, this would later prevent the file system from being unmounted with either umount or umount-all . The file descriptor is now closed properly on the error path, so an error in checksum no longer causes problems unmounting file systems.

BZ# 657502

The virt-inspector package had an unnecessary dependency on the perl-String-ShellQuote package. This superfluous dependency has been removed. Note that this bug was reported and corrected during development. It was not seen in production systems in the field.

BZ# 666577

If the /etc/fstab of a guest machine contained a reference to a floppy disk ( /dev/fd0 ), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:

unknown filesystem /dev/fd0

This warning has been suppressed to avoid confusion, and should no longer appear even if the guest machine refers to floppy disks in /etc/fstab .

BZ# 666579

If the /etc/fstab of a guest machine contained a reference to a CD-ROM drive ( /dev/hdc ), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:

unknown filesystem /dev/hdc

This warning has been suppressed to avoid confusion, and should no longer appear even if the guest machine refers to CD-ROM drives in /etc/fstab .

BZ# 668115

The virt-filesystems command failed when used against a guest which had a missing or corrupt file system label. This command has been updated to handle guest file systems with missing or corrupt file system labels. Note that this bug was reported and corrected during development. It was not seen in production systems in the field.

BZ# 668611

When a device in /etc/fstab did not exist, the guestfish -i command failed with a "No such file or directory" error. In the event of missing devices, guestfish now completes, and reports that some file systems could not be mounted. Note that this bug was reported and corrected during development. It was not seen in production systems in the field.

BZ# 669840

The febootstrap package contained tools required to both build and run libguestfs . This package has now been split into two parts: febootstrap and febootstrap-supermin-helper . febootstrap now contains only tools used to create supermin appliances. A new package, febootstrap-supermin-helper , is a helper tool used to rebuild supermin appliances on the fly. libguestfs now depends only on the smaller febootstrap-supermin-helper package. Fresh libguestfs installations to Red Hat Enterprise Linux 6.1 now require less space because of this smaller dependency.

BZ# 673477

Separating libguestfs trace output from debug output was difficult. A string ( libguestfs: trace: ) is now added to the beginning of each line of the trace output so that it can be easily distinguished and filtered out of logs with the grep command or similar.

BZ# 673721

The virt-make-fs man page referred to the non-existent tool virt-make-resize . This reference should have been to the virt-make-fs tool. The man page has been corrected.

BZ# 676788

The guestfish set-trace command was not prepared to handle all possible error conditions. This resulted in a segmentation fault when attempting to handle several conditions. The command now handles trace errors separately, so the segmentation fault no longer occurs. Note that this bug was reported and corrected during development. It was not seen in production systems in the field.

BZ# 691724

If the /etc/fstab of a guest machine contained a reference to a virtio disk ( /dev/vda1 ), virt-inspector printed a warning and ignored the virtio disk. The warning has been suppressed, and virtio disks are now recognized by virt-inspector .

BZ# 695138

A superfluous dependency on the gfs2-utils package has been removed. All libguestfs users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

1.130. libguestfs-winsupport

1.130.1. RHEA-2011:0792 — libguestfs-winsupport enhancement update

An enhanced libguestfs-winsupport package is now available for Red Hat Enterprise Linux 6. The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine (VM) disk images.

Bug Fix

BZ# 691555

The debuginfo subpackage contained no data and has been removed.

Enhancement

BZ# 670299

The libguest-winsupport package depended on the entire febootstrap package. Since the febootstrap package was split into the febootstrap package and febootstrap-supermin-helper packages, libguest-winsupport now depends only on the febootstrap-supermin-helper package, which contains the runtime part of the original febootstrap package. Users of libguestfs-winsupport are advised to upgrade to this updated package, which adds this enhancement and fixes this bug.

1.131. libhbalinux

1.131.1. RHBA-2011:0799 — libhbalinux bug fix update

An updated libhbalinux package that fixes various bugs is now available for Red Hat Enterprise Linux 6. The libhbalinux library is a vendor library utilized by fcoe-utils. The libhbaapi library provides programmatic access to the libhbalinux library. This library can retrieve adapter information with the assistance of libpciaaccess.

Bug Fixes

BZ# 690014

Creating an FCoE (Fibre Channel over Ethernet) interface, by executing the "fceoadm -c [interface]" command, and shortly after the creation executing the "fcoeadm -i" command (which displays information about FCoE instances), resulted in a segmentation fault due to a NULL pointer dereference. This update fixes this issue and a segmentation fault no longer occurs in the aforementioned case. After upgrading the libhbalinux package, the "fcoeadm -i" command (which shows information about FCoE instances) printed an error message. With this update, the "fcoeadm -i" command has been fixed, and no longer returns an error message All users of libhbalinux are advised to upgrade to this updated package, which resolves these issues.

1.132. libica

1.132.1. RHBA-2011:0676 — libica bug fix update

Updated libica packages that fix various bugs are now available. A library of functions and utilities for accessing ICA hardware crypto on IBM zSeries.

Bug Fixes

BZ# 640035

Previously, when the libica library ran in 31-bit mode, the STCK buffer length was smaller than required, which caused corrupted memory and application crashes. This is now fixed to ensure that the libica library allocates an appropriately sized STCK buffer in 31-bit mode to prevent corrupted memory and application crashes.

BZ# 665401

Previously, a SIGILL handler wrapped all cryptographic operations and caught crashes caused by invalid CPU instructions. This SIGILL handler prevented crashes but caused significant performance regression in the system. This is now fixed so that the CPU correctly reports the availability of individual cryptographics algorithms, therefore the SIGILL wrappers are removed.

BZ# 624005

The libica testsuite failed for libica_keygen_test and libica_sha1_test. The test failed for libica_sha1_test because "return to zero" was missing for the old_api_sha_test() function. The libica_keygen_test test failed because the openSSL powered RSA exponent only handles the values 3 or 65537 and libica_keygen_test provided a default random value. This is now fixed so that libica_sha1_test's old_api_sha_test includes "return to zero" and libica_keygen_test runs with parameters, "libica_keygen_test <keylength> <3|65537>". Due to this, the libica testsuite no longer fails for libica_keygen_test and libica_sha1_test. Users are advised to upgrade to these updated packages, which resolves these issues.

1.133. libnl

1.133.1. RHBA-2011:0795 — libnl bug fix update

An updated libnl package that fixes various bugs is now available. This package contains a convenience library to simplify using the Linux kernel's netlink sockets interface for network manipulation.

Bug Fixes

BZ# 620345

When a domain started under libvirt, a memory leak was triggered from the libnl library because libnl continued to use memory no longer in use. Memory leaks in libnl are now fixed and libnl releases memory after it completes usage.

BZ# 677725 , BZ# 677724

The port allocation/de-allocation was not safe in multi-threaded applications and the logic was incorrect, which resulted in some applications and other libraries being unable to initialize libnl. Port allocation/de-allocation and logic is now fixed, and libnl can now be initialized. () All libnl users should upgrade to this updated package, which resolves these issues.

1.134. libpciaccess

1.134.1. RHBA-2011:0806 — libpciaccess bug fix update

Updated libpciaccess packages that fix two bugs are now available for Red Hat Enterprise Linux 6. libpciaccess is a low level system library used to access PCI devices. It provides this functionality for X.Org and virtualization layers.

Bug Fixes

BZ# 675756

If pci_system_init/pci_system_cleanup was run twice (or more) in a row within the one process, a double close() could occur on the config_fd variable. This caused an error, as the FD associated with nullfd was closed by the second pci_get_strings() call. That was because the pci_device_linux_sysfs_destroy() failed to re-initialize the global 'config_fd' variable to -1 after closing it. This patch adds a line to set config_fd to -1 after the closure, fixing the issue.

BZ# 675758

When the pci_system_init() function opened the /proc/mtrr file and saved its file descriptor, then pci_system_cleanup() would fail to close the file descriptor. This resulted in a leak of the FD. With this update, added to the above bug's patch, the file descriptor is closed as expected. All users of libpciaccess are advised to upgrade to these updated packages which resolve these issues.

1.135. libpng

1.135.1. RHSA-2011:1105 — Moderate: libpng security update

Updated libpng packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.

Security Fixes

CVE-2011-2690

A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

CVE-2011-2501

Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash.

CVE-2011-2692

An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. Users of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect.

1.136. librsvg2

1.136.1. RHSA-2011:1289 — Moderate: librsvg2 security update

Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart.

Security Fix

CVE-2011-3146

A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.

1.137. libselinux

1.137.1. RHBA-2011:0751 — libselinux bug fix update

Updated libselinux packages that fix various bugs are now available. libselinux is the core library of an SELinux system. It provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. It is required for any applications that use the SELinux API and used by all applications that are SELinux-aware.

Bug Fixes

BZ# 658571

libselinux used __thread variables to store malloc() data in order to minimize computation. Destructors cannot be associated with __thread variables, so malloc() data stored in a __thread void* variable could potentially cause memory leaks upon thread exit. For example, repeatedly starting and stopping domains with libvirt could trigger out-of-memory exceptions, since libvirt starts one thread per domain, and each thread uses libselinux calls such as fgetfilecon. libselinux has been updated to be thread-safe, preventing these potential memory leaks.

BZ# 693600

An update to libselinux added global destructors, which deleted thread-specific keys without checking that they had been initialized. Since the keys were not always initialized with the pthread_key_create() method and their default value was 0, it was possible that key 0 would be removed by these destructors. This resulted in segmentation faults in programs using active threads whose keys were removed, specifically in OpenJDK. Keys now receive a default value of -1, protecting uninitialized keys from attempts by global destructor to delete them. Note that this issue was discovered and corrected during development, and was not seen in production systems in the field.

BZ# 680887

An update to libselinux caused a segmentation fault to appear in the multi-threaded pam_chauthtok() test program. If a shared library attempted to call pthread_key_create(), the associated destructors were registered with that library. The segmentation fault occurred when pthread_key_delete() was called, if that library was dereferenced with dlclose() before the destructors were removed with pthread_key_delete(). This issue has now been corrected. Note: this issue was discovered and corrected during development, and was not seen in production systems in the field. All users of libselinux are advised to upgrade to these updated packages, which resolve these issues.

1.138. libsndfile

1.138.1. RHSA-2011:1084 — Moderate: libsndfile security update

Updated libsndfile packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The libsndfile packages provide a library for reading and writing sound files.

Security Fix

CVE-2011-2696

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format (PAF) audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect.

1.139. libsoup

1.139.1. RHSA-2011:1102 — Moderate: libsoup security update

Updated libsoup packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. libsoup is an HTTP client/library implementation for GNOME.

Security Fix

CVE-2011-2524

A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.

1.140. libssh2

1.140.1. RHBA-2011:1373 — libssh2 bug fix update

An updated libssh2 package that fixes one bug is now available for Red Hat Enterprise Linux 6. The libssh2 package provides a library that implements the SSH2 protocol.

Bug Fix

BZ# 743511

Prior to this update, libssh2 package leaked memory and terminated unexpectedly in certain situations. This update modifies libssh2 so that no more memory leaks occur and now libssh2 works as expected. Note, that all running applications using libssh2 have to be restarted for the update to take an effect. All users of libssh2 are advised to upgrade to this updated package, which fixes this bug.

1.141. libtdb

1.141.1. RHBA-2011:0808 — libtdb bug fix update

Updated libtdb packages that resolve an issue are now available for Red Hat Enterprise Linux 6. The libtdb package contains a library that implements a trivial database.

Bug Fix

BZ# 692251

When processing very large database updates, occasionally, tdb incorrectly allocated unnecessarily large amounts of memory. As a result, an OOM (Out Of Memory) situation occurred. This was caused by libtdb calling the tdb_expand() function to increase its size by creating space to store an extra hundred records of the size of the largest record it currently has. With this update, this behavior has been removed and tdb no longer allocates unnecessarily large amounts of memory. All users of libtdb are advised to upgrade to these updated packages, which resolve this issue.

1.142. libtirpc

1.142.1. RHBA-2011:0747 — libtirpc bug fix update

An updated libtirpc package that fixes various bugs is now available. The libtirpc package contains SunLib's implementation of transport independent RPC (TI-RPC) documentation. This includes a library required by programs in the nfs-utils and rpcbind packages.

Bug Fixes

BZ# 558937

Binaries in the nfs-utils package located in /sbin relied on shared libraries located in /usr. This has been fixed so that nfs-utils binaries installed in /sbin no longer rely on shared libraries in /usr/lib.

BZ# 628682

BZ# 676234

In a multi-homed NFS server with two IP addresses on the same subnet, mount operations sent to one IP address would result in a reply from the other IP address. This is now fixed to ensure that a mount request to one IP address elicits a response from the same IP address. Users are advised to upgrade to these updated packages, which resolve this issue.

1.143. libvirt

1.143.1. RHSA-2011:1197 — Moderate: libvirt security and bug fix update

Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.

CVE-2011-2511

An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.

Bug Fixes

BZ

Previously, when the "virsh vol-create-from" command was run on an LVM (Logical Volume Manager) storage pool, performance of the command was very low and the operation consumed an excessive amount of time. This bug has been fixed in the virStorageVolCreateXMLFrom() function, and the performance problem of the command no longer occurs.

BZ# 726617

Due to a regression, libvirt used undocumented command line options, instead of the recommended ones. Consequently, the qemu-img utility used an invalid argument while creating an encrypted volume, and the process eventually failed. With this update, the bug in the backing format of the storage back end has been fixed, and encrypted volumes can now be created as expected.

BZ# 728516

Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure. This bug has been fixed, and auditing of disk hot unplug operations now works as expected.

BZ# 728546

Previously, when a debug process was being activated, the act of preparing a debug message ended up with dereferencing a UUID (universally unique identifier) prior to the NULL argument check. Consequently, an API running the debug process sometimes terminated with a segmentation fault. With this update, a patch has been provided to address this issue, and the crashes no longer occur in the described scenario. * The libvirt library uses the "boot=on" option to mark which disk is bootable but it only uses that option if Qemu advertises its support. The qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support for that option and libvirt could not use it. As a consequence, when an IDE disk was added as the second storage with a virtio disk being set up as the first one by default, the operating system tried to boot from the IDE disk rather than the virtio disk and either failed to boot with the "No bootable disk" error message returned, or the system booted whatever operating system was on the IDE disk. With this update, the boot configuration is translated into bootindex, which provides control over which device is used for booting a guest operating system, thus fixing this bug. All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect.

1.143.2. RHSA-2011:0596 — libvirt bug fix and enhancement update

Updated libvirt packages that upgrade the libvirt library to upstream version 0.8.7, fix a number of bugs, and add various enhancements and new features are now available for Red Hat Enterprise Linux 6. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. These updated packages upgrade the libvirt library for Red Hat Enterprise Linux 6 to upstream version 0.8.7, which contains many enhancements and bug fixes over the previous version. This section contains detailed information about a subset of bug fixes and enhancements that are likely to affect customers only. For a short summary of all changes see the CHANGELOG file installed to /usr/share/doc/libvirt-0.8.7 when the updated package is installed.

Bug Fixes

BZ# 515692

Guests were not required to honour the virDomainSetMemory() setting, making it impossible to set a hard limit on guest memory consumption. New virDomainGetMemoryParameters and virDomainSetMemoryParameters methods have been introduced to allow users to fine-tune and enforce memory limits.

BZ# 561935

Live migration of a guest could take an exceptionally long time to converge to the switchover point if the guest was very busy. Migration is more likely to complete if a guest's downtime setting is increased. However, libvirt was sending an incorrectly formatted request to increase the downtime setting of a guest. This update corrects the format of this request to assist in live migration completion.

BZ# 672226

Using SASL authentication with a single libvirt connection for multiple threads could result in libvirt hanging while waiting for a response from the libvirt daemon. SASL decoding has been fixed such that clients do not wait for further data while already decoded SASL data remains unprocessed, so libvirt no longer hangs in this situation.

BZ# 688774

libvirt was not careful about object locking rules when managing KVM guests, which resulted in a number of unexpected actions. If a guest shut down without notice, libvirt could crash or loop indefinitely. Locking code in libvirt has been improved to avoid accessing data outside locks, and to avoid deadlocks when multiple threads are interacting with the same domain, so libvirt no longer hangs or crashes when a guest shuts down.

BZ# 677729

The port allocation/de-allocation of the libnl library, which is used by libvirt for macvtap (for example, vepa and vnlink) interfaces, was not threadsafe and the logic was incorrect. This resulted in a failure to initialize libnl , and a subsequent failure of the associated libvirt functionality. In particular, the first guest vepa interface started on a host would work, but all subsequent vepa interfaces would fail. Port allocation/de-allocation and logic is now fixed in libnl , and the failures in libvirt no longer occur.

BZ# 687551

In previous releases, libvirt set a maximum lease limit for DHCP leases on each virtual network according to the number of addresses available on that network. However, all networks shared the same lease file, so the maximum lease limit was reached long before all networks had given out all of their addresses. This meant that some guests were unable to obtain IP addresses. With this release of libvirt , each virtual network uses its own lease file, so there is sufficient space for all configured addresses to be allocated.

BZ# 691514

When creating virtual machines via remote protocol, the client hung because the list of remote procedure calls to execute was not traversed correctly. Traversal has been corrected so that creating virtual machines remotely no longer causes libvirt to hang.

BZ# 692998

libvirt removed the managed state file (created by virsh managedsave dom ) even if it failed to restore and start the domain using that file. This caused data loss. The managed state file is now removed only if the restore operation succeeds.

BZ# 638285

During migration, an application could query block information on the virtual guest being migrated. This resulted in a race condition that crashed libvirt . libvirt now verifies that a guest exists before attempting to start monitoring operations.

BZ# 656795

Memory buffer was not freed properly on domain startup and shutdown, which led to a memory leak that increased each time the domain was started or shut down. This update removes this memory leak.

BZ# 660706

The %post script (part of the libvirt-client package) started the libvirt-guests service even when the service was explicitly turned off. The libvirt-guests service is no longer started when explicitly turned off.

BZ# 659310

A deadlock occurred in the libvirt service when running concurrent bidirectional migration because certain calls did not release their local driver lock before issuing an RPC (Remote Procedure Call) call on a remote libvirt daemon. A deadlock no longer occurs between two communicating libvirt daemons.

BZ# 653293

When running virsh vcpuinfo or setting up virtual CPU pinning on a host machine that used NUMA, virsh vcpuinfo showed the incorrect number of virtual CPUs. Virtual CPU pinning could also fail because libvirt reported an incorrect number of CPU sockets per NUMA node. Virtual CPUs are now counted correctly.

BZ# 660194

An off-by-one error in a clock variable caused a virtual guest to show incorrect date and time information. This update corrects this error so that date and time information is correctly displayed.

BZ# 649523

A specification file bug caused permissions on the /var/lib/libvirt directory to change when a system was upgraded. With this update, correct permissions are assigned to the aforementioned directory.

BZ# 658657

libvirt used a non-thread friendly SELinux API (matchpathcon) to get the default security context for a specified path. This led to a memory leak upon domain startup and shutdown. libvirt now uses improved SELinux APIs, so this memory leak no longer occurs.

BZ# 646895

Device boot order could not be set more explicitly than Network, Disk, CD ROM, or Floppy. This meant that users could not select the exact boot device that they wished to use. A per-device <boot> element has been introduced, which can be used to specify the exact order of boot devices.

BZ# 609463

The MAC address of libvirt 's bridges could change over time depending on which guests were currently running and connected. This caused problems in some Windows guests, which assumed that the changed MAC address indicated a new network connection, and automatically launched a configuration wizard. libvirt now creates a dummy tap device with a guaranteed lowest MAC address that will not change. This address is stored as part of network configuration so that it will persist across host reboots.

BZ# 611793

If the configuration for a virtual network only contained static address definitions, dnsmasq (the DHCP server used by libvirt) was started incorrectly and would not respond to any DHCP requests. Any guests with MAC address/IP address pairs listed in static address definitions were then unable to acquire their IP addresses. libvirt now starts up dnsmasq with the correct options so that these statically configured addresses are properly served to the guests.

BZ# 639587

The virsh freecell command could be run with an invalid (non-integer) argument without error, and the free memory for node 0 would still be printed. The validity of the argument is now checked, and an error message is now printed when an invalid value is detected.

BZ# 671050

If the virsh detach-interface command was used on a domain with multiple NICs, but a particular MAC address was not specified with --mac , virsh detached the first interface without error. The --mac option is now required where a domain has multiple NICs, and an appropriate error message has been added.

BZ# 627143

If the user did not specify a disk driver when hot-plugging a disk with virsh attach-disk , virsh set phy as the driver value by default. Because this value is not supported everywhere, the disk did not persist over domain shutdown, and could prevent domain startup. This update corrects virsh behavior such that the driver value is not set if it is not provided by the user.

BZ# 667091

libvirt incorrectly identified the virtual IB700 device (an ISA device) as a PCI device, resulting in the device being misconfigured, and preventing the virtual machine from booting until the virtual IB700 device was removed. libvirt now identifies the IB700 device correctly.

BZ# 605660

Invalid setvcpus commands resulted in unknown errors. More useful error messages have been added to this command.

BZ# 676374

A typographical error in source code that parsed and wrote SPICE auth data caused unrelated data to be overwritten, which caused a crash in libvirt . The error has been corrected, and auth can now be set without issue.

BZ# 696660

The string containing the name of libvirt 's "dummy" tap interface was freed before network startup was guaranteed. This caused a segmentation fault if a problem occurred while setting the forward-delay or stp-enable parameters. The string is no longer freed prematurely, and in the event of a problem with these parameters, users receive a specific error message.

BZ# 689001

When a problem occurred while starting up a guest that used direct interfaces, an uninformative error message ("unspecified error") was printed to the log. These failures now have specific, more informative log messages.

BZ# 611822

When the certificate used for TLS authentication was rejected, libvirt displayed a log message containing a command that had misleading output ( openssl x509 -in clientcert.pem -text ). This command has been replaced with the following command, which gives more helpful, accurate output:

certtool -i --infile /etc/pki/libvirt/clientcert.pem

Enhancements

BZ# 586124

The virtual networks created and used by libvirt for virtual guest connectivity were previously limited to only IPv4 connectivity; IPv6 traffic was explicitly disallowed. Full IPv6 connectivity is now supported on libvirt 's virtual networks, including autoconf address/route discovery and a DNS server listening on an IPv6 address on the network. Note, however, that because autoconf is supported, there is no support for DHCPv6.

BZ# 656845

libvirt could not determine whether a domain had crashed or been correctly shut down. This update adds recognition of the SHUTDOWN event sent by qemu when a server is shut down correctly. If this event is not received, the domain is now declared to have crashed.

BZ# 653530

An --all option has been added to the virsh freecell command to allow the command to iterate across all nodes instead of forcing users to run the command manually on each node. virsh freecell --all will list the free memory on all available nodes.

BZ# 635419

Users can now disable memory merging (KSM) on guest machines. Note however that this requires support for the underlying qemu-kvm -redhat-disable-KSM flag.

BZ# 641187

The virsh documentation has been updated to clarify usage of the cpu_shares parameter.

BZ# 639603

The virsh documentation has been updated to remove references to the deprecated virt-mem command.

BZ# 605660

The virsh documentation for the setvcpus , setmem , and setmaxmem sub-commands has been updated to correct and expand the information available for these sub-commands.

BZ# 595350

A man page is now available for libvirtd . Access it with the man libvirtd command. All users of libvirt are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

1.143.3. RHBA-2012:0685 — libvirt bug fix update

Updated libvirt packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

Bug Fix

BZ# 816980

An application using the libvirt shared library could terminate unexpectedly with a segmentation fault when the application tried to unload the library using the dlclose() function. This could happen for example when shutting down the tog-pegasus utility while the libvirt-cim provider was in use. This update modifies linking properties of the library so that the library now prevents itself from being unloaded from memory. Applications using the libvirt shared library no longer crash in the described scenario. All users of libvirt are advised to upgrade to these updated packages, which fix this bug. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.

1.143.4. RHBA-2011:1431 — libvirt bug fix update

Updated libvirt packages that fix one bug are now available for Red Hat Enterprise Linux 6. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The library provides the libvirtd daemon, which is required for virtualization management of KVM and LXC.

Bug Fixes

BZ# 743557

Due to a programming error in the initialization code of the libvirtd daemon, the QEMU driver could have failed to find the user or group ID of the qemu application on the system. As a result, libvirtd failed to start. With this update, the error has been corrected and libvirtd now works as expected.

BZ# 747358

If the QEMU driver failed to update information about currently allocated memory, installing a new virtual machine could have failed with the following error message: ERROR cannot send monitor command '{"execute":"query-balloon"}': Connection reset by peer With this update, the driver has been modified to not consider this behavior as fatal. Installation now proceeds and finishes as expected. All users of libvirt are advised to upgrade to these updated packages, which fix this bug. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.

1.144. libvirt-cim

1.144.1. RHEA-2011:0648 — libvirt-cim enhancement update

An enhanced libvirt-cim package is now available for Red Hat Enterprise Linux 6. The libvirt-cim package contains a Common Information Model (CIM) provider based on Common Manageability Programming Interface (CMPI). It supports most libvirt virtualization features and allows management of multiple libvirt-based platforms.

Enhancements

BZ# 633331

Previously, the libvirt-cim migration indications did not contain any UUID (universally unique identifier) values. This update adds the UUID values to migration indications and improves the ability of the management software to track migrated virtual machines.

BZ# 633336

Previously, Virtual Ethernet Port Aggregator (VEPA) and VSI (Virtual Station Interface) networking capabilities were not supported. This update provides support for both VEPA and VSI. All libvirt-cim users are advised to upgrade to this updated package, which adds these enhancements.

1.145. libvirt-java

1.145.1. RHBA-2011:0761 — libvirt-java bug fix and enhancement update

Updated libvirt-java packages that provide a new API, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The libvirt-java package provides a base framework to use libvirt, which is the virtualization API to manage and interact with the virtualization capabilities. The libvirt-java package has been upgraded to upstream version 0.4.7, which provides a new API, improved error-handling, and enhancements over the previous version. (BZ# 675044 ) Users are advised to upgrade to these updated libvirt-java packages, which resolve these issues and add these enhancements.

1.146. libvirt-qpid

1.146.1. RHBA-2011:0762 — libvirt-qpid bug fix update

An updated libvirt-qpid package that fixes one bug is now available for Red Hat Enterprise Linux 6. The libvirt-qpid package provides an interface with libvirt using the qpid modeling framework (QMF), which utilizes the Advanced Message Queuing Protocol (AMQP), an open standard application layer protocol providing reliable transport of messages.

Bug Fix

BZ# 618876

Previously, libvirt-qpid did not correctly connect to qpid due to an authentication conflict. This update rebuilds libvirt-qpid to match the qpid-cpp package. Now, libvirt-qpid runs as expected. Users of libvirt-qpid are advised to upgrade to this updated package, which fixes this bug.

1.147. libvpd

1.147.1. RHEA-2011:0548 — libvpd enhancement update

An updated libvpd package that adds an enhancement is now available for Red Hat Enterprise Linux 6. The libvpd package contains the classes that are used to access Vital Product Data (VPD) created by vpdupdate in the lsvpd package.

Enhancement

BZ# 632738

This update provides the latest API by which external serviceability and diagnostics tools can access VPD, consisting of hardware present on a system, the characteristics of that hardware, or hardware state. Users of libvpd are advised to install this package, which adds this enhancement.

1.148. libXfont

1.148.1. RHSA-2011:1154 — Important: libXfont security update

Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System.

Security Fix

CVE-2011-2895

A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.

1.149. lldpad

1.149.1. RHBA-2011:0520 — lldpad bug fix and enhancement update

An updated lldpad package that fixes multiple bugs and adds one enhancement is now available for Red Hat Enterprise Linux 6. The lldpad package provides the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol (LLDP) agent with Enhanced Ethernet support.

Bug Fixes

BZ# 631587

Previously, lldpad did not initiate a Data Center Bridging Exchange (DCBX) negotiation if a link down netlink event message (nlmsg) was dropped or lost. Due to this lack, DCBX could not negotiate and Fibre Channel over Ethernet (FCoE) did not login to the fabric in this case. This update resolves this problem. Now, lldpad successfully initiates a Data Center Bridging Exchange (DCBX).

BZ# 647833

Previously, lldpad could not be upgraded or removed on systems which had lldpad packages for both Intel P6 and Intel 64 simultaneously installed. As a workaround, this update removes such packages with the command rpm -e --noscripts.

BZ# 694671

Previously, non-default priorities for FCoE did not correctly work, because lldpad handled application type-length-values (TLV) incorrectly. With this update, non-default priorities work as expected.

BZ# 694925

Previously, lldpad did under certain circumstances not correctly synchronize with peers on link events. Due to this issue, users had to manually reset the link or lldpad. This update resolves the synchronization issue. Now, synchronization with peers on link events works as expected.

Enhancement

BZ# 675076

The lldpad package has been upgraded to upstream version 0.9.41, which builds on the new kernel interface and adds support for 802.1Qbg Edge Virtual Bridging, netlink, and libvirt, as well as a new, flexible build process. All lldpad users are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.

1.149.2. RHBA-2012:0027 — lldpad bug fix and enhancement update

An updated lldpad package that fixes multiple bugs and adds multiple enhancements is now available for Red Hat Enterprise Linux 6 Extended Update Support. The lldpad package provides the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol (LLDP) agent with Enhanced Ethernet support. The lldpad package has been upgraded to upstream version 0.9.43, which includes all of the bug fixes and enhancements addressed in the RHBA-2011:1604 lldpad bug fix and enhancement advisory for Red Hat Enterprise Linux 6.1. For the sake of convenience, those fixes and enhancements are detailed below. (BZ# 769783 )

Bug Fixes

BZ# 749057

The Brocade 8000 Fibre Channel Forwarder (FCF) switch with FabOs 6.4.2b failed to process the CEE TLV frame on fabric session startup (started by the llpad). As a consequence, the Brocade 8000 Fibre Channel Forwarder (FCF) switch with FabOs 6.4.2b terminated the connection and subsequent fabric logins failed when IEEE 802.1Qaz DCBX was enabled. With this update, the llptool utility can configure lldpad not to use the CEE TLV frame for the fabric session initiation (for the eth3 device, the initiator should issue the "lldptool -T -i eth3 -V IEEE-DCBX mode=reset" command) and the problem no longer occurs.

BZ# 694639

The lldpad service triggered excessive timeout events every second. This caused the service to consume excess resources. Now, the lldpad service has been switched from polling-based to a demand-based model. This prevents excessive timeout event generation and ensures that the service consumes only the expected resources.

BZ# 733123

The lldpad utility did not detect the maximum number of traffic classes supported by a device correctly. This resulted in an invalid or incorrect hardware configuration. Now, the utility detects the maximum number of traffic classes correctly.

BZ# 720825 , BZ# 744133

The Edge Control Protocol (ECP) could not verify whether a port lookup was successful when running Virtual Discovery and Configuration Protocol (VDP) on bonded devices because VDP does not support bonded devices. As a consequence, the LLDP agent terminated unexpectedly with a segmentation fault. With this update, VDP is no longer initialized on bonded devices and the crash no longer occurs.

BZ# 647211

The lldpad utility failed to initialize correctly on the Intel 82599ES 10 Gigabit Ethernet Controller (Niantic) with virtual functions enabled and returned a message that there were too many neighbors. With this update, lldpad initializes correctly and the problem no longer occurs.

BZ# 735313

Prior to this update, a user with non-superuser permissions could start the lldpad service. With this update the lldpad init scripts have been modified and a user with non-superuser permissions can no longer start the service.

BZ# 683837

The init script did not perform a line feed when returning the output of a service command. With this update, the init script has been recoded and the output of the service command is correct.

BZ# 720730

The get_bcn() function returned without freeing the nlh variable, which caused a memory leak. The function has been modified and the memory leak no longer occurs.

BZ# 741359

The lldpad daemon failed to detect that a NIC (Network Interface Card) had the offloaded DCBX (Data Center Bridging eXchange) stack implemented in its firmware. As a consequence, the lldp packets were sent by both, the daemon and the NIC. With this update, the lldpad daemon no longer sends the packets if a NIC driver implements the offloaded DCBX stack.

BZ# 749943

The lldpad utility incorrectly accessed memory. With this update, the utility accesses the memory correctly.

Enhancement

BZ# 695550

The lldpad package now supports the 802.1Qaz standard (Enhanced Transmission Selection for Bandwidth Sharing Between Traffic Classes). Users are advised to upgrade to this updated lldpad package, which fixes these bugs and adds these enhancements.

1.149.3. RHBA-2011:1381 — lldpad bug fix update

An updated lldpad package that fixes one bug is now available for Red Hat Enterprise Linux 6. The lldpad package provides the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol (LLDP) Agent with Enhanced Ethernet support.

Bug Fix

BZ# 739851

Previously, the Edge Control Protocol (ECP) could not verify whether a port lookup was successful when running Virtual Discovery and Configuration Protocol (VDP) on bonded devices because VDP does not support bonded devices. As a consequence, the LLDP agent terminated unexpectedly with a segmentation fault. With this update, VDP is no longer initialized on bonded devices and the crash no longer occurs. All users of lldpad are advised to upgrade to this updated package, which fixes this bug.

1.149.4. RHBA-2011:0821 — lldpad bug fix update

An updated lldpad package that fixes a bug is now available for Red Hat Enterprise Linux 6. The lldpad package contains the Linux user space daemon and configuration tool for Intel Link Layer Discovery Protocol (LLDP) Agent with Enhanced Ethernet support for the Data Center.

Bug Fix

BZ# 701993

Previously, the lldpad service triggered excessive timeout events every second. This caused the service to consume excess resources. With this update, the lldpad service has switched from polling-based to a demand-based model. This prevents excessive timeout event generation and ensures the service consumes only the expected resources. All lldpad users are advised to upgrade to this updated package, which fixes this bug.

1.150. lohit-devanagari-fonts

1.150.1. RHEA-2011:0203 — lohit-devanagari-fonts enhancement update

An updated lohit-devanagari-fonts package that adds an enhancement is now available for Red Hat Enterprise Linux 6. The lohit-devanagari-fonts package provides a free Devanagari Script TrueType and OpenType font.

Enhancement

BZ# 651713

A glyph for the Indian rupee sign (U+20B9) defined in version 6.0 of the Unicode standard has been added to the font. All users requiring the Indian rupee sign should install this updated package, which adds this enhancement.

1.151. lohit-kannada-fonts

1.151.1. RHBA-2011:0667 — lohit-kannada-fonts bug fix and enhancement update

An updated lohit-kannada-fonts package that corrects display problems and adds Latin punctuation glyphs is now available. lohit-kannada-fonts provides a free TrueType and OpenType typeface for writing and displaying Kannada script.

Bug Fix

BZ# 577127

Previously, Lohit Kannada did not include Latin punctuation glyphs (such as opening and closing parentheses). When these characters were required while using the Kannada script, they were drawn from a system's default Latin script. With this update, these characters have been added to the Kannada character set, improving the look of text which mixes Kannada characters and Latin punctuation glyphs. As well, the right-side bearing rules for Kannada conjuncts that immediately follow a Latin parenthesis character have been corrected to ensure these glyphs no longer kern so close as to overlap. All users of lohit-kannada are advised to upgrade to this updated package, which fixes this bug.

1.152. lohit-oriya-fonts

1.152.1. RHBA-2011:0707 — lohit-oriya-fonts bug fix update

An updated lohit-oriya-fonts package that fixes OpenType rules for presenting conjunction characters in Qt-based applications is now available for Red Hat Enterprise Linux 6. The lohit-oriya-fonts package provides a free Oriya script TrueType and OpenType font.

Bug Fix

BZ# 623990

Oriya script is an abugida or alphasyllabic writing system and, when certain consonant glyphs would otherwise be written adjacent, applies rules for replacing the glyphs with a single, ligatured conjunction character. The OpenType version of Lohit Oriya did not, previously, apply these rules correctly when the typeface was used in an application built using the Qt application framework (eg OpenOffice or KWrite). With this update, these rules act as expected, and conjunct symbols appear properly when the OpenType face is used in Qt-based applications. Note: this bug did not present if the TrueType face was used in Qt-based applications, nor did it present in applications built with the GTK+ framework (eg AbiWord and gedit) if the OpenType face was used. Users should upgrade to this updated package, which resolves this issue.

1.153. lohit-tamil-fonts

1.153.1. RHBA-2011:0704 — lohit-tamil-fonts bug fix update

An updated lohit-tamil-fonts package that fixes a display issue in the asterisk glyph ('*' -- Unicode U+002A) is now available for Red Hat Enterprise Linux 6. The lohit-tamil-fonts package provides a free Tamil script TrueType and OpenType font.

Bug Fix

BZ# 629813

The Latin asterisk glyph ('*' -- ASCII 0x2A; Unicode U+002A) was over-sized relative to the same glyph as presented in other non-Latin scripts which include Latin glyphs (eg Lohit Devanagari). With this update, the asterisk has been re-drawn to match the glyph included with Lohit Devanagari. This re-drawing also ensures the asterisk matches the typographic 'color' of the Tamil script characters and the other Latin glyphs included with this typeface. Users should upgrade to this updated package, which resolves this issue.

1.154. lsvpd

1.154.1. RHEA-2011:0547 — lsvpd enhancement update

An updated lsvpd package that adds an enhancement is now available available for Red Hat Enterprise Linux 6. The lsvpd package contains all of the lsvpd, lscfg and lsmcode commands.

Enhancement

BZ# 632737

This update upgrades the lsvpd package to upstream version 1.6.9, which provides an enhancement over the previous version. Users of lsvpd are advised to upgrade to this updated package, which adds this enhancement.

1.155. luci

1.155.1. RHBA-2011:0655 — luci bug fix and enhancement update

An updated luci package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The luci package provides a web-based high-availability cluster configuration application.

Bug Fixes

BZ# 536841

Previous versions of luci did not allow users to change the number of votes for a particular node. With this update, the underlying source code has been adapted to provide this functionality, and users are now allowed to change the number of votes for a node as expected.

BZ# 600057

Under certain circumstances, the list of nodes may not have included uptime information for all nodes. This error has been fixed, and the uptime is now displayed for all listed nodes as expected.

BZ# 600078

Prior to this update, the user interface of the luci application did not inform users about possible issues with using the Quorum Disk on certain configurations. This update corrects this error, and the user interface now informs users that Quorum Disk cannot be used unless each node has exactly 1 vote, and advises them not to use this feature for clusters with more than 8 nodes.

BZ# 605932

When configuring the Quorum Disk, previous version of luci did not allow users to reset input fields to their default values. To address this issue, this update adds the Reset values to defaults button to the user interface.

BZ# 613155

Previously, when a user other than root or luci attempted to run the luci init script, the service failed to start and a traceback was written to standard error. With this update, the init script has been corrected to terminate with exit code 4 in this case.

BZ# 613871

When a user attempted to view a cluster that contained an unknown or unsupported fence device, luci displayed error 500, and a traceback was written to the luci.log log file. This error has been fixed, and luci now correctly displays “ Unknown fence device type ” when an unknown or unsupported fence device is encountered.

BZ# 614963

Due to an incorrect use of a deprecated Python feature, the following message may have been occasionally written to the luci.log log file:

DeprecationWarning: BaseException.message has been deprecated as of Python 2.6

This update corrects the underlying source code not to use deprecated features, so that the above message no longer appears in the log file.

BZ# 616239

Previously, deleting a cluster from the user interface only removed the cluster from luci , but did not remove the cluster.conf configuration file or shut down the clustering on the nodes. This update corrects this error, and users are now allowed to completely destroy a whole cluster by selecting all of its nodes and clicking the Delete button.

BZ# 617586

Prior to this update, certain actions, such as the creation of a new cluster, required users to manually refresh the user interface. This update introduces a progress dialog that informs users about the current status of long-running operations and automatically refreshes the user interface when such an operation completes.

BZ# 617587

When the ricci daemon encountered an error, previous version of luci did not present this error to a user and displayed a generic error message instead. In order to make it easier to determine the cause of such errors, this update adapts luci to display the error messages reported by ricci .

BZ# 618701

When a user created a cluster with a name that contained spaces, clicking the cluster name in the user interface caused luci to display error 404. This error has been fixed, and luci is now able to work with clusters with spaces in their names as expected.

BZ# 620377

Prior to this update, various drop-down menus in the user interface of luci did not remember their selection. With this update, this error no longer occurs, and all drop-down menus now remember their selection as expected.

BZ# 622562

Previous versions of luci did not allow users to configure unfencing, and thus prevented the SAN fencing agents and fence_scsi from being unfenced at boot time. With this update, the underlying source code has been adapted to provide this functionality, and users are now allowed to configure unfencing from the user interface.

BZ# 624716

When a user configured a cluster for the first time, the Services , Resources , Failover Domains , and Devices tabs contained the following error message:

No nodes from this cluster could be contacted. The status of this cluster is unknown.

Since this message may have been misleading, luci has been adapted to display a more comprehensive message, such as “ No items to display ” .

BZ# 633983

Prior to this update, luci did not handle the nodename parameter for the fence_scsi fence agent correctly. This update corrects this error, and the nodename parameter is now handled properly.

BZ# 636267

Prior to this update, the Fence Devices tab contained two Update buttons. However, these buttons are no longer required, and clicking them did not trigger any action. With this update, the Update buttons have been removed from the Fence Devices tab.

BZ# 636300

Previously, luci did not handle the username for the fence_egenera fence agent correctly. With this update, the underlying source code has been modified to address this issue, and the username for fence_egenera is now handled correctly.

BZ# 639123

Prior to this update, action buttons such as those for starting, stopping, deleting, or rebooting nodes were active even if no node was selected. Consequent to this, clicking such a button caused luci to display an error message. This update addresses this issue, and the action buttons are no longer active when no node is selected.

BZ# 639124

When changes to a cluster were made outside of luci , previous versions of luci did not update the local database to reflect the current cluster membership. This update corrects this error, and in response to such changes to cluster membership, luci now updates its local database as expected.

BZ# 659014

Previously, when a user attempted to configure a node with a fully qualified domain name ( FQDN ) that did not match the cluster node name, luci incorrectly displayed error 500, and a traceback was written to the luci.log log file. This error no longer occurs, and users are now allowed to configure such nodes as expected.

BZ# 678366

Under certain circumstances, an attempt to remove existing fence methods from a device, or add new fence instances may have failed. This update corrects the fence management in luci , and removing existing fence methods from a device or adding new fence instances no longer fails.

BZ# 678424

Under certain circumstances, an attempt to add a node to an existing cluster could fail with the following message written to the luci.log log file:

AttributeError: 'ClusterNode' object has no attribute 'getID'

With this update, the underlying source code has been modified to address this issue, and luci no longer fails with the above error when adding a new node to a cluster.

BZ# 682843

Previously, when configuring the Samba resource agent, the user interface of luci contained the Workgroup input box. Since, this option is not used by the resource agent, this update removes it from the user interface.

Enhancements

BZ# 472972

Support for the OracleListener and OracleInstance resource agents has been added.

BZ# 557234

This update allows luci to communicate with the ricci daemon on an interface different from the one that is used for the cluster communication.

BZ# 620343

To make the distinction between “ services ” and “ resources ” more obvious, the Services label in the user interface of luci has been replaced with more comprehensive Service Groups .

BZ# 620373

The user interface of luci has been adjusted to present tabs to a user in more logical order.

BZ# 624558

The Use UDP unicast (UDPU) option has been added to the Network Configuration page. Note that unless expert mode is enabled, the Use broadcast option is no longer presented to a user.

BZ# 632344

This update introduces the Logging Configuration page, which allows users to configure centralized logging.

BZ# 637223

Support for the fence_cisco_ucs fence agent has been added.

BZ# 639107

Support for the fence_rhev fence agent has been added.

BZ# 639111

This update adds support for configuring non-critical cluster resources.

BZ# 639120

An expert user mode has been added. When enabled, this mode allows users to edit most of the properties that are defined by the cluster schema.

BZ# 666971

This update adds the Disable updates to static routes check box to the user interface, allowing users to disable updates to static routes in the IP resource agent.

BZ# 680173

Support for the Distributed Replicated Block Device ( DRBD ) resource type has been added.

BZ# 681506

This update re-includes fence_brocade to the list of supported fence agents. All users of luci are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.

1.156. lvm2

1.156.1. RHBA-2011:0772 — lvm2 bug fix and enhancement update

Updated lvm2 packages that fix several bugs and add enhancements are now available. The lvm2 packages contain support for Logical Volume Management (LVM).

Bug Fixes

BZ# 683689

Fixes a possible endless loop in cache.

BZ# 677739

Fixes a deadlock while removing last exclusive snapshot in cluster.

BZ# 675744

Fixes a boot failure on big-endian architectures.

BZ# 674823 , BZ# 687857

Adds device-mapper library support for wiping ioctl buffers in kernel.

BZ# 672617

Improves insufficient free space message for lvcreate.

BZ# 660471

Fixes the use of --addtag --deltag arguments for pvchange in cluster.

BZ# 660467

Adds support for multiple --addtag or multiple --deltag arguments for pvchange.

BZ# 654441

Adds lvm2app support for querying float attributes.

BZ# 649334

Fixes lvcreate to not exit incorrectly with a failure if --test option is used.

BZ# 648219

Fixes vgs to not limit the number of tags displayed.

BZ# 647167

Adds a possibility to use --addtag and --deltag arguments in one command.

BZ# 645488

Fixes I/O errors for merged snapshots on boot.

BZ# 642575

Fixes a possible error in processing a regular expression used in device filter.

BZ# 642938

Adds a new global/metadata_read_only configuration option to disallow any operations changing metadata.

BZ# 638052 , BZ# 652200

Fixes incorrect detection of mounted filesystem in fsadm script.

BZ# 636006

Adds scalability improvements.

BZ# 635949

Clarifies the description in lvconvert man page.

BZ# 634349

Adds support for /, =, !, :, #, & in tags.

BZ# 633033

Fixes an issue where adding VG tags left metadata corrupted.

BZ# 633018

Adds support for multiple --addtag and --deltag arguments within a single command.

BZ# 633013

Adds support for up to 1024 characters in LV tags.

BZ# 632681

Fixes cmirrord init script to not fail if it is already started.

BZ# 625192

Fixes a failure in mirror log allocation if a device failure in the log is encountered.

BZ# 625135

Fixes an issue that caused a mirror log to be removed while replacing the failed mirror image.

BZ# 623218

Fixes pvremove to not show 'No physical volume label read' message when removing PVs with no metadata copies in one pvremove command.

BZ# 621281

Fixes lvconvert to honour the --yes and --force options.

BZ# 620571

Fixes a regression where a non-root user could not view LVM2 devices.

BZ# 615907

Fixes a failure in rename during metadata archive and backup handling.

BZ# 614049

Includes hooks for querying and setting pvs, vgs and lvs report fields in lvm2app.

BZ# 613829

Fixes an issue where a mirror containing snapshot volumes could end up with I/O hung if there was a failed device.

BZ# 612862

Fixes clvmd to clean up dlm lockspace if clvmd restart is invoked.

BZ# 607334

Adds a possibility to use the allocate fault policy for mirrored logs.

BZ# 603912 , BZ# 602748

Disallows adding a mirror log and removing mirror images (or vice versa) in one step while specifying PVs.

BZ# 602389

Clarifies a message about pvmove operation if another process finishes or aborts it.

BZ# 601740

Improves lvscan man page to describe possible output values.

BZ# 601383

Disallows converting a mirrored log to core log along with image conversion while specifying PVs.

BZ# 595507

Fixes an issue with clustered mirrors and very slow I/O.

BZ# 596352

Adds new -f option to clvmd to run it in foreground.

BZ# 553381

Fixes clvmd init script to comply with LSB and Red Hat init script guidelines.

BZ# 525972

Reduces delays by avoiding scans on failed devices (devices/disable_after_error_count configuration option).

BZ# 525957

Adds support for snapshots of a mirror.

BZ# 510292

Adds support for striped mirrors.

BZ# 504871

Adds 'cling by tags' allocation policy. Users are advised to upgrade to these updated lvm2 packages, which resolve these issues and add these enhancements.

1.157. m17n-contrib

1.157.1. RHEA-2011:0915 — m17n-contrib enhancement update

Updated m17n-contrib packages that add an enhancement are now available for Red Hat Enterprise Linux 6. The m17n-contrib package contains contributed multilingualization (m17n) data files for the m17n-lib project.

Enhancement

BZ# 712120

On Indian keyboard layouts, users were unable to enter the newly added Rupee Unicode symbol (U+20B9). With this update, the symbol has been added as a "Alt_Gr+4" keyboard shortcut in the InScript (Indian Script) keymap, where Alt_Gr is the right Alt key. Users of m17n-contrib are advised to upgrade to these updated packages, which add this enhancement.

1.157.2. RHBA-2011:0544 — m17n-contrib bug fix and enhancement update

An updated m17n-contrib package that includes two corrected keymap files and two improved keymap files, each back ported from upstream, is now available. This package contains contributed internationalization files for m17n-lib.

Bug Fixes

BZ# 653782

Previously, when using the Devanagari script keymap -- hi-remington.mim -- the key combination to produce "आप" (the respectful form of the second person pronoun) on qwerty keyboards was "Shift-h backspace w [ backspace". The widely used sequence for this pronoun, however, is "Shift-h k w [ k" (with "k" used rather than the backspace). With this update the more common key sequence is now used by the hi-remington.mim keymap file.

BZ# 653783

The Malayalam script keymap -- ml-inscript.mim -- was missing the 20th letter, ച (ca). This is mapped to the semi-colon (;) on qwerty keyboards. Previously, when the Malayalam input system was active, pressing that key (either physically or using the on-screen keyboard) produced no output. The on-screen keyboard also displayed a blank keycap. This update corrects the typo in the ml-inscript.mim keymap file. When the Malayalam input method is used "ca" displays on the on-screen keyboard and appears in documents when typed, as expected.

Enhancements

BZ# 642138

The Telugu script keymap -- te-inscript.mim -- now maps three further Telugu script characters to English-language keyboard keys. The specific changes are as follows: the vowel character U0c60 ("ౠ") is now mapped to the pipe symbol ("|"); the dependent vowel character U0c44 ('ౄ') is now mapped to the back slash ("\"); and the dependent vowel character U0c01 ("ఁ") is now mapped to the capital X ("X").

BZ# 653781

The Tamil script keymap -- ta-tamil99.mim -- now maps seventeen further input options for generating both Tamil and English script glyphs on English-language keyboards. With the updated keymap file installed and active, the "f" key now generates a question mark ("?"). The other sixteen added options are Control+[key] inputs. They include new input options to generate several English characters such as the copyright symbol (using Control+c), the bullet character (Control+.) and single and double typographer's quote marks (using Control+7 through Control+9). As well, eight further Tamil script glyphs can now be generated, using Control+q +s +w +d +e +g +t and +r. All users, especially those inputting Devanagari, Malayalam, Telugu or Tamil script characters, should install this update, which addresses these issues and adds these enhancements.

1.158. m17n-lib

1.158.1. RHEA-2011:0916 — m17n-lib enhancement update

An updated m17n-lib package that adds an enhancement is now available for Red Hat Enterprise Linux 6. The m17n-lib package contains a multilingual text library used primarily to allow the input of many languages with the input table maps from the m17n-db and m17n-contrib packages.

Enhancement

BZ# 712118

On Indian keyboard layouts, users were unable to enter the newly added Rupee Unicode symbol (U+20B9). With this update, the Alt_Gr (right Alt) key is supported, and it is now possible to map the Rupee symbol on a keyboard shortcut such as "Alt_Gr+4". Users of m17n-lib are advised to upgrade to this updated package, which adds this enhancement.

1.159. man-pages

1.159.1. RHBA-2011:0679 — man-pages bug fix and enhancement update

An updated man-pages package that corrects several documentation errors and omissions and adds several improved man pages is now available for Red Hat Enterprise Linux 6. The man-pages package provides man (manual) pages from the Linux Documentation Project (LDP).

Bug Fixes

BZ# 634626

The sd man page had an invalid link referring to the scsi man page. With this update, all references to the scsi man page were removed from the sd man page.

BZ# 669768

The "getent --help" command output mentioned a "-s" switch which was not explained anywhere in the getent man page. Since the getent man page is outdated, the entire page was removed for this update.

BZ# 678376

The man page for clock_gettime had references to the CLOCK_REALTIME_HR and CLOCK_MONOTONIC_HR constants, that were used in clock_getres.2, clock_gettime.2, clock_nanosleep.2, clock_settime.2, and timer_create.2. These constants are no longer present in the Linux kernel and clock_gettime was corrected to remove all references to these constants.

BZ# 679530

A typographical error in the SHA, MD5, and DES algorithms on crypt(3) man page, meant key significance in passwords was presented incorrectly. The typo was fixed for this update.

BZ# 679894

Information about a new keyword -- scopev4 -- was missing from the "gai.conf" man page. As of this update, "gai.conf(5)" now documents the scopev4 keyword.

BZ# 683039

The example code demonstrating how to use the getifaddrs() API in the getifaddrs man page contained a bug capable of crashing getifaddrs if used. The previous example code did not check for a NULL pointer under certain conditions which would cause a segmentation fault. With this update the example code tests for this condition, as expected, thereby avoiding the segfault.

Enhancements

BZ# 528546

The man pages for "pwrite(v)" and "pread(v)" were previously not included in the man page package. With this update, they are.

BZ# 613777

The "get_mempolicy" man page was updated to be more contemporaneous with the version of the Linux kernel (version 2.6.32) used by Red Hat Enterprise Linux 6.

BZ# 634986

The "pthread_attr_setguardsize" man page was updated to include information about glibc 2.8 changes. All users of manual pages are advised to upgrade to this updated package, which resolves these issues.

1.160. man-pages-ja

1.160.1. RHBA-2011:0192 — man-pages-ja bug fix update

An updated man-pages-ja package that fixes three bugs is now available for Red Hat Enterprise Linux 6. The man-pages-ja package contains Japanese translations of the Linux Documentation Project man pages.

Bug Fixes

BZ# 579647

Previously, the man-pages-ja package contained the outdated Japanese manual pages based on SysVinit which is not shipped in Red Hat Enterprise Linux 6. This update drops those redundant manual pages to avoid a confusion.

BZ# 600324

Previously, the Japanese manual page of the 'snmpd.conf' did not mention the deprecated notice for the listening port specifier in the sink directives.This update adds the deprecated notice.

BZ# 618934

Previously, the Japanese manual page of the 'echo' command did not mention the format of '\e' and '\xHH' in the -e option. The updated package adds the description of '\e' and '\xHH'.

BZ# 628891

Previously, the Japanese manual page of the 'pmap' command did not mention the "extended and device format fields". This update adds the description of it. All man-pages-ja users are advised to upgrade to this updated package, which resolves these issues.

1.161. man-pages-overrides

1.161.1. RHBA-2011:0780 — man-pages-overrides bug fix and enhancement update

An updated man-pages-overrides package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. A collection of manual ("man") pages to complement other packages or update those contained therein. This updated man-pages-overrides package provides fixes for the following bugs:

Bug Fixes

BZ# 540492 , BZ# 636785

The semanage(8) manual page has been rewritten.

BZ# 604626

Several typographical errors have been fixed in the yum-verify(1) manual page.

BZ# 615873

The release tag has been fixed in the w3m(1) manual page.

BZ# 619779

The missing description for the auto-rename option has been added to the lftp(1) manual page.

BZ# 622451 , BZ# 638625 , BZ# 644308 , BZ# 673968

The logrotate(8) manual page has been updated, fixing multiple issues such as missing options, typographical errors, an incorrect author tag, and a faulty description of the "size" parameter.

BZ# 632081

The Japanese version of the man(1) manual page no longer contains a duplicate line in the specification of the "-p pager" option

BZ# 633701

Several syntax errors and typographical errors have been fixed in the expect(1) manual page.

BZ# 650162

The information on home directories in the useradd(8) manual page has been fixed.

BZ# 651120

The "-v" option in the parametersetfattr(1) manual page is now described more extensively to prevent possible confusion.

BZ# 657563

The find(1) manual page has been rewritten.

BZ# 658734

The setfacl(1) manual page has been update to address various issues.

BZ# 675213

A typographical error has been fixed in the userpasswd(1) manual page.

BZ# 675223

Several typographical errors have been fixed in the locate(1) manual page

BZ# 675682

Several typographical errors have been fixed in the pcregrep(1) manual page.

BZ# 675688

Several typographical errors have been fixed in the pcretest(1) manual page.

BZ# 676540

Several typographical errors have been fixed in the magic(5) manual page.

Enhancements

BZ# 613979

The dftest(1) and randpkt(1) manual pages are now available.

BZ# 615905

The ospfclient(8) and watchquagga(8) manual pages are now available. Users are advised to upgrade to this updated man-pages-overrides package, which resolves these issues and adds these enhancements.

1.162. mcelog

1.162.1. RHBA-2011:0519 — mcelog bug fix update

An updated mcelog package that fixes various bugs is now available. mcelog is a daemon that collects and decodes Machine Check Exception data on AMD64 and Intel 64 machines.

Bug Fixes

BZ# 614874

The mcelog service did not check whether another instance of mcelog was running, which could result in multiple mcelog service instances on a single system. This could result in lost or over-reported Machine Check Exceptions. mcelog now detects whether another instance is already running, preventing multiple instances from being launched on a single system simultaneously.

BZ# 646568

When a Machine Check Error occurs, a message indicating that the issue is not a software problem is output to the console. This incorrectly implies that a hardware problem exists. The message has now been corrected to indicate that a Hardware Event has occurred, instead.

BZ# 647066

No configuration file was provided for mcelog, preventing users from configuring mcelog daemon and its actions. A default configuration file (/etc/mcelog/mcelog.conf), which can be used to modify the behavior of mcelog at runtime, is now provided.

BZ# 664016

Support for future Intel processors has been added to mcelog, enabling mcelog to decode Machine Check Exceptions for these processors when they become available.

BZ# 682753

The default mcelog configuration file contained references to files that did not exist in the default package installation. This caused mcelog to attempt to execute files that did not exist. The mcelog configuration file has been corrected. Note that this bug was reported and corrected during development, and was not seen in production systems in the field. All users of mcelog are advised to upgrade to this updated mcelog package, which resolves these issues.

1.163. mdadm

1.163.1. RHBA-2011:0759 — mdadm bug fix and enhancement update

An updated mdadm package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. mdadm is a utility for creating, managing, and monitoring Linux MD (multiple disk) devices.

Bug Fixes

BZ# 605710

Previously, the "noiswmd" kernel command line option did not set the rd_NO_MDIMSM variable to 1 and the udev rules thus failed to match the option. This update removes the rule for the rd_NO_MDIMSM variable and adds the "noiswmd" and "nodmraid" command line options, which substitute the rule for rd_NO_MDIMSM.

BZ# 626762

The md kernel module stopped responding when attempting to stop a RAID device. This occurred due to a mutex deadlock. With this update, the underlying code was changed and the issue no longer occurs.

BZ# 636883

Previously, mdadm did not accept the short version of the "--export" (that is "-Y") and "--name" (that is "-N") options. This was due to missing entries in the list of short options. With this update, the missing entries have been added and the short versions of the options now work as expected.

Enhancements

BZ# 633306

Previously, mdadm was not able to rebuild newly-connected drives automatically. This update adds the array auto-rebuild feature and allows a RAID stack to automatically rebuild newly-connected drives.

BZ# 633667

RAID migration is now supported: mdadm is now able to change the RAID level of an already-existing device.

BZ# 633671

Previously, mdadm could not add a new disk to an already-existing volume. This update adds the OLCE (On Line Capacity Expansion) feature, which allows mdadm to add new disks to an array and allocate their resources to existing volumes.

BZ# 633688

Previously, mdadm did not track the progress of the rebuild and level-migration operations and therefore was not able to recover their progress after a system failure. This update adds the check-pointing feature, which tracks their progress and allows mdadm to resume these operations after a system failure from the last check point.

BZ# 633690

This update adds SAS-SATA feature, which allows the user to disconnect a set of SATA (Serial Advanced Technology Attachment) drives from a SCSI Controller Unit (SCU) and connect it to an Advanced Host Controller Interface (AHCI) and vice versa.

BZ# 633692

This update limits the RAID-5 support for volumes on drives attached to the SCU on systems with the X79 chipset (code-named "Patsburg"). It inhibits the creation, assembly, activation, and level migration of RAID 5 volumes on drives attached to the SCU on these systems. Users are advised to upgrade to this updated mdadm package, which resolves these issues and adds these enhancements.

1.163.2. RHBA-2011:1126 — mdadm bug fix update

An updated mdadm package that fixes several bugs is now available for Red Hat Enterprise Linux 6. The mdadm package contains a utility for creating, managing, and monitoring Linux MD (multiple disk) devices.

Bug Fixes

BZ# 723135

When an array was changing level from redundant to non-redundant such as RAID 0, mdadm failed to exit and remained in memory. This caused a variety of issues, including a termination with a segmentation fault when two array transitions were executed sequentially. With this update, a patch has been provided to address this issue, and the monitor is now properly removed from memory after the backward takeover operation.

BZ# 723137

If an array size was not properly aligned to the chunk size, the expansion process failed to start and the "New chunk size does not divide component size" error message was returned. This bug has been fixed, and the array alignment is now checked before the expansion process begins.

BZ# 723139

Previously, when a volume was created with the "--size" option but without providing a chunk size and a container, mdadm used the "UnSet=65534" option for rounding the volume size before setting the default chunk size. This caused the new volume to be created with an incorrect size. This bug has been fixed, and the volume size is now properly rounded to the chunk size.

BZ# 723140

When the expansion process of a RAID 0 volume was restarted, mdadm failed to correctly assemble the array because the critical section could not be restored from a backup file, and the "mdadm: Failed to restore critical section for reshape - sorry" error message was returned. A patch has been provided to address this issue, and now, the RAID 0 expansion process cannot be restarted, thus fixing this bug.

BZ# 723141

Previously, mdadm incorrectly calculated reshape start data disks number (0) during the reshape restart operation and used it for calculations. This caused a variety of issues; for example, when two disks were added to the 3-disk RAID 5 array and the array under migration was disassembled and then assembled again, mdadm terminated unexpectedly. A set of patches has been provided to address this issue, and the reshape process is now properly restarted in the described scenario.

BZ# 723142

When two arrays were configured in a container and the arrays were reassembled during a rebuild or initialization process, the stored checkpoint for one of the arrays was sometimes lost. Consequently, the restarted process did not use the checkpoint information and started from zero position instead. A patch has been provided to address this issue, and the restarted process now properly continues from the stored checkpoint. Users of mdadm are advised to upgrade to this updated package, which fixes these bugs.

1.164. memtest86+

1.164.1. RHBA-2011:0683 — memtest86+ bug fix and enhancement update

An updated memtest86+ package that fixes one bug and adds an enhancement is now available for Red Hat Enterprise Linux 6. The memtest86+ package contains an advanced memory diagnostic tool for x86, AMD64 and Intel 64 computers. BIOS-based memory tests are only a quick check and often miss many of the failures that are detected by memtest86+.

Bug Fix

BZ# 607006

The memtest86+ tool failed to start on AMD64 and Intel 64 computers with the "--type=netbsd /elf-memtest86+-4.00" kernel parameter, and the "Error 13: Invalid or unsupported executable format" error message was given. This option now works as expected, and no error message is displayed.

Enhancement

BZ# 640731

With this update, memtest86+ supports the latest Intel processors, including those based on the Intel Xeon Processor E56XX, L56XX, W36XX and X56XX families, and the Intel Xeon Processor E7 family. Users of memtest86+ are advised to upgrade to this updated package, which fixes this bug and adds this enhancement.

1.165. mesa

1.165.1. RHEA-2011:0628 — mesa enhancement update

Updated mesa packages that add one enhancement are now available for Red Hat Enterprise Linux 6. Mesa provides a 3D graphics application programming interface (API) that is compatible with OpenGL (Open Graphics Library). It also provides hardware-accelerated drivers for many popular graphics chips.

Enhancement

BZ# 667563

This update adds accelerated 3D support for systems based on the 2nd Generation Intel Core Processor Family to the mesa packages and provides updated drivers for all other supported 3D hardware. All Mesa users are advised to update to these upgraded packages, which add this enhancement.

1.166. microcode_ctl

1.166.1. RHEA-2011:0712 — microcode_ctl enhancement update

An updated microcode_ctl package that provides several enhancements is now available for Red Hat Enterprise Linux 6. The microcode_ctl package provides microcode updates for Intel processors.

Enhancements

BZ# 638286

The Intel CPU microcode file is updated to version 20101123. This is the most recent version of the microcode available from Intel.

BZ# 578107

microcode_ctl is now udev-driven and the previously delivered init.d script is no longer needed. Note that the system must be rebooted in order for these changes to take effect. All users of Intel processors are advised to upgrade to this updated package, which adds these enhancements.

1.167. mipv6-daemon

1.167.1. RHBA-2011:0741 — mipv6-daemon bug fix and enhancement update

An updated mipv6-daemon package that fixes several bugs and adds various enhancements is now available. The mipv6-daemon package contains a mobile IPv6 service for clients, which allows them to relocate within an IPv6-enabled network yet remain reachable The mipv6-daemon package has been upgraded to upstream version 2.0.2.20110203b, which provides numerous bug fixes and enhancements over the previous version. (BZ# 612007 ) Users are advised to upgrade to this updated mipv6-daemon package, which resolves these issues and adds these enhancements.

1.168. mksh

1.168.1. RHBA-2011:0580 — mksh bug fix and enhancement update

An updated mksh package that fixes three bugs and adds one enhancement is now available for Red Hat Enterprise Linux 6. The mksh package provides the MirBSD version of the Korn Shell which implements the ksh-88 programming language for both interactive and shell script use.

Bug Fixes

BZ# 616771

Previously, mksh did not handle trace output correctly. Due to this problem, mksh aborted unexpectedly when the tracing was enabled and a long string was to be reported, This update improves the long trace output handling. Now, long trace output is successfully printed without interruption.

BZ# 616777

Previously, mksh did not handle aliases that contained aliases correctly. Due to this problem, mksh aborted when double aliases were used. This update corrects the alias handling code. Double aliases are handled as expected.

BZ# 618274

Previously, bad substitution could abort mksh unexpectedly because of a conflict between acceptable code for ksh-88 and ksh-93. This update recognizes both code types and prints errors as expected.

Enhancement

BZ# 659668

Previously, users had to change the shebang in their ksh-88 scripts or port their scripts to ksh-93. This update adds the "alternatives" switching method that allows to switch between ksh-93 provided by the ksh package and ksh-88 provided by the mksh package for /bin/ksh. Now, users can apply their scripts without modification or porting them to ksh-93 one by one. All users of mksh are advised to upgrade to this updated package, which fixes these bugs and adds this enhancement.

1.168.2. RHBA-2011:0645 — ksh bug fix and enhancement update

An updated ksh package that fixes several bugs and adds various enhancements is now available. KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell Laboratories -- a shell programming language upwards-compatible with "sh" (the Bourne Shell). This updated ksh package provides fixes for the following bugs:

Bug Fixes

BZ# 616684

When a ksh script contained the "trap" command to capture a "SIGPIPE" signal, sending this signal via the built-in "echo" command could cause its output to be incorrectly added to the redirected output of an external command. With this update, ksh now flushes the output buffer before redirecting any output streams.

BZ# 616691

Due to incorrect signal handling, receiving a signal while still processing the same one caused ksh to terminate unexpectedly with a segmentation fault. With this update, the subsequent signals are deferred until the current one is processed; thus, ksh no longer crashes.

BZ# 619692

The previous version of the ksh man page contained an unavailable "-m" option and an insufficient description of the "-R" option. In this updated version of the man page, the section mentioning the unavailable option is removed and the description of the "-R" option is extended.

BZ# 637052

Assigning a value to an array variable during the execution of the "typeset" command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.

BZ# 643811

Prior to this update, ksh did not close a file containing an auto-loaded function definition. After loading several functions, ksh could have easily exceeded the system's limit on the number of open files. With this update, files containing auto-loaded functions are properly closed, thus, the number of opened files no longer increases with usage.

BZ# 644362

If a here document (heredoc — specifies a string literal in command line shells) was combined with an auto-loaded function, interference with the here document processing could occur causing output to be truncated to 8 kB. This update improves the here document processing logic and auto-loaded functions no longer have a negative side effect on here documents.

BZ# 651888

Previously, ksh did not restore file handles after executing a sourced script. If an output stream or an error stream was redirected in the sourced script, the respective stream remained redirected in the parent script as well. With this update, file handles are restored after execution of sourced scripts so a parent script is not affected by sourced script redirections.

BZ# 660319

Previously, a ( ) compound list did not always use a copy of the environment which caused the original environment to be altered. Scripts could behave unexpectedly because their variables could be changed. With this update, a copy of the environment is always used for a ( ) compound list; thus, the original environment is not affected by commands from the ( ) compound list.

Ehnahcements

BZ# 582690

The ksh built-in "ulimit" command now provides the ability to read and set the "RLIMIT_RTPRIO" and "RLIMIT_NICE" resource limiters.

BZ# 659658

The ksh package now includes an "alternatives" command which allows ksh to be switched with mksh (MirBSD Korn Shell). This enhancement allows users to switch between the ksh-93 and ksh-88 (provided by mksh) shells and to port ksh-88 scripts to ksh-93. Users are advised to upgrade to this updated ksh package, which resolves these issues and adds these enhancements.

1.169. mod_nss

1.169.1. RHBA-2011:0735 — mod_nss bug fix update

An updated mod_nss package that fixes various bugs is now available for Red Hat Enterprise Linux 6. The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.

Bug Fixes

BZ# 677700

During the Apache HTTP Server startup, a race condition could prevent one or more child processes from receiving the token PIN, rendering such processes unable to use SSL. With this update, the race condition no longer occurs, and all child processes of the Apache HTTP Server can enable SSL as expected.

BZ# 682326

Due to an incorrect use of the memcpy() function in the mod_nss module, running the Apache HTTP Server with this module enabled could cause some requests to fail with the following message written to the error_log file: request failed: error reading the headers This update applies a patch to ensure that the memcpy() function is now used in accordance with the current specification, and using the mod_nss module no longer causes HTTP requests to fail.

BZ# 634687

Under certain circumstances, a large "POST" request could cause the mod_nss module to enter an infinite loop. With this update, the underlying source code has been adapted to address this issue, and mod_nss now works as expected.

BZ# 605376

The mod_nss module is shipped with the gencert utility that generates the default NSS database. Prior to this update, this utility was installed without any documentation on its usage. This error has been fixed, and a manual page for gencert is now included as expected. All users of mod_nss are advised to upgrade to this updated package, which fixes these bugs.

1.170. mutt

1.170.1. RHSA-2011:0959 — Moderate: mutt security update

An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. Mutt is a text-mode mail user agent.

Security Fix

CVE-2011-1429

A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect.

1.171. net-snmp

1.171.1. RHBA-2011:0729 — net-snmp bug fix update

Updated net-snmp packages that resolve several issues are now available for Red Hat Enterprise Linux 6. SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps and a version of the netstat command which uses SNMP. This package contains the snmpd and snmptrapd daemons, documentation, etc.

Bug Fixes

BZ# 616336 , BZ# 616764

The IP-MIB::ipAddressTable did not support SNMP SET operation, which enables adding or deleting rows in the IP address table. As a result IPv4 or IPv6 addresses on interfaces could neither be created or removed. The updated packages enhance IP-MIB::ipAddressTable with these functions as per RFC 4293 mandates.

BZ# 621664

Under certain conditions, and especially on networks with high traffic, snmpd wrote a lot of "c64 32 bit check failed" and "netsnmp_assert 1 == new_val->high failed" messages to the system log. Although these messages are harmless and not indicative of a serious error, they could potentially fill the system log quickly. This update suppresses these spurious messages in favour of more meaningful and specific error messages, which are written to the system log only once.

BZ# 625262

The SNMP daemon did not properly handle netlink sockets when forking to background and becoming a daemon. It could therefore not process incoming notifications from kernel regarding changes in IP-MIB::ipAddressPrefixTable. The updated package fixes the socket processing to ensure SNMP deamon handles incoming kernel notifications and updates ipAddressPrefixTable in runtime.

BZ# 627564

The SNMP daemon did not detect and notify newly added or activated interfaces in IPV6-MIB::627564ipv6IfTable. The updated package properly refreshes the table when new interface appears.

BZ# 630157

The implementation of BRIDGE-MIB was enhanced with Virtual LANs (RFC 4363).

BZ# 636890

The snmpwalk utility did not perform correct OID comparison and printed additional objects when walking through an OID subtree. The updated package fixed the OID comparison so that snmpwalk prints only the objects from requested subtree.

BZ# 641113

The SNMP daemon 'snmpd', returned incorrect value of either "0.1" or 1.3" for sysObjectID. This update fixes the value of this OID so it returns the correct value, "1.3.6.1.4.1.8072.3.2.10".

Enhancements

BZ# 657835

The Net-SNMP source RPM package failed to compile on machine incase of a disabled IPv6 networking stack since the built-in test suite requires a working IPv6. The updated package correctly recovers from a disabled IPv6 stack and compiles successfully.

BZ# 665053

The problem was that in some cases SNMP daemon 'snmpd', wrongly retyped pointers to integer data when processing SMUX packets resulting in a freeze. The pointer operations were fixed in the updated package to avoid snmpd freeze while processing SMUX packets.

BZ# 672595

The snmpd daemon handled incorrectly internal list of SMUX registrations, which could result in snmpd crash when processing SMUX messages. The updated package fixes the list handling and does not crash when processing SMUX messages.

BZ# 674757

The snmpd daemon did not properly initialize it's structures for IP-MIB::ipSystemStatsTable and IP-MIB::ipIfStatsTable properly. It returned this error message "looks like a 64bit wrap, but prev!=new" to log if a counter in these tables got larger than 32bits. The updated packages fixes initialization of the tables and ensures that the aforementioned message should not appear in snmpd log. All users of net-snmp are advised to upgrade to these updated packages, which resolve these issues.

1.171.2. RHBA-2012:1410 — net-snmp bug fix update

Updated net-snmp packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support. The net-snmp packages provide a generic client library, a suite of command-line tools, an extensible SNMP agent, Perl modules, and Python modules to use and deploy the Simple Network Management Protocol (SNMP).

Bug Fix

BZ# 868176

Previously, the snmpd daemon did not verify the result of reading from a network socket in the SMUX (SNMP multiplexing) module. Consequently, snmpd was sometimes unable to close erroneous SMUX sessions, because it failed to detect some network errors. With this update, the snmpd daemon has been adapted to properly detect errors when reading from a SMUX socket and it now reacts to these errors properly. Users of net-snmp are advised to upgrade to these updated packages, which fix this bug.

1.172. net-tools

1.172.1. RHBA-2011:0690 — net-tools bug fix update

An updated net-tools package that fixes various bugs is now available for Red Hat Enterprise Linux 6. The net-tools package contains basic networking tools, including ifconfig, netstat, route, and others. Netstat prints information about the Linux networking subsystem.

Bug Fixes

BZ# 682368

Unless a device name was specified on the command line, the mii-tool utility automatically checked Ethernet interfaces from eth0 to eth7. Similarly, running the mii-diag or ether-wake utility without the device name caused it to use eth0 by default. However, Red Hat Enterprise Linux 6.1 introduces the possibility to use arbitrary names for these network interfaces. Because of this, the mii-tool, mii-diag, and ether-wake utilities have been adapted to require a device name to be specified on the command line.

BZ# 580054

Due to an incorrect use of 32-bit integers, running the netstat utility with the "-s" (or "--statistics") command line option on a 64-bit architecture could cause some entries in the "IpExt" section to be displayed with negative values. With this update, integers on 64-bit architectures are now handled properly, and the "netstat -s" command now produces the correct output.

BZ# 634539

When the netstat utility is run with the "-c" (or "--continuous") command line option, it prints the selected information continuously every second. Previously, netstat failed to free the allocated memory. Consequent to this, running the utility for a long time could cause it to consume all available memory. With this update, the underlying source code has been corrected to free the allocated memory when appropriate, and running the netstat utility with the "-c" option no longer leads to a memory leak.

BZ# 614931

Prior to this update, the manual page for the netstat utility stated that running the utility with the "-a" (or "--all") command line option allows a user to list both listening and non-listening sockets. Since this description was rather vague, this update extends the manual page to provide a clear explanation of which sockets are classified as non-listening. All users of net-tools are advised to upgrade to this updated package, which fixes these bugs.

1.173. netcf

1.173.1. RHBA-2011:0620 — netcf bugfix update

An updated netcf package that fixes various bugs is now available. Netcf is a library for modifying the network configuration of a system. Network configurations are expressed in a platform-independent XML format, which netcf translates into changes to the system's 'native' network configuration files. This update rebases netcf from version 0.1.6 to the current upstream version, 0.1.7. (BZ# 651032 ) This rebase addresses several issues, including:

BZ# 633346

Tight coupling between netcf and gnulib * Disallowing firewall rules editing * An iptables rule tweak regarding tuneable kernel necessity This re-base also incorporates fixes for two bugs as follows: * Previously, after a reboot, virInterface functions did not work until libvirt was restarted and instead failed with a "error: Failed to list active interfaces. error: this function is not supported by the connection driver: virConnectNumOfInterfaces" error message. This is now fixed so that the code that caused the problem is removed and virInterface functions operate as expected after a reboot.

BZ# 629206

Previously, netcf was unable to initialize due to the system's iptables configuration and failed with a "Failed to initialize netcf. error: unspecified error" error message. This is now fixed and netcf no longer fails during initialization. Users are advised to upgrade to this updated package, which resolves these issues.

1.174. netlabel_tools

1.174.1. RHBA-2011:0191 — netlabel_tools bug fix update

An updated netlabel_tools package that fixes a bug is now available for Red Hat Enterprise Linux 6. NetLabel is a kernel subsystem which implements explicit packet labeling protocols such as CIPSO and RIPSO for Linux. Packet labeling is used in secure networks to mark packets with the security attributes of the data they contain. This package provides the necessary user space tools to query and configure the kernel subsystem.

Bug Fix

BZ# 602291

Previously, running the netlabelctl utility with an invalid mask argument caused the utility to terminate with a 0 exit status. This error has been fixed, and when an invalid mask is supplied, netlabelctl now returns a non-zero exit status as expected. All users of netlabel_tools are advised to upgrade to this updated package, which resolves this issue.

1.175. NetworkManager

1.175.1. RHSA-2011:0930 — Moderate: NetworkManager security update

Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.

Security Fix

CVE-2011-2176

It was found that NetworkManager did not properly enforce PolicyKit settings controlling the permissions to configure wireless network sharing. A local, unprivileged user could use this flaw to bypass intended PolicyKit restrictions, allowing them to enable wireless network sharing. Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ("service NetworkManager restart") for this update to take effect.

1.175.2. RHSA-2011:1338 — Moderate: NetworkManager security update

Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files.

Security Fix

CVE-2011-3364

An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially-crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections. Red Hat would like to thank Matt McCutchen for reporting this issue. Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ("service NetworkManager restart") for this update to take effect.

1.175.3. RHBA-2011:0769 — NetworkManager bug fix and enhancement update

Updated NetworkManager packages that fix a number of bugs and add some enhancements are now available. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. It manages Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, and provides VPN integration with a variety of different VPN services.

Bug Fixes

BZ# 584271

After Wireless was disabled in NetworkManager, a suspend and resume operation caused the wireless connection to become enabled automatically. This is now fixed to preserve the user set wireless state even after an rfkill operation (suspend and resume).

BZ# 589230

Translations had assorted inconsistencies, including invalid characters as part of the network-manager-applet (languages: as, te, pa, gu, mr, fr, es, bn_IN) and NetworkManager (languages: bn_IN, es, fr, ja, mr). These are now fixed to display the correct translated strings.

BZ# 608663

Due to a type truncation problem on 64-bit PPC systems, correctly configured connections was not displayed in connection editor. This is now fixed and connections are properly shown in the editor on all platforms as expected.

BZ# 626337

Unprivileged users could change the status of the wireless connection and WWAN. This is now fixed to display a "not authorized" error for any unauthorized users attempting to change the wireless status.

BZ# 627649

NetworkManager would insert warning messages in the /var/log/messages log file due to the hostname operation. This is now fixed to ensure no unnecessary warnings display during the hostname operation.

BZ# 633501

Occasionally, the NetworkManager panel applet would not be able to determine user permissions to enable networking and therefore disabled the "Enable Networking" and "Enable Wireless" check boxes. This is now fixed to ensure that if the user has permissions to enable networking, the check boxes display as expected.

BZ# 636877

Roaming between WPA/WPA2 access points in the same SSID attached to the same wireless LAN controller resulted in an unexpected re-authentication requirement. This is now fixed so that the SSID is preserved to be used again after a legitimate roaming disconnection event.

BZ# 666078

Configurations that used multiple network devices where one device was an iSCSI adapter that should not have the default route were incorrectly handled. This is now fixed to ensure that iSCSI devices that are denied the default route do not receive it. (BZ665027) * IPv6 static addressing configurations were unable to correctly save the gateway address. This is now fixed to ensure that the gateway address now saves the first configured IPv6 address.

BZ# 668830

NetworkManager used to update /etc/hosts file, which could cause problems in some configurations. This is now fixed and NetworkManager does not modify /etc/hosts, leaving it for the administrator to set up.

BZ# 692578

NetworkManager saved the WPA/WPA2 password despite selecting the "Ask for this password every time" option and presented a password field with some text when prompting the user to enter a new WPA/WPA2 connection password. This is fixed so that NetworkManager does not store passwords when "Ask for this password every time" is selected and displays an empty password field when prompting the user for the password.

Enhancements

BZ# 634152

IPv6 information such as the IP Address and DNS servers now displays in the connection information.

BZ# 662730

DHCP lease change events now trigger dispatcher scripts at the /etc/NetworkManager/dispatcher.d location. Users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.

1.176. NetworkManager-openswan

1.176.1. RHBA-2011:0746 — NetworkManager-openswan bug fix update

An updated NetworkManager-openswan package that fixes a bug is now available for Red Hat Enterprise Linux 6. NetworkManager-openswan contains software for integrating the Openswan VPN software with NetworkManager and the GNOME desktop.

Bug Fix

BZ# 659709

Previously, it took as much as 45 seconds for NetworkManager-openswan to time out when an incorrect password or incorrect group secret was given. With this update, a fix has been provided and NetworkManager-openswan now fails immediately upon bad credentials. Users of NetworkManager-openswan are advised to upgrade to this updated package, which fixes this bug.

1.177. nfs-utils

1.177.1. RHBA-2011:0738 — nfs-utils bug fix and enhancement update

An updated nfs-utils package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The nfs-utils package provides a daemon for the kernel Network File System (NFS) server, and related tools such as the mount.nfs, umount.nfs, and showmount programs.

Bug Fixes

BZ# 625080

The "nfsstat --nfs" command did not return any results for NFS version 4 clients because the has_stats() function did not support statistics for the NFS version 4 clients. This update adapts the underlying code and the command returns the values as expected.

BZ# 628996

Previously, running the rpc.nfsd program as the root user caused a kernel panic due to a NULL pointer dereference in the nfsd_svc() function. This update applies a number of fixes to the nfsd daemon, which fixes the bug.

BZ# 631012

Previously, mounting NFS over RDMA (remote direct memory access) failed due to missing code for such mounting in the NFS initialization script and the sysconfig file. This update adds the missing code and mounting of NFS over RDMA works correctly.

BZ# 636513

On shutdown, nfs-utils failed to unmount the /var/ file system correctly because the name of the subsystem lock file did not match the name of the lock file nfs-utils was searching for. This update changes the name of the lock file so that the shutdown script locates the file and unmounts the file system successfully.

BZ# 641291

Previously, servers configured to use only the NFS version 4 (NFSv4) services could have failed to start. This occurred because the /etc/sysconf/nfs configuration file defined the MOUNTD_NFS_V1 option, which is no longer supported. This update removes the variable from the configuration file and servers using NFSv4 start as expected.

BZ# 663153

Previously, the %pre scriptlet called the "groupadd" command with an invalid command line argument during package installation. With this update, the command uses the correct argument.

BZ# 698220

Previously, an incorrect principal in the NFS client request could have caused the rpc.svcgssd daemon to terminate unexpectedly with a segmentation fault. This was caused by an error in the underlying code. This update adapts the code and rpc.svcgssd no longer crashes.

Enhancements

BZ# 637198

This update adds IPv6 (Internet Protocol version 6) support for the server.

BZ# 671474

Prior to this update, nfs-utils tried to construct the principal name for the local host and attempted to match it against entries in the keytab file to acquire a Ticket Granting Ticket (TGT). With this update, nfs-utils opens the file and picks the appropriate name from the list of principals so that the NFS client machine is able to authenticate even after its host name is changed. Users are advised to upgrade to this updated nfs-utils package, which resolves these issues and adds these enhancements.

1.177.2. RHBA-2012:0671 — nfs-utils bug fix update

Updated nfs-utils packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support. The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs.

Bug Fix

BZ# 812448

Previously, the nfsd daemon was started before the mountd daemon. However, nfsd uses mountd to validate file handles. Therefore, if an existing NFS client sent requests to the NFS server when nfsd was started, the client received the ESTALE error causing client applications to fail. This update changes the startup order of the daemons: the mountd daemon is now started first so that it can be correctly used by nfsd, and the client no longer receives the ESTALE error in this scenario. All users of nfs-utils are advised to upgrade to these updated packages, which fix this bug.

1.177.3. RHBA-2011:1397 — nfs-utils bug fix update

An updated nfs-utils package that fixes one bug is now available for Red Hat Enterprise Linux 6. The nfs-utils package provides a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. This package also contains the mount.nfs, umount.nfs, and showmount programs.

Bug Fix

BZ# 731309

Previously, the function responsible for parsing the /proc/mounts file was not able to handle single quote characters in the path name of a mount points entries. As a consequence, an NFS exported file system could not be unmounted if its mount point contained space characters. To fix this problem, the parsing routine has been rewritten so that it now parses entries in the /proc/mounts file properly. All NFS file systems now can be unmounted as expected. All users of nfs-utils are advised to upgrade to this updated package, which fixes this bug.

1.178. nfs-utils-lib

1.178.1. RHBA-2011:0732 — nfs-utils-lib bug fix update

Updated nfs-utils-lib packages that fix several bugs are now available. The nfs-utils-lib package contains support libraries required by programs in the nfs-utils package.

Bug Fixes

BZ# 650970

A number of warnings from librpcsecgss and libnfsidmap were printed unnecessarily while attempting to build nfs-utils-lib. These superfluous warnings have been removed.

BZ# 650997

Default values for nfs-utils-lib were not set correctly in the /etc/idconf.conf file. This resulted in default values not being correct on Red Hat Enterprise Linux 6. The configuration has been corrected and now provides sensible defaults. Users are advised to upgrade to these updated packages, which resolve this issue.

1.179. nspr

1.179.1. RHBA-2011:0692 — nspr bug fix and enhancement update

Updated nspr and nss related packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. The nss , nss-softokn , and nss-utilpackage packages have been upgraded to upstream version 3.12.9, which provides a number of bug fixes and enhancements over the previous version. (BZ# 668055 )

Bug Fixes

BZ# 555825

Prior to this update, the softokn PKCS#11 module interface used a wrong object type which caused it to return an object with an invalid CKA_CERTIFICATE_TYPE attribute. With this update, the softokn PKCS#11 module interface uses the correct object type.

BZ# 589636

Rebuilding the nss package when IPv6 is enabled caused it to enter a loop in the test part of the rebuild. With this update, the selfserv test tool has been modified to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients.

BZ# 602629

The help page displayed after issuing the certutil -H command was missing the -W option (which changes the password to a key database). With this update, the -W option has been added to the help page.

BZ# 630101

Importing a private key (using the pk12util command) did not work for private keys placed in the /etc/pki/nssdb/ directory due to permission restrictions. This update addresses this issue, and the nss-sysinit module now enables the root user to import private key.

BZ# 630103

Due to a bug in the nss-sysinit package, visiting a specific website in the Mozilla Firefox web browser caused that website to return an This Connection is Untrusted. error even though the web page had a valid security certificate. With this update, this issue has been fixed and visiting the specific web site no longer returns SSL errors.

BZ# 631000

Prior to this update, PKCS#8 encoded PEM (Privacy Enhanced Mail) RSA private key files could not be read by nss and resulted in an error when being imported. With this update, nss correctly handles the aforementioned files.

BZ# 631586

This update fixes an unclosed comment in the source code which occurred after the said comment was reduced to a one line comment by a previously applied patch.

BZ# 637948

Support for Intel Advanced Encryption Standard Instructions (AES-NI) in the nss package has been enabled and works as expected.

BZ# 642767

This update fixes possible memory leaks in the SECKEY_DestroyPublicKey(SECKEY_ImportDERPublicKey(…)) function.

BZ# 643134

Under certain circumstances, after removing a Certificate Authority (CA) from the trust database, nss continues to consider the removed CA as trusted. This was due to improper handling of trust flags when removing a CA from the trust database. With this update, trust flags from the user database take precedence over the trust flags inherited from the system database, fixing this issue.

BZ# 643553

Prior to this update, when the setup-nsssysinit.sh script rewrote/recreated the pkcs11.txt file, it took the current umask (user mask) into an account. However, if run with restrictive umask settings, the pkcs11.txt file could be created with permissions that did not allow non-privileged users to read it. This could cause nss-sysinit to remain disabled even when it was intended to be enabled. With this update, the permissions of the pkcs11.txt file are changed at the end of the run of the setup-nsssysinit.sh script, fixing this issue.

BZ# 647834

The %verify(not md5 size mtime) declarations have been added to the configuration files.

BZ# 643554

The nss-sysinit application is no longer disabled after the package is upgraded.

BZ# 643564

Issuing an OpenLDAP command and using the LDAPTLS_CACERTDIR variable to pass in an arbitrary directory containing other directories caused the command to abort because OpenLDAP tried to pass down the directory as a file. With this update, specified files that are directories are properly rejected in the aforementioned case.

BZ# 656697

The PayPalEE.cert certificate expired on Oct 31, 2010, which caused the nss package to fail to build. This update prolongs this expiration date of this certificate, and the nss package no longer fails to build.

BZ# 676387

Various headers have been added to the nss-softokn-freebl-devel subpackage.

BZ# 694663

Updating the nss package but not the curl package on systems configured with both Satellite and non-Satellite repositories resulted in a segmentation fault in Yum . With this update, the segmentation fault no longer occurs in the aforementioned case.

Ehnancemets

BZ# 642342

The nss package has been updated for the 3.6.11 version of Mozilla Firefox.

BZ# 643556

This update introduces nss-sysinit status reporting.

BZ# 689031

This update enables nss to use PEM files interchangeably in a single process. All users of nspr , nss , nss-softokn , and nss-util are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.180. nss

1.180.1. RHSA-2011:1282 — Important: nss and nspr security update

Updated nss and nspr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

Security Fix

It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. (BZ# 734316 ) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. These updated packages upgrade NSS to version 3.12.10 on Red Hat Enterprise Linux 4 and 5. As well, they upgrade NSPR to version 4.8.8 on Red Hat Enterprise Linux 4 and 5, as required by the NSS update. The packages for Red Hat Enterprise Linux 6 include a backported patch. All NSS and NSPR users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect.

1.180.2. RHSA-2011:1444 — Important: nss security and bug fix update

Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority (CA) issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. (BZ# 751366 ) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. This update also fixes the following bug on Red Hat Enterprise Linux 5:

BZ# 743508

When using mod_nss with the Apache HTTP Server, a bug in NSS on Red Hat Enterprise Linux 5 resulted in file descriptors leaking each time the Apache HTTP Server was restarted with the "service httpd reload" command. This could have prevented the Apache HTTP Server from functioning properly if all available file descriptors were consumed. For Red Hat Enterprise Linux 6, these updated packages upgrade NSS to version 3.12.10. As well, they upgrade NSPR (Netscape Portable Runtime) to version 4.8.8 and nss-util to version 3.12.10 on Red Hat Enterprise Linux 6, as required by the NSS update. (BZ# 735972 , BZ# 736272 , BZ# 735973 ) All NSS users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. In addition, on Red Hat Enterprise Linux 6, applications using NSPR and nss-util must also be restarted.

1.181. nss-pam-ldapd

1.181.1. RHBA-2011:0796 — nss-pam-ldapd bug fix update

An updated nss-pam-ldapd package is now available for Red Hat Enterprise Linux 6. The nss-pam-ldapd provides the nss-pam-ldapd daemon (nslcd) which uses a directory server to look up name service information on behalf of a lightweight nsswitch module.

Bug Fixes

BZ# 690870

Prior to this update, nslcd did not allow parentheses to be used in a valid name. With this update, the implementation of the "validusers" configuration option has been added and the use of opening and closing parentheses in usernames and groupnames is now allowed.

BZ# 692225

Verifying the nss-pam-ldapd package (by executing the "rpm --verify nss-pam-ldapd" command) failed in the /etc/nslcd.conf file due to changes in that configuration file performed after the installation of the package. With this update, post-installation changes in the /etc/nslcd.conf file no longer affect the verification of the nss-pam-ldapd package.

BZ# 692496

The nslcd man page syntax contained an error which caused the man page to return the following error message on the standard error output: Error parsing *roff command from file /usr/share/man/man8/nslcd.8.gz This update fixes the syntax error and the "man nslcd" command no longer returns an error message.

BZ# 692817

When nslcd was configured to use multiple LDAP servers, it failed to fall back to a different server in case the primary server could not be reached. This was due to nslcd trying to keep the first connection alive even when the connection was dropped. With this update, nslcd correctly falls back to a different server after loosing connection with the current one. All users of nss-pam-ldapd are advised to upgrade to this updated package, which resolves these issues.

1.182. nss-softokn

1.182.1. RHBA-2011:1844 — nss-softokn bug fix update

Updated nss-softokn packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support. Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. The nss-softokn packages provide NSS Softoken Cryptographic Module.

Bug Fix

BZ# 716532

On a 64-bit CPU with native AES instruction support, the intel_aes_decrypt_cbc_256() function did not work correctly when input and output buffers were the same and the function call failed with the message "data mismatch". This update fixes the code and the same buffer can be used for input and output. All users of nss-softokn are advised to upgrade to these updated packages, which fix this bug. After installing the update, applications using NSS must be restarted for the changes to take effect.

1.183. nss_db

1.183.1. RHBA-2011:0942 — nss_db bug fix update

An updated nss_db package that fixes a bug is now available for Red Hat Enterprise Linux 6. The nss_db package contains a set of C library extensions which allow Berkeley Databases to be used as a primary source of aliases, groups, hosts, networks, protocols, users, services, or shadow passwords instead of, or in addition to, using flat files or NIS (Network Information Service).

Bug Fix

BZ# 718203

When a module does not provide its own method for retrieving a user's list of supplemental group memberships, the libc library's default method is used instead to get that information by examining all of the groups known to the module. Consequently, applications which attempted to retrieve the information from multiple threads simultaneously, interfered with each other and each received an incomplete result set. This update provides a module-specific method which prevents this interference in the nss_db module. Users of nss_db are advised to upgrade to this updated package, which fixes this bug.

1.184. oddjob

1.184.1. RHBA-2011:0339 — oddjob bug fix update

Updated oddjob packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. The oddjobd service runs specified privileged tasks for unprivileged client applications which communicate with it through the system message bus.

Bug Fixes

BZ# 634356

Previously, the oddjobd service failed to reconnect to the system message bus after it lost its connection due to an internal function call. With this update, the oddjobd service is now able to reconnect to the message bus successfully after it loses a connection.

BZ# 678345

If a umask is not specified in the oddjobd service's configuration file, the service now uses the UMASK setting, if present, to calculate the permissions which should be set on a user's home directory.

BZ# 664418

The oddjobd service did not ensure, when creating a user's home directory, that any intermediate directories that were created would have correct permissions. This could have caused users to be unable to access their home directory. With this update, oddjobd ensures that correct permissions are set for any intervening directories such that the user is able to access their home directory.

BZ# 674534

The oddjobd init script exited with a exit status of "1" when it was passed a non-existent action. Service init scripts should exit with an exit code of "2" when they are asked to perform an unknown action. The oddjobd init script has been corrected, and now conforms with init script guidelines.

BZ# 659681

The oddjobd service failed to register the name of the mkhomedir service because the message bus was not signaled to re-read its configuration files when the oddjob-mkhomedir package was installed. With this update, oddjobd is now able to register the mkhomedir service name successfully. All oddjobd service users are advised to upgrade to these updated packages which fix these bugs.

1.185. openais

1.185.1. RHBA-2011:0740 — openais bug fix update

Updated openais packages that fix one bug are now available for Red Hat Enterprise Linux 6. The Application Interface Specification (AIS) is an API and a set of policies for developing applications that maintain services during faults. The OpenAIS Standards Based Cluster Framework is an OSI-certified implementation of the Service Availability Forum AIS. The openais packages contain the OpenAIS service handlers and default configuration files.

Bug Fix

BZ# 630110

Previous versions of the openais packages included the /etc/rc.d/init.d/openais init script with the stop priority set to "20". Consequent to this, shutting down a system caused this init script to stop the openais service in a wrong order. Since this init script is not needed, this update removes /etc/rc.d/init.d/openais from the packages, and the openais service is now stopped when expected. All users of openais are advised to upgrade to these updated packages, which fix this bug.

1.186. opencryptoki

1.186.1. RHBA-2011:0661 — opencryptoki bug fix and enhancement update

Updated opencryptoki packages that fix several bugs and add various enhancements are now available for Red Hat Linux 6. The openCryptoki package contains version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The openCryptoki package has been upgraded to upstream version 2.3.3, which provides a number of bug fixes and enhancements over the previous version. (BZ# 632765 )

Bug Fixes

BZ# 604287

Previously, openCryptoki failed to include secure key support on IBM System z. This was caused by an incorrect build configuration. This update provides the package built with the correct configuration and adds secure key support for System z to the package.

BZ# 654088

Prior to this update, openCryptoki failed with the CKR_FUNCTION_FAILED error when trying to sign a certificate for an NSS (Network Security Services) database. This occurred due to the function being called incorrectly. With this update, openCryptoki uses the correct function arguments and the error no longer occurs. Users of opencryptoki are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.186.2. RHBA-2011:1389 — opencryptoki bug fix update

Updated opencryptoki packages that fix one bug are now available For Red Hat Enterprise linux 6. The opencryptoki package contains version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki package also brings a software token implementation that can be used without any cryptographic hardware. This package contains the Slot Daemon (pkcsslotd) and general utilities.

Bug Fix

BZ# 743556

When setting the length of an RSA key for the IBM Cryptographic Accelerator(ICA) token, initialization of the CKA_MODULUS_BITS internal attribute of PKCS#11 was not properly tested and the RSA key length could have been set incorrectly. As a consequence, RSA key verification in the ICA token failed. To ensure that the RSA key is set correctly, two conditions have been added in the respective function in the ICA specific library. The RSA key operations now work properly on the ICA token. All users of opencryptoki are advised to upgrade to these updated packages, which fix this bug.

1.187. openldap

1.187.1. RHBA-2011:0673 — openldap bug fix and enhancement update

Updated openldap packages that fix several bugs and add an enhancement are now available. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

Bug Fixes

BZ# 548475

Move openldap libraries from /usr/lib to /lib.

BZ# 613966

Init script is working wrong if database recovery is needed.

BZ# 630637

Update list of modules in slapd.conf.bak.

BZ# 644399

slapd init script gets stuck in an infinite loop.

BZ# 685119

openldap-servers upgrade hangs or do not upgrade the database Users are advised to upgrade to these packages, which resolve these issues.

1.187.2. RHBA-2012:0453 — openldap bug fix update

Updated openldap packages that fix three bugs are now available for Red Hat Enterprise Linux 6 Extended Update Support. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

Bug Fixes

BZ# 790913

Mozilla NSS initialization functions are not implemented in a thread-safe way. Therefore, if multiple TLS operations were performed simultaneously on an LDAP server, a race condition between the TLS threads could occur. Consequently, the LDAP server terminated unexpectedly with a segmentation fault. With this update, a mutual exclusion (mutex) for Mozilla NSS initialization functions calls has been added to the code, which prevents this situation from occurring. The LDAP server no longer crashes when initializing a TLS connection.

BZ# 790914

Previously, OpenLDAP used incorrect data types for storing the length of the values used by the ODBC (Open Database Connectivity) interface in the SQL back end implementation. As a consequence, the LDAP server terminated unexpectedly with a segmentation fault after a few operations. This update modifies the code to use the correct data types so that the LDAP server no longer crashes when using the SQL back end.

BZ# 790915

Previously, OpenLDAP did not properly handle wildcarded common names (for example CN=*.example.com) in LDAP certificates. Therefore, when a program used OpenLDAP for a secure SSL/TLS connection to an LDAP server using an LDAP certificate with a wildcarded common name, the connection failed. With this update, the code of OpenLDAP has been modified to properly test common names in LDAP certificates so that a connection to the LDAP server now succeeds if the wildcarded common name matches the server hostname. All users of openldap are advised to upgrade to these updated packages, which fix these bugs.

1.187.3. RHEA-2011:1335 — openldap enhancement update

Enhanced openldap packages are now available for Red Hat Enterprise Linux 6. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.

Enhancement

BZ# 733659

In a distributed environment, a Root DN (distinguished name) can be specified instead of a hostname to connect to an OpenLDAP server. The Root DN is used to look up the corresponding hosts using the DNS SRV (Domain Name Server Service) records. Prior to this update, the priority and weight of individual SRV records were ignored and the connection was created to the host in the first SRV record returned by the DNS server. As a consequence, a server in a different geographic location may have been queried, leading to high response times. Servers are now queried according to their priority and weight, which conforms to the RFC 2782 standard. Users of openldap are advised to upgrade to these updated packages, which add this enhancement.

1.187.4. RHBA-2011:1124 — openldap bug fix update

Updated openldap packages that fix one bug are now available for Red Hat Enterprise Linux 6. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.

Bug Fix

BZ# 723134

Prior to this update, client certificates were under certain circumstances not released when OpenLDAP validated the Transport Layer Security (TLS) peer and the client certificate was cached by Mozilla NSS library. Due to this problem, tools that used both OpenLDAP and Mozilla NSS libraries could fail when calling the NSS_Shutdown function. This update releases the certificate in the OpenLDAP library after finishing the validation. Now, all caches can be released and NSS_Shutdown succeeds. All users of openldap are advised to upgrade to these updated packages, which fix this bug.

1.188. openmpi

1.188.1. RHEA-2011:0590 — openmpi bug fix and enhancement update

Updated openmpi packages that fix a bug and add an enhancement are now available for Red Hat Enterprise Linux 6. Open MPI is the Open Message Passing Interface software stack used for cluster communications in High Performance Compute clusters.

Enhancement

BZ# 632371

The OpenMPI packages have been upgraded to upstream version 1.4.3, which provides a number of bug fixes and enhancements.

Bug Fix

BZ# 661292

Previously, the line "BuildRequires: flex" was missing in the spec file. This caused the package build to fail unless flex was manually installed. This update adds the line to the spec file. All users of Open MPI are advised to upgrade to these updated openmpi packages, which fix this bug and add this enhancement.

1.189. openscap

1.189.1. RHBA-2011:0609 — openscap bug fix and enhancement update

Updated openscap packages that fix various bugs and add several enhancements are now available for Red Hat Enterprise Linux 6. The Security Content Automation Protocol (SCAP) is a line of standards that provide a standard language for the expression of Computer Network Defense related information. OpenSCAP is a set of open source libraries for the integration of SCAP. The openscap packages have been upgraded to upstream version 0.7.1, which provides a number of bug fixes and enhancements over the previous version. The most important changes include support for Open Vulnerability and Assessment Language (OVAL) version 5.6, the new OpenSCAP API, and various memory and CPU optimizations. (BZ# 642672 )

Bug Fix

BZ# 669693

Previously, sending the "USR1" signal to all probes in order to abort the execution of a current rule could cause the oscap utility to stop responding or even terminate unexpectedly with a segmentation fault. This update adapts the underlying source code to prevent such behavior, and when the "USR1" signal is received, the oscap utility now correctly aborts the execution of the selected rule and continues with the remaining rules as expected. All users of openscap are advised to upgrade to these updated packages, which fix this and other bugs, and add these enhancements.

1.190. openssh

1.190.1. RHBA-2011:0598 — openssh bug fix and enhancement update

Updated openssh packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.

Bug Fixes

BZ# 631757

When the ~/.bashrc startup file contained a command that produced output to standard error, the sftp utility was unable to log in to the user account. This bug has been fixed, and output to standard error is discarded and no longer prevents the sftp utility from establishing the connection.

BZ# 631787

Due to the limitations of the data type that was used to store user identifier (UID) numbers, the lastlog record was not created for a user with a UID larger than 2147483647. With this update, this data type has been changed to unsigned long integer, and the /var/log/lastlog database is now updated as expected.

BZ# 646286

Previously, GSSAPI key exchange functionality was not supported. With this update, GSSAPI key exchange is now supported and works as expected.

BZ# 652249

Previously, the openssh package did not contain the README.nss file. This update adds the file to the documentation.

BZ# 656415

Logging in to a system caused pam_ssh_agent_auth to temporarily set the EUID (Effective User ID) to the user's current UID. However, if the connection failed, the original EUID was not restored. This update corrects this coding error so that the EUID is restored in this situaton.

BZ# 656844

Previously, openssh could have terminated with a segmentation fault if used as a SOCKS proxy. This occurred due to an unhandled null pointer. With this update the underlying code has been fixed and the problem no longer occurs.

BZ# 670515

Previously, the ssh-keygen(1) manual page did not document the "-n" option. This update adds the option description to the manual page.

BZ# 672870

Previously, the sshd daemon could have failed to start on a server in FIPS (Federal Information Processing Standards) mode. This happened because the daemon expected an RSA1 server key to be created on startup and checked if the key was available. However, in FIPS mode, no RSA1 key is generated on startup. With this update, the underlying code has been changed and the check is no longer performed when in FIPS mode.

BZ# 676665

Previously, the sshd daemon could have failed to locate an authorized key if both MLS (Multi-Level Security) SELinux policy and polyinstantiation of home directories were enabled. This occurred because the daemon was searching for authorized keys in the wrong home directories. This update adds the ssh-keycat helper program, which locates and passes the keys to sshd.

BZ# 681296

By default, OpenSSH utilities use the /dev/urandom random number generator (RNG). This update adds the "SSH_USE_STRONG_RNG" environment variable. Setting "SSH_USE_STRONG_RNG=1" (the recommended location to set this environment variable is in the /etc/sysconfig/sshd configuration file) causes OpenSSH utilities to use the stronger /dev/random RNG, which is better at ensuring the RNG always has sufficient entropy. Setting "SSH_USE_STRONG_RNG=1" is resource-intensive, and should generally only be done on servers which have a hardware-enabled random number generator.

BZ# 690127

Prior to this update, the openssh-keycat subpackage was optional and OpenSSH thus failed to meet Common Criteria. With this update, the package is included in the openssh-server package.

BZ# 690391

Previously, if the user sent two SIGHUP signals to the sshd daemon, the daemon terminated unexpectedly. With this update, the underlying code has been changed and the daemon no longer crashes in such circumstances.