Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for gfs2-utils CESA-2009:1337 centos5 i386

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.9

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update for the 'gfs2-utils' package(s) announced via the referenced advisory.

Insight

Insight

The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems. Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-6552) This update also fixes the following bugs: * gfs2_fsck now properly detects and repairs problems with sequence numbers on GFS2 file systems. * GFS2 user utilities now use the file system UUID. * gfs2_grow now properly updates the file system size during operation. * gfs2_fsck now returns the proper exit codes. * gfs2_convert now properly frees blocks when removing free blocks up to height 2. * the gfs2_fsck manual page has been renamed to fsck.gfs2 to match current standards. * the 'gfs2_tool df' command now provides human-readable output. * mounting GFS2 file systems with the noatime or noquota option now works properly. * new capabilities have been added to the gfs2_edit tool to help in testing and debugging GFS and GFS2 issues. * the 'gfs2_tool df' command no longer segfaults on file systems with a block size other than 4k. * the gfs2_grow manual page no longer references the '-r' option, which has been removed. * the 'gfs2_tool unfreeze' command no longer hangs during use. * gfs2_convert no longer corrupts file systems when converting from GFS to GFS2. * gfs2_fsck no longer segfaults when encountering a block which is listed as both a data and stuffed directory inode. * gfs2_fsck can now fix file systems even if the journal is already locked for use. * a GFS2 file system's metadata is now properly copied with 'gfs2_edit savemeta' and 'gfs2_edit restoremeta'. * the gfs2_edit savemeta function now properly saves blocks of type 2. * 'gfs2_convert -vy' now works properly on the PowerPC architecture. * when mounting a GFS2 file system as '/', mount_gfs2 no longer fails after being unable to find the file system in '/proc/mounts'. * gfs2_fsck no longer segfaults when fixing 'EA leaf block type' problems. All gfs2-utils users should upgrade to this updated package, which resolves these issues.

Affected Software

Affected Software

gfs2-utils on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)