Referenced CVEs:
CVE-2008-4192, CVE-2008-4579, CVE-2008-4580, CVE-2008-6552, CVE-2008-6560
Description:
===========================================================Ubuntu Security Notice USN-875-1 December 18, 2009redhat-cluster, redhat-cluster-suite vulnerabilitiesCVE-2008-4192, CVE-2008-4579, CVE-2008-4580, CVE-2008-6552,CVE-2008-6560===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: ccs 1.20060222-0ubuntu6.3 cman 1.20060222-0ubuntu6.3 fence 1.20060222-0ubuntu6.3 libcman1 1.20060222-0ubuntu6.3 rgmanager 1.20060222-0ubuntu6.3Ubuntu 8.04 LTS: cman 2.20080227-0ubuntu1.3 gfs2-tools 2.20080227-0ubuntu1.3 rgmanager 2.20080227-0ubuntu1.3Ubuntu 8.10: cman 2.20080826-0ubuntu1.3 gfs2-tools 2.20080826-0ubuntu1.3 rgmanager 2.20080826-0ubuntu1.3In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Multiple insecure temporary file handling vulnerabilities were discoveredin Red Hat Cluster. A local attacker could exploit these to overwritearbitrary local files via symlinks. (CVE-2008-4192, CVE-2008-4579,CVE-2008-4580, CVE-2008-6552)It was discovered that CMAN did not properly handle malformed configurationfiles. An attacker could cause a denial of service (via CPU consumption andmemory corruption) in a node if the attacker were able to modify thecluster configuration for the node. (CVE-2008-6560)
More...