Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Low: rdma on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Monday 4th March 2013 19:09:55 UTC (over 3 years ago)
Synopsis:          Low: rdma security, bug fix and enhancement update
Issue Date:        2013-02-21
CVE Numbers:       CVE-2012-4517
                    CVE-2012-4518
--

A denial of service flaw was found in the way ibacm managed reference
counts
for multicast connections. An attacker could send specially-crafted 
multicast
packets that would cause the ibacm daemon to crash. (CVE-2012-4517)

It was found that the ibacm daemon created some files with world-writable
permissions. A local attacker could use this flaw to overwrite the 
contents of
the ibacm.log or ibacm.port file, allowing them to mask certain actions
from
the log or cause ibacm to run on a non-default port. (CVE-2012-4518)

The InfiniBand/iWARP/RDMA stack components have been upgraded to more
recent
upstream versions.

This update also fixes the following bugs:

* Previously, the "ibnodes -h" command did not show a proper usage message.
With this update the problem is fixed and "ibnodes -h" now shows the
correct
usage message.

* Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3 
hardware's
physical state as invalid even when the device was working. For iWARP 
hardware,
the phys_state field has no meaning. This update patches the utility to not
print out anything for this field when the hardware is iWARP hardware.

* Prior to the release of Scientific Linux 6.3, the kernel created the
InfiniBand device files in the wrong place and a udev rules file was used
to
force the devices to be created in the proper place. With the update to
6.3,
the kernel was fixed to create the InfiniBand device files in the proper 
place,
and so the udev rules file was removed as no longer being necessary. 
However, a
bug in the kernel device creation meant that, although the devices were now
being created in the right place, they had incorrect permissions. 
Consequently,
when users attempted to run an RDMA application as a non-root user, the
application failed to get the necessary permissions to use the RDMA 
device and
the application terminated. This update puts a new udev rules file in 
place. It
no longer attempts to create the InfiniBand devices since they already 
exist,
but it does correct the device permissions on the files.

* Previously, using the "perfquery -C" command with a host name caused the
perfquery utility to become unresponsive. The list of controllers to
process
was never cleared and the process looped infinitely on a single 
controller. A
patch has been applied to make sure that in the case where the user 
passes in
the -C option, the controller list is cleared out once that controller 
has been
processed. As a result, perfquery now works as expected in the scenario
described.

* The OpenSM init script did not handle the case where there were no
configuration files under "/etc/rdma/opensm.conf.*". With this update, the
script as been patched and the InfiniBand Subnet Manager, OpenSM, now 
starts as
expected in the scenario described.

This update also adds the following enhancement:

* This update provides an updated mlx4_ib Mellanox driver which includes 
Single
Root I/O Virtualization (SR-IOV) support.
--

SL6
   x86_64
     infinipath-psm-3.0.1-115.1015_open.1.el6.x86_64.rpm
     infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm
     libibverbs-1.1.6-5.el6.i686.rpm
     libibverbs-1.1.6-5.el6.x86_64.rpm
     libibverbs-debuginfo-1.1.6-5.el6.i686.rpm
     libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm
     librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm
     librdmacm-1.0.17-0.git4b5c1aa.el6.x86_64.rpm
     librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm
     librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm
     ibacm-1.0.8-0.git7a3adb7.el6.x86_64.rpm
     ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm
     ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm
     ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm
     ibacm-devel-1.0.8-0.git7a3adb7.el6.x86_64.rpm
     infinipath-psm-devel-3.0.1-115.1015_open.1.el6.x86_64.rpm
     libibmad-1.3.9-1.el6.i686.rpm
     libibmad-1.3.9-1.el6.x86_64.rpm
     libibmad-debuginfo-1.3.9-1.el6.i686.rpm
     libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm
     libibmad-devel-1.3.9-1.el6.i686.rpm
     libibmad-devel-1.3.9-1.el6.x86_64.rpm
     libibmad-static-1.3.9-1.el6.x86_64.rpm
     libibumad-1.3.8-1.el6.i686.rpm
     libibumad-1.3.8-1.el6.x86_64.rpm
     libibumad-debuginfo-1.3.8-1.el6.i686.rpm
     libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm
     libibumad-devel-1.3.8-1.el6.i686.rpm
     libibumad-devel-1.3.8-1.el6.x86_64.rpm
     libibumad-static-1.3.8-1.el6.x86_64.rpm
     libibverbs-devel-1.1.6-5.el6.i686.rpm
     libibverbs-devel-1.1.6-5.el6.x86_64.rpm
     libibverbs-devel-static-1.1.6-5.el6.x86_64.rpm
     libibverbs-utils-1.1.6-5.el6.x86_64.rpm
     libmlx4-1.0.4-1.el6.i686.rpm
     libmlx4-1.0.4-1.el6.x86_64.rpm
     libmlx4-debuginfo-1.0.4-1.el6.i686.rpm
     libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm
     libmlx4-static-1.0.4-1.el6.x86_64.rpm
     librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm
     librdmacm-devel-1.0.17-0.git4b5c1aa.el6.x86_64.rpm
     librdmacm-static-1.0.17-0.git4b5c1aa.el6.x86_64.rpm
     librdmacm-utils-1.0.17-0.git4b5c1aa.el6.x86_64.rpm
     opensm-3.3.15-1.el6.x86_64.rpm
     opensm-debuginfo-3.3.15-1.el6.i686.rpm
     opensm-debuginfo-3.3.15-1.el6.x86_64.rpm
     opensm-devel-3.3.15-1.el6.i686.rpm
     opensm-devel-3.3.15-1.el6.x86_64.rpm
     opensm-libs-3.3.15-1.el6.i686.rpm
     opensm-libs-3.3.15-1.el6.x86_64.rpm
     opensm-static-3.3.15-1.el6.x86_64.rpm
     ibsim-0.5-7.el6.x86_64.rpm
     ibsim-debuginfo-0.5-7.el6.x86_64.rpm
     ibutils-1.5.7-7.el6.x86_64.rpm
     ibutils-debuginfo-1.5.7-7.el6.i686.rpm
     ibutils-debuginfo-1.5.7-7.el6.x86_64.rpm
     ibutils-libs-1.5.7-7.el6.i686.rpm
     ibutils-libs-1.5.7-7.el6.x86_64.rpm
     infiniband-diags-1.5.12-5.el6.i686.rpm
     infiniband-diags-1.5.12-5.el6.x86_64.rpm
     infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm
     infiniband-diags-debuginfo-1.5.12-5.el6.x86_64.rpm
     ibutils-devel-1.5.7-7.el6.i686.rpm
     ibutils-devel-1.5.7-7.el6.x86_64.rpm
     infiniband-diags-devel-1.5.12-5.el6.i686.rpm
     infiniband-diags-devel-1.5.12-5.el6.x86_64.rpm
     infiniband-diags-devel-static-1.5.12-5.el6.x86_64.rpm
   i386
     libibverbs-1.1.6-5.el6.i686.rpm
     libibverbs-debuginfo-1.1.6-5.el6.i686.rpm
     librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm
     librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm
     ibacm-1.0.8-0.git7a3adb7.el6.i686.rpm
     ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm
     ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm
     libibmad-1.3.9-1.el6.i686.rpm
     libibmad-debuginfo-1.3.9-1.el6.i686.rpm
     libibmad-devel-1.3.9-1.el6.i686.rpm
     libibmad-static-1.3.9-1.el6.i686.rpm
     libibumad-1.3.8-1.el6.i686.rpm
     libibumad-debuginfo-1.3.8-1.el6.i686.rpm
     libibumad-devel-1.3.8-1.el6.i686.rpm
     libibumad-static-1.3.8-1.el6.i686.rpm
     libibverbs-devel-1.1.6-5.el6.i686.rpm
     libibverbs-devel-static-1.1.6-5.el6.i686.rpm
     libibverbs-utils-1.1.6-5.el6.i686.rpm
     libmlx4-1.0.4-1.el6.i686.rpm
     libmlx4-debuginfo-1.0.4-1.el6.i686.rpm
     libmlx4-static-1.0.4-1.el6.i686.rpm
     librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm
     librdmacm-static-1.0.17-0.git4b5c1aa.el6.i686.rpm
     librdmacm-utils-1.0.17-0.git4b5c1aa.el6.i686.rpm
     opensm-3.3.15-1.el6.i686.rpm
     opensm-debuginfo-3.3.15-1.el6.i686.rpm
     opensm-devel-3.3.15-1.el6.i686.rpm
     opensm-libs-3.3.15-1.el6.i686.rpm
     opensm-static-3.3.15-1.el6.i686.rpm
     ibsim-0.5-7.el6.i686.rpm
     ibsim-debuginfo-0.5-7.el6.i686.rpm
     ibutils-1.5.7-7.el6.i686.rpm
     ibutils-debuginfo-1.5.7-7.el6.i686.rpm
     ibutils-libs-1.5.7-7.el6.i686.rpm
     infiniband-diags-1.5.12-5.el6.i686.rpm
     infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm
     ibutils-devel-1.5.7-7.el6.i686.rpm
     infiniband-diags-devel-1.5.12-5.el6.i686.rpm
     infiniband-diags-devel-static-1.5.12-5.el6.i686.rpm
   noarch
     rdma-3.6-1.el6.noarch.rpm

The following packages were added for dependency resolution
SL6
   x86_64
     boost-1.41.0-11.el6_1.2.x86_64.rpm
     boost-date-time-1.41.0-11.el6_1.2.i686.rpm
     boost-date-time-1.41.0-11.el6_1.2.x86_64.rpm
     boost-devel-1.41.0-11.el6_1.2.i686.rpm
     boost-devel-1.41.0-11.el6_1.2.x86_64.rpm
     boost-doc-1.41.0-11.el6_1.2.x86_64.rpm
     boost-filesystem-1.41.0-11.el6_1.2.i686.rpm
     boost-filesystem-1.41.0-11.el6_1.2.x86_64.rpm
     boost-graph-1.41.0-11.el6_1.2.i686.rpm
     boost-graph-1.41.0-11.el6_1.2.x86_64.rpm
     boost-graph-mpich2-1.41.0-11.el6_1.2.i686.rpm
     boost-graph-mpich2-1.41.0-11.el6_1.2.x86_64.rpm
     boost-graph-openmpi-1.41.0-11.el6_1.2.x86_64.rpm
     boost-iostreams-1.41.0-11.el6_1.2.i686.rpm
     boost-iostreams-1.41.0-11.el6_1.2.x86_64.rpm
     boost-math-1.41.0-11.el6_1.2.x86_64.rpm
     boost-mpich2-1.41.0-11.el6_1.2.i686.rpm
     boost-mpich2-1.41.0-11.el6_1.2.x86_64.rpm
     boost-mpich2-devel-1.41.0-11.el6_1.2.i686.rpm
     boost-mpich2-devel-1.41.0-11.el6_1.2.x86_64.rpm
     boost-mpich2-python-1.41.0-11.el6_1.2.i686.rpm
     boost-mpich2-python-1.41.0-11.el6_1.2.x86_64.rpm
     boost-openmpi-1.41.0-11.el6_1.2.x86_64.rpm
     boost-openmpi-devel-1.41.0-11.el6_1.2.i686.rpm
     boost-openmpi-devel-1.41.0-11.el6_1.2.x86_64.rpm
     boost-openmpi-python-1.41.0-11.el6_1.2.x86_64.rpm
     boost-program-options-1.41.0-11.el6_1.2.i686.rpm
     boost-program-options-1.41.0-11.el6_1.2.x86_64.rpm
     boost-python-1.41.0-11.el6_1.2.i686.rpm
     boost-python-1.41.0-11.el6_1.2.x86_64.rpm
     boost-regex-1.41.0-11.el6_1.2.i686.rpm
     boost-regex-1.41.0-11.el6_1.2.x86_64.rpm
     boost-serialization-1.41.0-11.el6_1.2.i686.rpm
     boost-serialization-1.41.0-11.el6_1.2.x86_64.rpm
     boost-signals-1.41.0-11.el6_1.2.i686.rpm
     boost-signals-1.41.0-11.el6_1.2.x86_64.rpm
     boost-static-1.41.0-11.el6_1.2.x86_64.rpm
     boost-system-1.41.0-11.el6_1.2.i686.rpm
     boost-system-1.41.0-11.el6_1.2.x86_64.rpm
     boost-test-1.41.0-11.el6_1.2.i686.rpm
     boost-test-1.41.0-11.el6_1.2.x86_64.rpm
     boost-thread-1.41.0-11.el6_1.2.i686.rpm
     boost-thread-1.41.0-11.el6_1.2.x86_64.rpm
     boost-wave-1.41.0-11.el6_1.2.i686.rpm
     boost-wave-1.41.0-11.el6_1.2.x86_64.rpm
     compat-openmpi-1.4.3-1.el6.i686.rpm
     compat-openmpi-1.4.3-1.el6.x86_64.rpm
     compat-openmpi-devel-1.4.3-1.el6.i686.rpm
     compat-openmpi-devel-1.4.3-1.el6.x86_64.rpm
     compat-openmpi-psm-1.4.3-1.el6.x86_64.rpm
     compat-openmpi-psm-devel-1.4.3-1.el6.x86_64.rpm
     mpitests-mvapich2-3.2-5.el6.x86_64.rpm
     mpitests-mvapich2-psm-3.2-5.el6.x86_64.rpm
     mpitests-mvapich-3.2-5.el6.x86_64.rpm
     mpitests-mvapich-psm-3.2-5.el6.x86_64.rpm
     mpitests-openmpi-3.2-5.el6.x86_64.rpm
     mpitests-openmpi-psm-3.2-4.el6.x86_64.rpm
     mvapich-1.2.0-0.3563.rc1.5.el6.i686.rpm
     mvapich-1.2.0-0.3563.rc1.5.el6.x86_64.rpm
     mvapich2-1.8-1.el6.i686.rpm
     mvapich2-1.8-1.el6.x86_64.rpm
     mvapich2-common-1.8-1.el6.noarch.rpm
     mvapich2-devel-1.8-1.el6.i686.rpm
     mvapich2-devel-1.8-1.el6.x86_64.rpm
     mvapich2-psm-1.8-1.el6.x86_64.rpm
     mvapich2-psm-devel-1.8-1.el6.x86_64.rpm
     mvapich-common-1.2.0-0.3563.rc1.5.el6.noarch.rpm
     mvapich-devel-1.2.0-0.3563.rc1.5.el6.i686.rpm
     mvapich-devel-1.2.0-0.3563.rc1.5.el6.x86_64.rpm
     mvapich-psm-1.2.0-0.3563.rc1.5.el6.x86_64.rpm
     mvapich-psm-devel-1.2.0-0.3563.rc1.5.el6.x86_64.rpm
     mvapich-psm-static-1.2.0-0.3563.rc1.5.el6.x86_64.rpm
     mvapich-static-1.2.0-0.3563.rc1.5.el6.x86_64.rpm
     ocaml-libguestfs-1.16.34-2.el6.x86_64.rpm
     ocaml-libguestfs-devel-1.16.34-2.el6.x86_64.rpm
     openmpi-1.5.4-1.el6.i686.rpm
     openmpi-1.5.4-1.el6.x86_64.rpm
     openmpi-devel-1.5.4-1.el6.i686.rpm
     openmpi-devel-1.5.4-1.el6.x86_64.rpm
     openmpi-psm-1.5.3-3.el6.x86_64.rpm
     openmpi-psm-devel-1.5.3-3.el6.x86_64.rpm
     srptools-0.0.4-15.el6.x86_64.rpm
     valgrind-3.6.0-5.el6.i686.rpm
     valgrind-3.6.0-5.el6.x86_64.rpm
     valgrind-devel-3.6.0-5.el6.i686.rpm
     valgrind-devel-3.6.0-5.el6.x86_64.rpm
     valgrind-openmpi-3.6.0-5.el6.x86_64.rpm


   i386
     boost-1.41.0-11.el6_1.2.i686.rpm
     boost-date-time-1.41.0-11.el6_1.2.i686.rpm
     boost-devel-1.41.0-11.el6_1.2.i686.rpm
     boost-doc-1.41.0-11.el6_1.2.i686.rpm
     boost-filesystem-1.41.0-11.el6_1.2.i686.rpm
     boost-graph-1.41.0-11.el6_1.2.i686.rpm
     boost-graph-mpich2-1.41.0-11.el6_1.2.i686.rpm
     boost-graph-openmpi-1.41.0-11.el6_1.2.i686.rpm
     boost-iostreams-1.41.0-11.el6_1.2.i686.rpm
     boost-math-1.41.0-11.el6_1.2.i686.rpm
     boost-mpich2-1.41.0-11.el6_1.2.i686.rpm
     boost-mpich2-devel-1.41.0-11.el6_1.2.i686.rpm
     boost-mpich2-python-1.41.0-11.el6_1.2.i686.rpm
     boost-openmpi-1.41.0-11.el6_1.2.i686.rpm
     boost-openmpi-devel-1.41.0-11.el6_1.2.i686.rpm
     boost-openmpi-python-1.41.0-11.el6_1.2.i686.rpm
     boost-program-options-1.41.0-11.el6_1.2.i686.rpm
     boost-python-1.41.0-11.el6_1.2.i686.rpm
     boost-regex-1.41.0-11.el6_1.2.i686.rpm
     boost-serialization-1.41.0-11.el6_1.2.i686.rpm
     boost-signals-1.41.0-11.el6_1.2.i686.rpm
     boost-static-1.41.0-11.el6_1.2.i686.rpm
     boost-system-1.41.0-11.el6_1.2.i686.rpm
     boost-test-1.41.0-11.el6_1.2.i686.rpm
     boost-thread-1.41.0-11.el6_1.2.i686.rpm
     boost-wave-1.41.0-11.el6_1.2.i686.rpm
     compat-openmpi-1.4.3-1.el6.i686.rpm
     compat-openmpi-devel-1.4.3-1.el6.i686.rpm
     mpitests-mvapich2-3.2-5.el6.i686.rpm
     mpitests-mvapich-3.2-5.el6.i686.rpm
     mpitests-openmpi-3.2-5.el6.i686.rpm
     mvapich-1.2.0-0.3563.rc1.5.el6.i686.rpm
     mvapich2-1.8-1.el6.i686.rpm
     mvapich2-common-1.8-1.el6.noarch.rpm
     mvapich2-devel-1.8-1.el6.i686.rpm
     mvapich-common-1.2.0-0.3563.rc1.5.el6.noarch.rpm
     mvapich-devel-1.2.0-0.3563.rc1.5.el6.i686.rpm
     mvapich-static-1.2.0-0.3563.rc1.5.el6.i686.rpm
     openmpi-1.5.4-1.el6.i686.rpm
     openmpi-devel-1.5.4-1.el6.i686.rpm
     srptools-0.0.4-15.el6.i686.rpm
     valgrind-3.6.0-5.el6.i686.rpm
     valgrind-devel-3.6.0-5.el6.i686.rpm
     valgrind-openmpi-3.6.0-5.el6.i686.rpm


- Scientific Linux Development Team
 
CD: 3ms