Issued:: 2012-06-20
Updated:: 2012-06-20

RHBA-2012:0778 - setup bug fix and enhancement update

Synopsis

setup bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

An updated setup package that fixes three bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6.

Description

The setup package contains a set of important system configuration and setup files, such as passwd, group, and profile.

This update fixes the following bugs:

Prior to this update, the /etc/filesystems configuration file did not contain a line with the ext4 file system. This could lead to various problems; for example, a process that used the file to determine supported file systems was not able to recognize ext4 as a valid file system. This update adds the missing line in the /etc/filesystems file. (BZ#771388)
Prior to this update, the /etc/services configuration file contained an entry with the Internet Assigned Numbers Authority (IANA) reservation of port 0 for the spr-itunes service. However, the reservation of port 0 does not represent a real port reservation (it is only acknowledgment of IANA that the service exists). The spr-itunes entry has been commented out in the /etc/services file and an extended comment has been added to clarify the issue. (BZ#710185)
Prior to this update, the /etc/group configuration file contained unnecessary supplementary groups - especially the root groups posed some potential security risk. These groups were legacy remnants and are no longer required. To mitigate the risk of making some future exploit more severe only because of the root's supplementary groups, the groups have been removed from the defaults.(BZ#724007)

This update also adds the following enhancements:

The wallaby package creates a user ID (UID) and a group ID (GID) pair, both with the name "wallaby" and number 181. Prior to this update, the UID and GID pairs were not reserved by the setup package. As a consequence, other packages or system administrators could accidentally assign the values to other users and groups. With this update, the setup package reserves these UID/GID names and numbers, so that accidental UID/GID usage risk is reduced. (BZ#772746)
The tog-pegasus-libs package creates a user ID (UID) and a group ID (GID) pair, both with the name "cimsrvr" and number 134. Prior to this update, the UID and GID pairs were not reserved by the setup package. As a consequence, other packages or system administrators could accidentally assign the values to other users and groups. With this update, the setup package reserves these UID/GID names and numbers, so that accidental UID/GID usage risk is reduced. (BZ#760178)
The sanlock package creates a user ID (UID) and a group ID (GID) pair, both with the name "sanlock" and number 179. Prior to this update, the UID and GID pairs were not reserved by the setup package. As a consequence, other packages or system administrators could accidentally assign the values to other users and groups. With this update, the setup package reserves these UID/GID names and numbers, so that accidental UID/GID usage risk is reduced. (BZ#738294)
The dhcp package creates a user ID (UID) and a group ID (GID) pair, both with the name "dhcpd" and number 177. Prior to this update, the UID and GID pairs were not reserved by the setup packages. As a consequence, other packages or system administrators could accidentally assign the values to other users and groups. With this update, the setup package reserves these UID/GID names and numbers, so that accidental UID/GID usage risk is reduced. (BZ#738177)
A new cloud engine feature requires new users and groups - namely aeolus, katello, elasticsearch and mongodb with numbers 180, 182, 183 and 184. Prior to this update, the UID and GID pairs were not reserved by the setup packages. To prevent accidental UID/GID usage by other packages or system administrators, the aforementioned UID/GID names and number are now reserved by the setup package. (BZ#804203, BZ#804204, BZ#804205, BZ#806052)

All users of setup are advised to upgrade to this updated package, which fixes these bugs and add these enhancements.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Affected Products

Product	Version	Arch
Red Hat Enterprise Linux for Scientific Computing	6	x86_64
Red Hat Enterprise Linux for Power, big endian	6	ppc64
Red Hat Enterprise Linux for IBM z Systems	6	s390x
Red Hat Enterprise Linux Workstation	6	x86_64
Red Hat Enterprise Linux Workstation	6	i386
Red Hat Enterprise Linux Server	6	x86_64
Red Hat Enterprise Linux Server	6	i386
Red Hat Enterprise Linux Server from RHUI	6	x86_64
Red Hat Enterprise Linux Server from RHUI	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Desktop	6	x86_64
Red Hat Enterprise Linux Desktop	6	i386

Updated Packages

setup-2.8.14-16.el6.noarch.rpm
setup-2.8.14-16.el6.src.rpm

Fixes

CVEs

(none)

References

(none)

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.