Issued:

2013-11-20

Updated:

2013-11-20

RHBA-2013:1681 - cronie bug fix and enhancement update

Synopsis

cronie bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated cronie packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.

Description

Cronie contains the standard UNIX daemon crond that runs specified programs at scheduled times and related tools. It is a fork of the original vixie-cron and has security and configuration enhancements like the ability to use pam and SELinux.

This update fixes the following bugs:

• Previously, the crond deamon did not drop data about user privileges before calling the popen() system function. Consequently, warnings about changing privileges were written to the /var/log/crond file when the function was invoked by the non-root user. With this update, crond has been modified to drop user privileges before calling popen(). As a result, warnings are no longer logged in this scenario. (BZ#697485)

• With this update, file permissions of cron configuration files have been changed to be readable only by the root user. (BZ#706979)

• Prior to this update, the definition of restart in the cron init file was incorrect. Consequently, a failure was incorrectly reported when restarting the crond daemon. The init file has been fixed and the redundant failure message is no longer displayed after crond restart. (BZ#733697)

• Cron jobs of users with home directories mounted on a Lightweight Directory Access Protocol (LDAP) server or Network File System (NFS) were often refused because jobs were marked as orphaned (typically due to a temporary NSS lookup failure, when NIS and LDAP servers were unreachable). With this update, a database of orphans is created, and cron jobs are performed as expected. (BZ#738232)

• With this update, obsolete comments have been removed from the /etc/cron.hourly/0anacron configuration file. (BZ#743473)

• Due to a bug in cron's support for time zones, planned jobs were executed multiple times. Effects of this bug were visible only during the spring change of time. This bug has been fixed and jobs are now executed correctly during the time change. (BZ#821046, BZ#995089)

• With this update, an incorrect example showing the anacron table setup has been fixed in the anacrontab man page. (BZ#887859)

• Previously, the crond daemon did not check for existing locks for daemon. Consequently, multiple instances of crond could run simultaneously. The locking mechanism has been updated and running multiple instances of cron at once is no longer possible. (BZ#919440)

• Prior to this update, the $LANG setting was not read by the crond daemon. Consequently, cron jobs were not run with the system-wide $LANG setting. This bug has been fixed and $LANG is now used by cron jobs as expected. (BZ#985888)

• Previously, the crond daemon used the putenv system call, which could have caused crond to terminate unexpectedly with a segmentation fault. With this update, putenv() has been replaced with the setenv() system call, thus preventing the segmentation fault. (BZ#985893)

• Prior to this update, the PATH variable could be set by cron or in crontable, but could not be changed by a PAM setting. With this update, PATH can be altered by PAM setting. As a result, PATH can now be inherited from the environment if the "-P" option is used. (BZ#990710)

• Previously, an incorrect error code was returned when non-root user tried to restart the crond daemon. With this update, a correct code is returned in the described case. (BZ#1006869)

In addition, this update adds the following enhancements:

• This update adds the RANDOM_DELAY variable that allows delaying job startups by random amount of minutes with upper limit specified by the variable. The random scaling factor is determined during the crond daemon startup so it remains constant for the whole run time of the daemon. (BZ#829910)

• With this update, the CRON_CORRECT_MAIL_HEADER environment variable in the /etc/crond/sysconfig configuration file has been updated. With this variable enabled, cron now sends emails with headers in RFC compliant format. (BZ#922829)

Users of cronie are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Affected Products

Updated Packages

• cronie-1.4.4-12.el6.ppc64.rpm
• cronie-noanacron-1.4.4-12.el6.s390x.rpm
• cronie-anacron-1.4.4-12.el6.x86_64.rpm
• cronie-noanacron-1.4.4-12.el6.i686.rpm
• cronie-debuginfo-1.4.4-12.el6.i686.rpm
• cronie-1.4.4-12.el6.x86_64.rpm
• cronie-noanacron-1.4.4-12.el6.x86_64.rpm
• cronie-debuginfo-1.4.4-12.el6.x86_64.rpm
• cronie-1.4.4-12.el6.s390x.rpm
• cronie-1.4.4-12.el6.i686.rpm
• cronie-debuginfo-1.4.4-12.el6.ppc64.rpm
• cronie-anacron-1.4.4-12.el6.s390x.rpm
• cronie-debuginfo-1.4.4-12.el6.s390x.rpm
• cronie-noanacron-1.4.4-12.el6.ppc64.rpm
• cronie-1.4.4-12.el6.src.rpm
• cronie-anacron-1.4.4-12.el6.i686.rpm
• cronie-anacron-1.4.4-12.el6.ppc64.rpm

Fixes

• This content is not included.BZ - 697485
• This content is not included.BZ - 706979
• This content is not included.BZ - 733697
• This content is not included.BZ - 743473
• This content is not included.BZ - 887859
• This content is not included.BZ - 919440
• This content is not included.BZ - 985888
• This content is not included.BZ - 985893
• This content is not included.BZ - 1006869

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.