(RHSA-2013:1205) Low: Red Hat Storage 2.0 security, bug fix, and enhancement update #6

Red Hat Storage is a software only, scale-out storage solution that
provides flexible and agile unstructured data storage for the enterprise.

Multiple insecure temporary file creation flaws were found in Red Hat
Storage server. A local user on the Red Hat Storage server could use these
flaws to cause arbitrary files to be overwritten as the root user via a
symbolic link attack. (CVE-2013-4157)

These issues were discovered by Gowrishankar Rajaiyan of Red Hat and Kurt
Seifried of the Red Hat Security Response Team.

This update also fixes the following bugs:

• Previously, rolling upgrades on a volume caused some processes to abort
  which led to a possible corruption of the volume. Yum update aborts with a
  message to stop the volume during an update. Now, with this update rolling
  upgrades is not supported and it is mandatory to stop the volume before any
  ‘yum update’. (BZ#998649)

• Installing or upgrading the gluster-swift-plugin RPM overwrites
  /etc/swift configuration files. Hence, the customer configuration is
  overwritten, causing data unavailability. Now, the RPM installs or upgrades
  new configuration files with a non-conflicting extension and customer
  configuration files are not overwritten, maintaining data availability.
  (BZ#997940, BZ#1000423)

This update also adds the following enhancement:

• A new upgrade script has been added. When Red Hat Storage Server 2.1 is
  released, this script will help users upgrade and resubscribe their
  Red Hat Storage Server 2.0 Update 6 systems to Red Hat Storage Server 2.1.
  (BZ#1002872)

All users of Red Hat Storage are advised to upgrade to these updated
packages.