Description of problem: The OpenGroup's Pegasus team have assessed, fixed and tested a number of serious bugs in the 2.4.1 baseline release of tog-pegasus, and committed the fixes to the 2.4.2 baseline that should be ported to 2.4.1. These are: 2207 CIMOMHandle drops InvokeMethod request http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2207 2217 Interrupts improperly handled in Unix Semaphore implement... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2217 2499 Initial Provider load/initialize is not thread safe. http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2499 2503 IndicationHandlerService::_lookupHandlerForClass() not th... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=2503 3416 SDK sample build fails on x86_64 2.4 rpm http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=3416 3858 _subscriptionClassesTable not threadsafe http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=3858 3958 cimserver crashs after many indications delivered http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=3958 4004 cimserver crash in MessageQueueService after running for ... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4004 4009 Double close causes EBADF ("Bad file descriptor") failures http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4009 4014 host name validation in CIMObjectPathRep::isValidHostname... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4014 4023 Assignment operators should return object references http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4023 4025 Thread class uses internal pthread functions http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4025 4027 SSLCallbackInfo class does not declare a copy constructor... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4027 4028 CIMInstance::buildPath assumes key properties are specified http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4028 4029 Add TestIndicationStressTest to 2.4-branch http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4029 4042 TestIndicationStressTest not enabled in 2.4 branch. http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4042 4050 Compile warning building SDK packaged consumer. http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4050 4072 ThreadPool Test Failure - 2.4 version of Bug 2239 http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4072 4103 Timing window where in MessageQueue Service - Could cause... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4103 4120 HTTPConnection _handleReadEvent should complete connectio... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4120 4126 On shutdown, cimom::routing_proc loops attempting to send... http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=4126 Version-Release number of selected component (if applicable): tog-pegasus-2.4.1-2.rhel4(-) How reproducible: 100% Steps to Reproduce: Test any of the above bugs with tog-pegasus-2.4.1-2.rhel4 or earlier Actual results: The above bugs can be reproduced . Expected results: Fixes need to be applied to Red Hat tog-pegasus release, and the above bugs should not be reproducible. Additional Info: All the fixes for the above bugs have been extensively tested.
There are security implications with the above bugs - see bug descriptions for details. All the bugs listed above are fixed with tog-pegasus-2.4.1-4.rhel4+ .
Was released as http://rhn.redhat.com/errata/RHEA-2005-494.html