Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Scientific Linux SL5.x: SLSA-2013:0807-1 Low: hypervkvpd Denial Of Service

Scientific Large Esm H446
Low: hypervkvpd security and bug fix update
Date: Tue, 7 May 2013 09:10:45 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
perl-Net-DNS-0.65-5.el6.i686.rpm
perl-Net-DNS-Nameserver-0.65-5.el6.i686.rpm

x86_64:
perl-Net-DNS-0.65-5.el6.x86_64.rpm
perl-Net-DNS-Nameserver-0.65-5.el6.x86_64.rpm
Date: Tue, 7 May 2013 09:52:09 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
cluster-cim-0.12.1-8.el5_9.i386.rpm
cluster-snmp-0.12.1-8.el5_9.i386.rpm
modcluster-0.12.1-8.el5_9.i386.rpm
system-config-kdump-1.0.14-5.el5_9.noarch.rpm

x86_64:
cluster-cim-0.12.1-8.el5_9.x86_64.rpm
cluster-snmp-0.12.1-8.el5_9.x86_64.rpm
modcluster-0.12.1-8.el5_9.x86_64.rpm
system-config-kdump-1.0.14-5.el5_9.noarch.rpm
Date: Thu, 9 May 2013 20:28:41 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Low: hypervkvpd on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Low: hypervkvpd security and bug fix update
Advisory ID: SLSA-2013:0807-1
Issue Date: 2013-05-09
CVE Numbers: CVE-2012-5532
--

A denial of service flaw was found in the way hypervkvpd processed certain
Netlink messages. A local, unprivileged user in a guest (running on
Microsoft Hyper-V) could send a Netlink message that, when processed,
would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532)

This update also fixes the following bug:

* The hypervkvpd daemon did not close the file descriptors for pool files
when they were updated. This could eventually lead to hypervkvpd crashing
with a "KVP: Failed to open file, pool: 1" error after consuming all
available file descriptors. With this update, the file descriptors are
closed, correcting this issue.

After installing the update, it is recommended to reboot all guest
machines.
--

SL5
 x86_64
 hypervkvpd-0-0.7.el5_9.3.x86_64.rpm
 hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm
 i386
 hypervkvpd-0-0.7.el5_9.3.i686.rpm
 hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm

- Scientific Linux Development Team