Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorybug fixDoSRed Hat Enterprise Linux 5: RHSA-2013:0807-01 Low Severity Hypervkvpd DoS
An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: hypervkvpd security and bug fix update Advisory ID: RHSA-2013:0807-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0807.html Issue date: 2013-05-09 CVE Names: CVE-2012-5532 ==================================================================== 1. Summary: An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532) The CVE-2012-5532 issue was discovered byFlorian Weimer of the Red Hat Product Security Team. This update also fixes the following bug: * The hypervkvpd daemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a "KVP: Failed to open file, pool: 1" error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting this issue. (BZ#953502) Users of hypervkvpd are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, it is recommended to reboot all guest machines. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 877572 - CVE-2012-5532 hypervkvpd: Netlink source address validation allows denial of service 953502 - hypervkvpd dies from time to time with "KVP: Failed to open file, pool: 1" 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm RHEL Virtualization (v. 5server): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm ia64: hypervkvpd-0-0.7.el5_9.3.ia64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.ia64.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-5532 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRi+hZXlSAg2UNWIIRAqiZAKCORIJY1WFimbFJ+TU1FKdy6Ei11QCgvRe9 7pAWShGp4YNtDqBP9P19SLs=yPV1 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 09, 2013
•Low
Red Hat
200
security advisorydenial of servicesecurity fixScientific Linux SL5.x: SLSA-2013:0807-1 Low: hypervkvpd Denial Of Service
Low: hypervkvpd security and bug fix update. Date: Tue, 7 May 2013 09:10:45 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 6x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to i386: perl-Net-DNS-0.65-5.el6.i686.rpm perl-Net-DNS-Nameserver-0.65-5.el6.i686.rpm x86_64: perl-Net-DNS-0.65-5.el6.x86_64.rpm perl-Net-DNS-Nameserver-0.65-5.el6.x86_64.rpm Date: Tue, 7 May 2013 09:52:09 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 5x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to i386: cluster-cim-0.12.1-8.el5_9.i386.rpm cluster-snmp-0.12.1-8.el5_9.i386.rpm modcluster-0.12.1-8.el5_9.i386.rpm system-config-kdump-1.0.14-5.el5_9.noarch.rpm x86_64: cluster-cim-0.12.1-8.el5_9.x86_64.rpm cluster-snmp-0.12.1-8.el5_9.x86_64.rpm modcluster-0.12.1-8.el5_9.x86_64.rpm system-config-kdump-1.0.14-5.el5_9.noarch.rpm Date: Thu, 9 May 2013 20:28:41 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: hypervkvpd on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: hypervkvpd security and bug fix update Advisory ID: SLSA-2013:0807-1 Issue Date: 2013-05-09 CVE Numbers: CVE-2012-5532 -- A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532) This update also fixes the following bug: * The hypervkvpd daemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a "KVP: Failed to open file, pool: 1" error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting thisissue. After installing the update, it is recommended to reboot all guest machines. -- SL5 x86_64 hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm i386 hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm - Scientific Linux Development Team . A minor security notice concerning hypervkvpd on Scientific Linux SL5.x has been released to address a potential denial of service vulnerability.. hypervkvpd security patch, Scientific Linux update, Netlink vulnerability fix. . Severity: Low. LinuxSecurity.com Team
May 09, 2013
•Low
Scientific Linux
98
security advisorydenial of serviceRed Hat Enterprise LinuxRed Hat Enterprise Linux 5: RHSA-2013:0807-01 Low: Hypervkvpd DoS
An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: hypervkvpd security and bug fix update Advisory ID: RHSA-2013:0807-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0807.html Issue date: 2013-05-09 CVE Names: CVE-2012-5532 ==================================================================== 1. Summary: An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532) The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes the following bug: * The hypervkvpddaemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a "KVP: Failed to open file, pool: 1" error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting this issue. (BZ#953502) Users of hypervkvpd are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, it is recommended to reboot all guest machines. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 877572 - CVE-2012-5532 hypervkvpd: Netlink source address validation allows denial of service 953502 - hypervkvpd dies from time to time with "KVP: Failed to open file, pool: 1" 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm RHEL Virtualization (v. 5server): Source: i386: hypervkvpd-0-0.7.el5_9.3.i686.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm ia64: hypervkvpd-0-0.7.el5_9.3.ia64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.ia64.rpm x86_64: hypervkvpd-0-0.7.el5_9.3.x86_64.rpm hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-5532 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. . Red Hat Security Advisory Synopsis: Low: hypervkvpd security and bug fix update Advisory ID: RHSA-20. updated, hypervkvpd, package, fixes, security. . Severity: Low. LinuxSecurity.com Team
May 09, 2013
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!