[Oraclevm-errata] OVMSA-2014-0084 Important: Oracle VM 3.3 bind security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Dec 24 08:40:42 PST 2014

Oracle VM Security Advisory OVMSA-2014-0084

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Fix CVE-2014-8500 (#1171973)

- Use /dev/urandom when generating rndc.key file (#951255)

- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035

- Add support for TLSA resource records (#956685)
- Increase defaults for lwresd workers and make workers and client 
objects number configurable (#1092035)

- Fix segmentation fault in nsupdate when -r option is used (#1064045)
- Fix race condition on send buffer in host tool when sending UDP query 
- Allow authentication using TSIG in allow-notify configuration 
statement (#1044545)
- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)
- Include updated named.ca file with root server addresses (#917356)
- Don't generate rndc.key if there is rndc.conf on start-up (#997743)
- Fix dig man page regarding how to disable IDN (#1023045)
- Handle ICMP Destination unreachable (Protocol unreachable) response 

- Configure BIND with --with-dlopen=yes to support dynamically loadable 
DLZ drivers (#846065)
- Fix initscript to return correct exit value when calling 
checkconfig/configtest/check/test (#848033)
- Don't (un)mount chroot filesystem when running initscript command 
configtest with running server (#851123)
- Fix zone2sqlite tool to accept zones containing "." or "-" or starting 
with a digit (#919414)
- Fix initscript not to mount chroot filesystem is named is already 
running (#948743)
- Fix initscript to check if the PID in PID-file is really s PID of 
running named server (#980632)
- Correct the installed documentation ownership (#1051283)

- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 
option (#1025008)
- Fix race condition when destroying a resolver fetch object (#993612)
- Fix the RRL functionality to include referrals-per-second and 
nodata-per-second options (#1036700)
- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)

- Fix CVE-2014-0591

- Fix gssapictx memory leak (#911167)

- fix CVE-2013-4854

- fix  CVE-2013-2266
- ship dns/rrl.h in -devel subpkg

- remove one bogus file from /usr/share/doc, introduced by RRL patch

- fix CVE-2012-5689

- add response rate limit patch (#873624)

More information about the Oraclevm-errata mailing list