[Oraclevm-errata] OVMSA-2016-0058 Oracle VM 3.2 dhcp security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Jun 21 10:08:07 PDT 2016
Oracle VM Security Advisory OVMSA-2016-0058
The following updated rpms for Oracle VM 3.2 have been uploaded to the
Unbreakable Linux Network:
x86_64:
dhclient-3.0.5-33.el5_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/dhcp-3.0.5-33.el5_9.src.rpm
Description of changes:
[12:3.0.5-33]
- exit(2) after sending DHCPDECLINE
when dhclient has been started with '-1' (RHBZ #756490)
[12:3.0.5-32]
- An error in the handling of malformed client identifiers can
cause a denial-of-service condition in affected servers.
(CVE-2012-3571, #843125)
[12:3.0.5-31]
- Propagate libdhcp timeout to internal timeout_arg (RHBZ #736515)
[12:3.0.5-30]
- A pair of defects cause the server to halt upon processing certain packets
(CVE-2011-2748, CVE-2011-2749, #729881)
[12:3.0.5-29]
- dhclient.conf(5), dhclient(8) mention that interface-mtu option
is also requested by default (RHBZ #694264)
[12:3.0.5-28]
- Better fix for CVE-2011-0997: making domain-name check more lenient
(RHBZ #690577)
- dhclient requests interface-mtu option by default (RHBZ #694264)
[12:3.0.5-27]
- dhclient.conf(5) fix (RHBZ #585855)
- Make dhcpd init script LSB compliant (RHBZ #610128)
- Use PID for seeding the random number generator in dhclient (RHBZ #623953)
- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay (RHBZ #624965)
- 'lease imbalance' messages are not logged unless rebalance
was actually attempted (RHBZ #661939)
- Explicitly clear the ARP cache and flush all addresses & routes
instead of bringing the interface down (RHBZ #685048)
[12:3.0.5-26]
- IPoIB support (RHBZ #660679)
[12:3.0.5-25]
- dhclient: insufficient sanitization of certain DHCP response values
(CVE-2011-0997, #690577)
[12:3.0.5-24]
- A partner-down failover server no longer emits 'peer holds all free
leases'
if it is able to newly-allocate one of the peer's leases. (RHBZ #610219)
- The server's "by client-id" and "by hardware address" hash table lists
are now sorted according to the preference to re-allocate that lease to
returning clients. This should eliminate pool starvation problems
arising when "INIT" clients were given new leases rather than presently
active ones. (RHBZ #615995)
More information about the Oraclevm-errata
mailing list