[Oraclevm-errata] OVMSA-2016-0058 Oracle VM 3.2 dhcp security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Jun 21 10:08:07 PDT 2016

Oracle VM Security Advisory OVMSA-2016-0058

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- exit(2) after sending DHCPDECLINE
   when dhclient has been started with '-1' (RHBZ #756490)

- An error in the handling of malformed client identifiers can
   cause a denial-of-service condition in affected servers. 
(CVE-2012-3571, #843125)

- Propagate libdhcp timeout to internal timeout_arg (RHBZ #736515)

- A pair of defects cause the server to halt upon processing certain packets
   (CVE-2011-2748, CVE-2011-2749, #729881)

- dhclient.conf(5), dhclient(8) mention that interface-mtu option
   is also requested by default (RHBZ #694264)

- Better fix for CVE-2011-0997: making domain-name check more lenient 
(RHBZ #690577)
- dhclient requests interface-mtu option by default (RHBZ #694264)

- dhclient.conf(5) fix (RHBZ #585855)
- Make dhcpd init script LSB compliant (RHBZ #610128)
- Use PID for seeding the random number generator in dhclient (RHBZ #623953)
- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay (RHBZ #624965)
- 'lease imbalance' messages are not logged unless rebalance
   was actually attempted (RHBZ #661939)
- Explicitly clear the ARP cache and flush all addresses & routes
   instead of bringing the interface down (RHBZ #685048)

- IPoIB support (RHBZ #660679)

- dhclient: insufficient sanitization of certain DHCP response values
   (CVE-2011-0997, #690577)

- A partner-down failover server no longer emits 'peer holds all free 
   if it is able to newly-allocate one of the peer's leases. (RHBZ #610219)
- The server's "by client-id" and "by hardware address" hash table lists
   are now sorted according to the preference to re-allocate that lease to
   returning clients.  This should eliminate pool starvation problems
   arising when "INIT" clients were given new leases rather than presently
   active ones. (RHBZ #615995)

More information about the Oraclevm-errata mailing list