[Oraclevm-errata] OVMSA-2016-0058 Oracle VM 3.2 dhcp security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Jun 21 10:08:07 PDT 2016 

Oracle VM Security Advisory OVMSA-2016-0058

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
dhclient-3.0.5-33.el5_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/dhcp-3.0.5-33.el5_9.src.rpm



Description of changes:

[12:3.0.5-33]
- exit(2) after sending DHCPDECLINE
   when dhclient has been started with '-1' (RHBZ #756490)

[12:3.0.5-32]
- An error in the handling of malformed client identifiers can
   cause a denial-of-service condition in affected servers. 
(CVE-2012-3571, #843125)

[12:3.0.5-31]
- Propagate libdhcp timeout to internal timeout_arg (RHBZ #736515)

[12:3.0.5-30]
- A pair of defects cause the server to halt upon processing certain packets
   (CVE-2011-2748, CVE-2011-2749, #729881)

[12:3.0.5-29]
- dhclient.conf(5), dhclient(8) mention that interface-mtu option
   is also requested by default (RHBZ #694264)

[12:3.0.5-28]
- Better fix for CVE-2011-0997: making domain-name check more lenient 
(RHBZ #690577)
- dhclient requests interface-mtu option by default (RHBZ #694264)

[12:3.0.5-27]
- dhclient.conf(5) fix (RHBZ #585855)
- Make dhcpd init script LSB compliant (RHBZ #610128)
- Use PID for seeding the random number generator in dhclient (RHBZ #623953)
- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay (RHBZ #624965)
- 'lease imbalance' messages are not logged unless rebalance
   was actually attempted (RHBZ #661939)
- Explicitly clear the ARP cache and flush all addresses & routes
   instead of bringing the interface down (RHBZ #685048)

[12:3.0.5-26]
- IPoIB support (RHBZ #660679)

[12:3.0.5-25]
- dhclient: insufficient sanitization of certain DHCP response values
   (CVE-2011-0997, #690577)

[12:3.0.5-24]
- A partner-down failover server no longer emits 'peer holds all free 
leases'
   if it is able to newly-allocate one of the peer's leases. (RHBZ #610219)
- The server's "by client-id" and "by hardware address" hash table lists
   are now sorted according to the preference to re-allocate that lease to
   returning clients.  This should eliminate pool starvation problems
   arising when "INIT" clients were given new leases rather than presently
   active ones. (RHBZ #615995)

More information about the Oraclevm-errata mailing list