[Oraclevm-errata] OVMSA-2018-0023 Important: Oracle VM 3.4 dhcp security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Mar 8 13:58:51 PST 2018


Oracle VM Security Advisory OVMSA-2018-0023

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
dhclient-4.1.1-53.P1.0.1.el6_9.3.x86_64.rpm
dhcp-common-4.1.1-53.P1.0.1.el6_9.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/dhcp-4.1.1-53.P1.0.1.el6_9.3.src.rpm



Description of changes:

[12:4.1.1-53.P1.0.1.3]
- Added oracle-errwarn-message.patch

[12:4.1.1-53.P1.3]
- Resolves: #1550085 - CVE-2018-5733 Avoid reference overflow

<[12:4.1.1-53.P1.2
- Resolves: #1550083 - CVE-2018-5732 Avoid options buffer overflow

[12:4.1.1-53.P1.1]
- Resolves: #1063217 - failover hangs with both potential-conflict

[12:4.1.1-53.P1]
- Resolves: #1363790 - dhclient does not update routing table after the 
lease
   expiry

[12:4.1.1-52.P1]
- Resolves: #1321945 - dhclient hook script for Azure cloud

[12:4.1.1-51.P1]
- send unicast request/release via correct interface (#1297445)

[12:4.1.1-50.P1]
- Lease table overflow crash. (#1133917)
- Add ignore-client-uids option. (#1196768)
- dhclient-script: it's OK if the arping reply comes from our system. 
(#1204095)
- VLAN ID is only bottom 12-bits of TCI. (#1259552)
- dhclient: Make sure link-local address is ready in stateless mode. 
(#1263466)
- dhclient-script: make_resolv_conf(): Keep old nameservers
   if server sends domain-name/search, but no nameservers. (#1269595)




More information about the Oraclevm-errata mailing list