Content-Type: |
text/plain; charset="utf-8" |
Date: |
Mon, 21 Dec 2015 23:12:03 +0000 |
Reply-To: |
|
Subject: |
|
MIME-Version: |
1.0 |
Message-ID: |
|
Content-Transfer-Encoding: |
7bit |
Sender: |
|
From: |
|
Parts/Attachments: |
|
|
Synopsis: Low: openhpi security, bug fix, and enhancement update
Advisory ID: SLSA-2015:2369-1
Issue Date: 2015-11-19
CVE Numbers: CVE-2015-3248
--
It was found that the "/var/lib/openhpi" directory provided by OpenHPI
used world-writeable and world-readable permissions. A local user could
use this flaw to view, modify, and delete OpenHPI-related data, or even
fill up the storage device hosting the /var/lib directory. (CVE-2015-3248)
The openhpi packages have been upgraded to upstream version 3.4.0, which
provides a number of bug fixes and enhancements over the previous version.
This update also fixes the following bug:
* Network timeouts were handled incorrectly in the openhpid daemon. As a
consequence, network connections could fail when external plug-ins were
used. With this update, handling of network socket timeouts has been
improved in openhpid, and the described problem no longer occurs.
--
SL7
x86_64
openhpi-3.4.0-2.el7.i686.rpm
openhpi-3.4.0-2.el7.x86_64.rpm
openhpi-debuginfo-3.4.0-2.el7.i686.rpm
openhpi-debuginfo-3.4.0-2.el7.x86_64.rpm
openhpi-libs-3.4.0-2.el7.i686.rpm
openhpi-libs-3.4.0-2.el7.x86_64.rpm
openhpi-devel-3.4.0-2.el7.i686.rpm
openhpi-devel-3.4.0-2.el7.x86_64.rpm
- Scientific Linux Development Team
|
|
|