Synopsis: Low: openhpi security, bug fix, and enhancement update Advisory ID: SLSA-2015:2369-1 Issue Date: 2015-11-19 CVE Numbers: CVE-2015-3248 -- It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. (CVE-2015-3248) The openhpi packages have been upgraded to upstream version 3.4.0, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bug: * Network timeouts were handled incorrectly in the openhpid daemon. As a consequence, network connections could fail when external plug-ins were used. With this update, handling of network socket timeouts has been improved in openhpid, and the described problem no longer occurs. -- SL7 x86_64 openhpi-3.4.0-2.el7.i686.rpm openhpi-3.4.0-2.el7.x86_64.rpm openhpi-debuginfo-3.4.0-2.el7.i686.rpm openhpi-debuginfo-3.4.0-2.el7.x86_64.rpm openhpi-libs-3.4.0-2.el7.i686.rpm openhpi-libs-3.4.0-2.el7.x86_64.rpm openhpi-devel-3.4.0-2.el7.i686.rpm openhpi-devel-3.4.0-2.el7.x86_64.rpm - Scientific Linux Development Team