Skip to navigation

Security Advisory Low: hypervkvpd security and bug fix update

Advisory: RHSA-2013:0807-1
Type: Security Advisory
Severity: Low
Issued on: 2013-05-09
Last updated on: 2013-05-09
Affected Products: RHEL Desktop Multi OS (v. 5 client)
RHEL Virtualization (v. 5 server)
RHEL Virtualization EUS (v. 5.9.z server)
RHEL Virtualization Long Life (v. 5.9 server)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.9.z server)
Red Hat Enterprise Linux Long Life (v. 5.9 server)
CVEs (cve.mitre.org): CVE-2012-5532

Details

An updated hypervkvpd package that fixes one security issue and one bug is
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V
Key-Value Pair (KVP) daemon. The daemon passes basic information to the
host through VMBus, such as the guest IP address, fully qualified domain
name, operating system name, and operating system release number.

A denial of service flaw was found in the way hypervkvpd processed certain
Netlink messages. A local, unprivileged user in a guest (running on
Microsoft Hyper-V) could send a Netlink message that, when processed, would
cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532)

The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also fixes the following bug:

* The hypervkvpd daemon did not close the file descriptors for pool files
when they were updated. This could eventually lead to hypervkvpd crashing
with a "KVP: Failed to open file, pool: 1" error after consuming all
available file descriptors. With this update, the file descriptors are
closed, correcting this issue. (BZ#953502)

Users of hypervkvpd are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing the
update, it is recommended to reboot all guest machines.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Multi OS (v. 5 client)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
RHEL Virtualization (v. 5 server)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
IA-64:
hypervkvpd-0-0.7.el5_9.3.ia64.rpm     MD5: 7f35a941d81bb7cd327aeb62f49e254f
SHA-256: c1b906197d3d8ecc143e1e5abe53261d7ec28d7069c852d040703497b285f4cb
hypervkvpd-debuginfo-0-0.7.el5_9.3.ia64.rpm     MD5: 4cfd97be6bde76a581d37e661a11501a
SHA-256: 3367cdf1886249efa86e4790fb65533c84a1eff4dcaa69c8328a36ab86e0b987
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
RHEL Virtualization EUS (v. 5.9.z server)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
IA-64:
hypervkvpd-0-0.7.el5_9.3.ia64.rpm     MD5: 7f35a941d81bb7cd327aeb62f49e254f
SHA-256: c1b906197d3d8ecc143e1e5abe53261d7ec28d7069c852d040703497b285f4cb
hypervkvpd-debuginfo-0-0.7.el5_9.3.ia64.rpm     MD5: 4cfd97be6bde76a581d37e661a11501a
SHA-256: 3367cdf1886249efa86e4790fb65533c84a1eff4dcaa69c8328a36ab86e0b987
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
RHEL Virtualization Long Life (v. 5.9 server)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
IA-64:
hypervkvpd-0-0.7.el5_9.3.ia64.rpm     MD5: 7f35a941d81bb7cd327aeb62f49e254f
SHA-256: c1b906197d3d8ecc143e1e5abe53261d7ec28d7069c852d040703497b285f4cb
hypervkvpd-debuginfo-0-0.7.el5_9.3.ia64.rpm     MD5: 4cfd97be6bde76a581d37e661a11501a
SHA-256: 3367cdf1886249efa86e4790fb65533c84a1eff4dcaa69c8328a36ab86e0b987
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
Red Hat Enterprise Linux EUS (v. 5.9.z server)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
Red Hat Enterprise Linux Long Life (v. 5.9 server)

SRPMS:
hypervkvpd-0-0.7.el5_9.3.src.rpm     MD5: cf7ff468b08ad03e9b34c1d138f9970a
SHA-256: 8ce083565946255eda70602c25e6bd648a34ba402152e8d79f9c2b8ee338b1f1
 
IA-32:
hypervkvpd-0-0.7.el5_9.3.i686.rpm     MD5: 5d91071ffd075223d00ecdf3562e0dcf
SHA-256: a319bb5c5e768e92362fd930d5dc17ae9a0faf8ecfb087406914075466185564
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm     MD5: a8bd516defc92444ae5823ca7549a46f
SHA-256: 756ef3144d6519117bb30bcc14359efb0542db5f9121228be1a33911029cd272
 
x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm     MD5: d5266d5716c6525930504b69000bc1c7
SHA-256: 4a6ff60a31d0162ce4e2c32157c2681cf4d87ec9e595df42d7178e2d6a0c171c
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm     MD5: 8526a9ea6b8995680938ee4280a7a318
SHA-256: 8340b1a119d35e154a985ead647913844ea7ed285a9534cf76fa6147efad909b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

877572 - CVE-2012-5532 hypervkvpd: Netlink source address validation allows denial of service
953502 - hypervkvpd dies from time to time with "KVP: Failed to open file, pool: 1"


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/