Issued:

2013-11-20

Updated:

2013-11-20

RHBA-2013:1539 - hypervkvpd bug fix update

Synopsis

hypervkvpd bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated hypervkvpd packages that fix several bugs are now available for Red Hat Enterprise Linux 6.

Description

The hypervkvpd packages contain hypervkvpd, the guest Hyper-V Key-Value Pair (KVP) daemon. Using VMbus, hypervkvpd passes basic information to the host. The information includes guest IP address, fully qualified domain name, operating system name, and operating system release number. An IP injection functionality enables the user to change the IP address of a guest from the host via the hypervkvpd daemon.

This update fixes the following bugs:

• Previously, the hypervkvpd service registered to two netlink multicast groups, one of which was used by the cgred service. When hypervkvpd received a netlink message, it was interpreted blindly as its own. As a consequence, hypervkvpd terminated unexpectedly with a segmentation fault. After this update, hypervkvpd now registers only to its own netlink multicast group and verifies the type of the incoming netlink message. Using hypervkvpd when the cgred service is running no longer leads to a segmentation fault. (BZ#920032)

• Prior to this update, the hypervkvpd init script did not check if Hyper-V driver modules were loaded into the kernel. If hypervkvpd was installed, it started automatically on system boot, even if the system was not running as a guest machine on a Hyper-V hypervisor. Verification has been added to the hypervkvpd init script to determine whether Hyper-V driver modules are loaded into the kernel. As a result, if the modules are not loaded into the kernel, hypervkvpd now does not start, but displays a message that proper driver modules are not loaded. (BZ#962565)

• Previously, hypervkvpd was not built with sufficiently secure compiler options, which could, consequently, make the compiled code vulnerable. The hypervkvpd daemon has been built with full read-only relocation (RELRO) and position-independent executable (PIE) flags. As a result, the compiled code is more secure and better guarded against possible buffer overflows. (BZ#977861)

• When using the Get-VMNetworkAdapter command to query a virtual machine network adapter, each subnet string has to be separated by a semicolon. Due to a bug in the IPv6 subnet enumeration code, the IPv6 addresses were not listed. A patch has been applied, and the IPv6 subnet enumeration now works as expected. (BZ#983851)

Users of hypervkvpd are advised to upgrade to these updated packages, which fix these bugs. After updating the hypervkvpd packages, rebooting all guest machines is recommended, otherwise the Microsoft Windows server with Hyper-V might not be able to get information from these guest machines.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Affected Products

Updated Packages

• hypervkvpd-0-0.12.el6.i686.rpm
• hypervkvpd-0-0.12.el6.x86_64.rpm
• hypervkvpd-0-0.12.el6.src.rpm
• hypervkvpd-debuginfo-0-0.12.el6.i686.rpm
• hypervkvpd-debuginfo-0-0.12.el6.x86_64.rpm

Fixes

• This content is not included.BZ - 920032
• This content is not included.BZ - 965944
• This content is not included.BZ - 978300
• This content is not included.BZ - 983851

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.