piranha-0.8.6-4.2.0.1.AXS4

エラータID: AXSA:2014-348:01

Release date: 
Thursday, May 22, 2014 - 20:38
Subject: 
piranha-0.8.6-4.2.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Various tools to administer and configure the Linux Virtual Server as well as heartbeating and failover components. The LVS is a dynamically adjusted kernel routing mechanism that provides load balancing primarily for web and ftp servers though other services are supported.

Security issues fixed with this release:

• CVE-2013-6492
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.

Fixed bugs:

• Previously, the lvsd service failed to start, because the sem_timedwait() function received the interrupted function call (EINTR) error and exited. This has been fixed.

Solution: 

Update packages.

CVEs: 
CVE-2013-6492
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.


Additional Info: 

N/A

Download: 

SRPMS
  1. piranha-0.8.6-4.2.0.1.AXS4.src.rpm
    MD5: 4e40d44e13f02ae808e41a08964dd5a0
    SHA-256: e2c7d4dcc1fd52918721cbf8d7fcfcc9c39b059f2062066a3957a3cebba4fabc
    Size: 1.48 MB

Asianux Server 4 for x86
  1. piranha-0.8.6-4.2.0.1.AXS4.i686.rpm
    MD5: 21a9cdd7bcf2d801efcebb4b13752d5a
    SHA-256: afb8a31e9ce5e01378b9b619b114e8ee1167973059fb369a77ec9fe2adefc8c6
    Size: 142.89 kB

Asianux Server 4 for x86_64
  1. piranha-0.8.6-4.2.0.1.AXS4.x86_64.rpm
    MD5: b148964cf7dc79ba0df9da92503afc16
    SHA-256: 9db91165c78f734eb657729414f22d8ed29f73dded8ba492fdebf69f1c206af6
    Size: 144.42 kB