Sicherheit: Unsichere Verwendung temporärer Dateien in mom
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in mom
ID: FEDORA-2012-15496
Distribution: Fedora
Plattformen: Fedora 17
Datum: Fr, 19. Oktober 2012, 08:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4480
Applikationen: mom


Name        : mom
Product : Fedora 17
Version : 0.3.0
Release : 1.fc17
URL : http://wiki.github.com/aglitke/mom
Summary : Dynamically manage system resources on virtualization hosts
Description :
MOM is a policy-driven tool that can be used to manage overcommitment on KVM
hosts. Using libvirt, MOM keeps track of active virtual machines on a host. At
a regular collection interval, data is gathered about the host and guests. Data
can come from multiple sources (eg. the /proc interface, libvirt API calls, a
client program connected to a guest, etc). Once collected, the data is
organized for use by the policy evaluation engine. When started, MOM accepts a
user-supplied overcommitment policy. This policy is regularly evaluated using
the latest collected data. In response to certain conditions, the policy may
trigger reconfiguration of the system’s overcommitment mechanisms. Currently
MOM supports control of memory ballooning and KSM but the architecture is
designed to accommodate new mechanisms such as cgroups.

Update Information:

Update to mom-0.3.0 which fixes a momd security issue and includes many
features for ovirt integration.

* Fri Oct 5 2012 Adam Litke <agl@us.ibm.com> - 0.3.0-1
- Upgrade to version 0.3.0
- Upstream fixes CVE-2012-4480
* Fri Jul 20 2012 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[ 1 ] Bug #863178 - CVE-2012-4480 mom: world-writable PID file [fedora-all]

This update can be installed with the "yum" update program. Use
su -c 'yum update mom' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten