rhsa-2011_1408
Vulnerability from csaf_redhat
Published
2011-10-26 15:28
Modified
2011-10-26 11:32
Summary
Red Hat Security Advisory: rhev-hypervisor security update
Notes
Topic
An updated rhev-hypervisor package that fixes several security issues is
now available.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
The RHBA-2011:1254 update introduced a regression in the Linux kernel's
Ethernet bridge implementation. If a system had an interface in a bridge,
and an attacker on the local network could send packets to that interface,
they could cause a denial of service on that system. (CVE-2011-2942)
A flaw in the Linux kernel could lead to GRO (Generic Receive Offload)
fields being left in an inconsistent state. An attacker on the local
network could use this flaw to trigger a denial of service. GRO is enabled
by default in all network drivers that support it. (CVE-2011-2723)
The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were
generated could allow a man-in-the-middle attacker to inject packets and
possibly hijack connections. Protocol sequence numbers and fragment IDs are
now more random. (CVE-2011-3188)
Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous
mode and also using the be2net driver could allow an attacker on the local
network to cause a denial of service. (CVE-2011-3347)
Red Hat would like to thank Brent Meshier for reporting CVE-2011-2723; Dan
Kaminsky for reporting CVE-2011-3188; and Somnath Kotur for reporting
CVE-2011-3347.
This updated package provides updated components that include fixes for
numerous security issues. These issues have no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however.
The security fixes included in this update address the following CVE
numbers:
CVE-2011-2695, CVE-2011-2699, CVE-2011-3191, CVE-2011-1833, CVE-2011-2496,
CVE-2011-3209, CVE-2011-2484, CVE-2011-3131, CVE-2009-4067, CVE-2011-1160,
and CVE-2011-1585 (kernel issues)
CVE-2011-3378 (rpm issues)
Users of Red Hat Enterprise Virtualization Hypervisor should upgrade to
this updated package, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated rhev-hypervisor package that fixes several security issues is\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nThe RHBA-2011:1254 update introduced a regression in the Linux kernel\u0027s\nEthernet bridge implementation. If a system had an interface in a bridge,\nand an attacker on the local network could send packets to that interface,\nthey could cause a denial of service on that system. (CVE-2011-2942)\n\nA flaw in the Linux kernel could lead to GRO (Generic Receive Offload)\nfields being left in an inconsistent state. An attacker on the local\nnetwork could use this flaw to trigger a denial of service. GRO is enabled\nby default in all network drivers that support it. (CVE-2011-2723)\n\nThe way IPv4 and IPv6 protocol sequence numbers and fragment IDs were\ngenerated could allow a man-in-the-middle attacker to inject packets and\npossibly hijack connections. Protocol sequence numbers and fragment IDs are\nnow more random. (CVE-2011-3188)\n\nNon-member VLAN (virtual LAN) packet handling for interfaces in promiscuous\nmode and also using the be2net driver could allow an attacker on the local\nnetwork to cause a denial of service. (CVE-2011-3347)\n\nRed Hat would like to thank Brent Meshier for reporting CVE-2011-2723; Dan\nKaminsky for reporting CVE-2011-3188; and Somnath Kotur for reporting\nCVE-2011-3347.\n\nThis updated package provides updated components that include fixes for\nnumerous security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however.\n\nThe security fixes included in this update address the following CVE\nnumbers:\n\nCVE-2011-2695, CVE-2011-2699, CVE-2011-3191, CVE-2011-1833, CVE-2011-2496,\nCVE-2011-3209, CVE-2011-2484, CVE-2011-3131, CVE-2009-4067, CVE-2011-1160,\nand CVE-2011-1585 (kernel issues)\n\nCVE-2011-3378 (rpm issues)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor should upgrade to\nthis updated package, which resolves these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:1408",
"url": "https://access.redhat.com/errata/RHSA-2011:1408"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2011-1254.html",
"url": "https://rhn.redhat.com/errata/RHBA-2011-1254.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2011/rhsa-2011_1408.json"
}
],
"title": "Red Hat Security Advisory: rhev-hypervisor security update",
"tracking": {
"current_release_date": "2011-10-26T11:32:00Z",
"generator": {
"date": "2023-06-30T20:18:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2011:1408",
"initial_release_date": "2011-10-26T15:28:00Z",
"revision_history": [
{
"date": "2011-10-26T11:32:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Red Hat Virtualization",
"product": {
"name": "Red Hat Virtualization",
"product_id": "Red Hat Virtualization"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Brent Meshier"
]
}
],
"cve": "CVE-2011-2723",
"discovery_date": "2011-07-29T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=726552"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: gro: only reset frag0 when skb can be pulled",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Virtualization"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2723",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2723"
},
{
"category": "external",
"summary": "http://git.kernel.org/linus/17dd759c67f21e34f2156abcf415e1f60605a188",
"url": "http://git.kernel.org/linus/17dd759c67f21e34f2156abcf415e1f60605a188"
},
{
"category": "external",
"summary": "CVE-2011-2723",
"url": "https://access.redhat.com/security/cve/CVE-2011-2723"
},
{
"category": "external",
"summary": "bz#726552: CVE-2011-2723 kernel: gro: only reset frag0 when skb can be pulled",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=726552"
}
],
"release_date": "2011-07-27T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"Red Hat Virtualization"
],
"url": "https://access.redhat.com/errata/RHSA-2011:1408"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0.0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0.0,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"Red Hat Virtualization"
]
}
],
"threats": [
{
"category": "impact",
"date": "2011-07-29T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2011-2723 kernel: gro: only reset frag0 when skb can be pulled"
},
{
"cve": "CVE-2011-2942",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2011-08-16T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=730917"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: bridge: null pointer dereference in __br_deliver",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Virtualization"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2942",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2942"
},
{
"category": "external",
"summary": "CVE-2011-2942",
"url": "https://access.redhat.com/security/cve/CVE-2011-2942"
},
{
"category": "external",
"summary": "bz#730917: CVE-2011-2942 kernel: bridge: null pointer dereference in __br_deliver",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730917"
}
],
"release_date": "2011-10-20T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"Red Hat Virtualization"
],
"url": "https://access.redhat.com/errata/RHSA-2011:1408"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0.0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0.0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"Red Hat Virtualization"
]
}
],
"threats": [
{
"category": "impact",
"date": "2011-08-16T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2011-2942 kernel: bridge: null pointer dereference in __br_deliver"
},
{
"acknowledgments": [
{
"names": [
"Dan Kaminsky"
]
}
],
"cve": "CVE-2011-3188",
"discovery_date": "2011-08-23T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=732658"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "improve sequence number generation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Virtualization"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3188"
},
{
"category": "external",
"summary": "CVE-2011-3188",
"url": "https://access.redhat.com/security/cve/CVE-2011-3188"
},
{
"category": "external",
"summary": "bz#732658: improve sequence number generation",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658"
}
],
"release_date": "2011-08-07T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"Red Hat Virtualization"
],
"url": "https://access.redhat.com/errata/RHSA-2011:1408"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0.0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat Virtualization"
]
}
],
"threats": [
{
"category": "impact",
"date": "2011-08-23T00:00:00Z",
"details": "Moderate"
}
],
"title": "improve sequence number generation"
},
{
"acknowledgments": [
{
"names": [
"Somnath Kotur"
]
}
],
"cve": "CVE-2011-3347",
"discovery_date": "2011-08-12T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=736425"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "promiscuous mode and non-member VLAN packets DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Virtualization"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3347"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-3347",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3347"
},
{
"category": "external",
"summary": "CVE-2011-3347",
"url": "https://access.redhat.com/security/cve/CVE-2011-3347"
},
{
"category": "external",
"summary": "bz#736425: promiscuous mode and non-member VLAN packets DoS",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=736425"
}
],
"release_date": "2011-10-20T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"Red Hat Virtualization"
],
"url": "https://access.redhat.com/errata/RHSA-2011:1408"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0.0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0.0,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"Red Hat Virtualization"
]
}
],
"threats": [
{
"category": "impact",
"date": "2011-08-12T00:00:00Z",
"details": "Moderate"
}
],
"title": "promiscuous mode and non-member VLAN packets DoS"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.