rhsa-2014_0339
Vulnerability from csaf_redhat
Published
2014-03-31 16:37
Modified
2024-11-22 07:41
Summary
Red Hat Security Advisory: rhev-hypervisor6 security update

Notes

Topic
An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Details
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092) A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055) A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860) The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers: CVE-2014-0101, and CVE-2014-0069 (kernel issues) CVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, and CVE-2013-4244 (libtiff issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated rhev-hypervisor6 package that fixes multiple security issues is\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was discovered that GnuTLS did not correctly handle certain errors that\ncould occur during the verification of an X.509 certificate, causing it to\nincorrectly report a successful verification. An attacker could use this\nflaw to create a specially crafted certificate that could be accepted by\nGnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)\n\nA flaw was found in the way the get_rx_bufs() function in the vhost_net\nimplementation in the Linux kernel handled error conditions reported by the\nvhost_get_vq_desc() function. A privileged guest user could use this flaw\nto crash the host. (CVE-2014-0055)\n\nA heap-based buffer overflow flaw was found in the Linux kernel\u0027s cdc-wdm\ndriver, used for USB CDC WCM device management. An attacker with physical\naccess to a system could use this flaw to cause a denial of service or,\npotentially, escalate their privileges. (CVE-2013-1860)\n\nThe CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the\nRed Hat Security Technologies Team.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2014-0101, and CVE-2014-0069 (kernel issues)\n\nCVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232,\nCVE-2013-4243, and CVE-2013-4244 (libtiff issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0339",
        "url": "https://access.redhat.com/errata/RHSA-2014:0339"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
        "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html"
      },
      {
        "category": "external",
        "summary": "921970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970"
      },
      {
        "category": "external",
        "summary": "1062577",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062577"
      },
      {
        "category": "external",
        "summary": "1069865",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
      },
      {
        "category": "external",
        "summary": "1075950",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075950"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0339.json"
      }
    ],
    "title": "Red Hat Security Advisory: rhev-hypervisor6 security update",
    "tracking": {
      "current_release_date": "2024-11-22T07:41:28+00:00",
      "generator": {
        "date": "2024-11-22T07:41:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0339",
      "initial_release_date": "2014-03-31T16:37:26+00:00",
      "revision_history": [
        {
          "date": "2014-03-31T16:37:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-03-31T16:37:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:41:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEV Hypervisor for RHEL-6",
                "product": {
                  "name": "RHEV Hypervisor for RHEL-6",
                  "product_id": "6Server-RHEV-Hypervisor",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch",
                "product": {
                  "name": "rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch",
                  "product_id": "rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor6@6.5-20140324.0.el6ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
          "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
        },
        "product_reference": "rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-Hypervisor"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-1860",
      "discovery_date": "2013-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "921970"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: usb: cdc-wdm buffer overflow triggered by device",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\n\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-1860"
        },
        {
          "category": "external",
          "summary": "RHBZ#921970",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-1860"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1860",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1860"
        }
      ],
      "release_date": "2013-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-31T16:37:26+00:00",
          "details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0339"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: usb: cdc-wdm buffer overflow triggered by device"
    },
    {
      "cve": "CVE-2014-0055",
      "discovery_date": "2014-02-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1062577"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: vhost-net: insufficient handling of error conditions in get_rx_bufs()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\n\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0055"
        },
        {
          "category": "external",
          "summary": "RHBZ#1062577",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062577"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0055"
        }
      ],
      "release_date": "2014-03-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-31T16:37:26+00:00",
          "details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0339"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.2,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: vhost-net: insufficient handling of error conditions in get_rx_bufs()"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Nikos Mavrogiannopoulos"
          ],
          "organization": "Red Hat Security Technologies Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2014-0092",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2014-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1069865"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0092"
        },
        {
          "category": "external",
          "summary": "RHBZ#1069865",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0092"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0092",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0092"
        }
      ],
      "release_date": "2014-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-03-31T16:37:26+00:00",
          "details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0339"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140324.0.el6ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.