rhsa-2015_0126
Vulnerability from csaf_redhat
Published
2015-02-04 17:52
Modified
2024-09-13 09:21
Summary
Red Hat Security Advisory: rhev-hypervisor6 security update
Notes
Topic
An updated rhev-hypervisor6 package that fixes multiple security issues is
now available for Red Hat Enterprise Virtualization 3.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: a subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls. A remote attacker able to make
an application call either of these functions could use this flaw to
execute arbitrary code with the permissions of the user running the
application. (CVE-2015-0235)
A race condition flaw was found in the way the Linux kernel's KVM subsystem
handled PIT (Programmable Interval Timer) emulation. A guest user who has
access to the PIT I/O ports could use this flaw to crash the host.
(CVE-2014-3611)
A flaw was found in the way OpenSSL handled fragmented handshake packets.
A man-in-the-middle attacker could use this flaw to force a TLS/SSL server
using OpenSSL to use TLS 1.0, even if both the client and the server
supported newer protocol versions. (CVE-2014-3511)
A memory leak flaw was found in the way an OpenSSL handled failed session
ticket integrity checks. A remote attacker could exhaust all available
memory of an SSL/TLS or DTLS server by sending a large number of invalid
session tickets to that server. (CVE-2014-3567)
It was found that the Linux kernel's KVM subsystem did not handle the VM
exits gracefully for the invept (Invalidate Translations Derived from EPT)
and invvpid (Invalidate Translations Based on VPID) instructions. On hosts
with an Intel processor and invept/invppid VM exit support, an unprivileged
guest user could use these instructions to crash the guest. (CVE-2014-3645,
CVE-2014-3646)
Red Hat would like to thank Qualys for reporting the CVE-2015-0235 issue,
Lars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced
Threat Research team at Intel Security for reporting the CVE-2014-3645 and
CVE-2014-3646 issues.
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated rhev-hypervisor6 package that fixes multiple security issues is\nnow available for Red Hat Enterprise Virtualization 3.\n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap-based buffer overflow was found in glibc\u0027s\n__nss_hostname_digits_dots() function, which is used by the gethostbyname()\nand gethostbyname2() glibc function calls. A remote attacker able to make\nan application call either of these functions could use this flaw to\nexecute arbitrary code with the permissions of the user running the\napplication. (CVE-2015-0235)\n\nA race condition flaw was found in the way the Linux kernel\u0027s KVM subsystem \nhandled PIT (Programmable Interval Timer) emulation. A guest user who has \naccess to the PIT I/O ports could use this flaw to crash the host. \n(CVE-2014-3611)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nIt was found that the Linux kernel\u0027s KVM subsystem did not handle the VM\nexits gracefully for the invept (Invalidate Translations Derived from EPT)\nand invvpid (Invalidate Translations Based on VPID) instructions. On hosts\nwith an Intel processor and invept/invppid VM exit support, an unprivileged\nguest user could use these instructions to crash the guest. (CVE-2014-3645,\nCVE-2014-3646)\n\nRed Hat would like to thank Qualys for reporting the CVE-2015-0235 issue,\nLars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced\nThreat Research team at Intel Security for reporting the CVE-2014-3645 and\nCVE-2014-3646 issues.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0126",
"url": "https://access.redhat.com/errata/RHSA-2015:0126"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1127504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
},
{
"category": "external",
"summary": "1144825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144825"
},
{
"category": "external",
"summary": "1144835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144835"
},
{
"category": "external",
"summary": "1144878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144878"
},
{
"category": "external",
"summary": "1152563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152563"
},
{
"category": "external",
"summary": "1152961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152961"
},
{
"category": "external",
"summary": "1180044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180044"
},
{
"category": "external",
"summary": "1183461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183461"
},
{
"category": "external",
"summary": "1185720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185720"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2015/rhsa-2015_0126.json"
}
],
"title": "Red Hat Security Advisory: rhev-hypervisor6 security update",
"tracking": {
"current_release_date": "2024-09-13T09:21:03+00:00",
"generator": {
"date": "2024-09-13T09:21:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2015:0126",
"initial_release_date": "2015-02-04T17:52:31+00:00",
"revision_history": [
{
"date": "2015-02-04T17:52:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-02-04T17:52:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T09:21:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEV Hypervisor for RHEL-6",
"product": {
"name": "RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch",
"product": {
"name": "rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch",
"product_id": "rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor6@6.6-20150123.1.el6ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
},
"product_reference": "rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3511",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2014-08-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1127504"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: TLS protocol downgrade attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3511"
},
{
"category": "external",
"summary": "RHBZ#1127504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3511"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv_20140806.txt",
"url": "https://www.openssl.org/news/secadv_20140806.txt"
}
],
"release_date": "2014-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: TLS protocol downgrade attack"
},
{
"cve": "CVE-2014-3567",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2014-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1152961"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the version of openssl shipped with Red Hat Enterprise Linux 5; Red Hat JBoss Enterprise Application Server 5 and 6; and Red Hat JBoss Enterprise Web Server 1 and 2 because openssl-0.9.8e does not include support for session tickets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3567"
},
{
"category": "external",
"summary": "RHBZ#1152961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3567"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv_20141015.txt",
"url": "https://www.openssl.org/news/secadv_20141015.txt"
}
],
"release_date": "2014-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash"
},
{
"acknowledgments": [
{
"names": [
"Lars Bull"
],
"organization": "Google"
}
],
"cve": "CVE-2014-3611",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2014-08-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1144878"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in the way the Linux kernel\u0027s KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: PIT timer race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3611"
},
{
"category": "external",
"summary": "RHBZ#1144878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144878"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3611"
}
],
"release_date": "2014-10-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: kvm: PIT timer race condition"
},
{
"acknowledgments": [
{
"names": [
"Advanced Threat Research team at Intel Security"
]
}
],
"cve": "CVE-2014-3645",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2014-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1144835"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Linux kernel\u0027s KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) instructions. On hosts with an Intel processor and invept VM exit support, an unprivileged guest user could use these instructions to crash the guest.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: vmx: invept vm exit not handled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\n\n\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3645"
},
{
"category": "external",
"summary": "RHBZ#1144835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3645"
}
],
"release_date": "2014-10-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: kvm: vmx: invept vm exit not handled"
},
{
"acknowledgments": [
{
"names": [
"Advanced Threat Research team at Intel Security"
]
}
],
"cve": "CVE-2014-3646",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2014-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1144825"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Linux kernel\u0027s KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: vmx: invvpid vm exit not handled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\n\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3646"
},
{
"category": "external",
"summary": "RHBZ#1144825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3646"
}
],
"release_date": "2014-10-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: kvm: vmx: invvpid vm exit not handled"
},
{
"cve": "CVE-2015-0235",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2015-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1183461"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was found in glibc\u0027s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: __nss_hostname_digits_dots() heap-based buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0235"
},
{
"category": "external",
"summary": "RHBZ#1183461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0235"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2015/01/27/9",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/9"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/1332213",
"url": "https://access.redhat.com/articles/1332213"
},
{
"category": "external",
"summary": "https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability",
"url": "https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability"
}
],
"release_date": "2015-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0126"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.6-20150123.1.el6ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "glibc: __nss_hostname_digits_dots() heap-based buffer overflow"
}
]
}
Loading...