Lucene search

K
redhatRedHatRHSA-2014:0339
HistoryMar 31, 2014 - 12:00 a.m.

(RHSA-2014:0339) Important: rhev-hypervisor6 security update

2014-03-3100:00:00
access.redhat.com
20

EPSS

0.918

Percentile

98.9%

The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: a subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.

It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)

A flaw was found in the way the get_rx_bufs() function in the vhost_net
implementation in the Linux kernel handled error conditions reported by the
vhost_get_vq_desc() function. A privileged guest user could use this flaw
to crash the host. (CVE-2014-0055)

A heap-based buffer overflow flaw was found in the Linux kernel’s cdc-wdm
driver, used for USB CDC WCM device management. An attacker with physical
access to a system could use this flaw to cause a denial of service or,
potentially, escalate their privileges. (CVE-2013-1860)

The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the
Red Hat Security Technologies Team.

This updated package provides updated components that include fixes for
various security issues. These issues have no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however. The security fixes
included in this update address the following CVE numbers:

CVE-2014-0101, and CVE-2014-0069 (kernel issues)

CVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232,
CVE-2013-4243, and CVE-2013-4244 (libtiff issues)

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which corrects these issues.