Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:0339
HistoryMar 31, 2014 - 12:00 a.m.

(RHSA-2014:0339) Important: rhev-hypervisor6 security update

2014-03-3100:00:00
access.redhat.com
16

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.935 High

EPSS

Percentile

98.6%

JSON

The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: a subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.

It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)

A flaw was found in the way the get_rx_bufs() function in the vhost_net
implementation in the Linux kernel handled error conditions reported by the
vhost_get_vq_desc() function. A privileged guest user could use this flaw
to crash the host. (CVE-2014-0055)

A heap-based buffer overflow flaw was found in the Linux kernel’s cdc-wdm
driver, used for USB CDC WCM device management. An attacker with physical
access to a system could use this flaw to cause a denial of service or,
potentially, escalate their privileges. (CVE-2013-1860)

The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the
Red Hat Security Technologies Team.

This updated package provides updated components that include fixes for
various security issues. These issues have no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however. The security fixes
included in this update address the following CVE numbers:

CVE-2014-0101, and CVE-2014-0069 (kernel issues)

CVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232,
CVE-2013-4243, and CVE-2013-4244 (libtiff issues)

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which corrects these issues.

Related

nessus 55
openvas 52
amazon 2
veracode 8
redhat 4
oraclelinux 6
centos 4
f5 5
ubuntu 3
fedora 10
altlinux 3
securityvulns 6
osv 2
debian 3
gentoo 1
slackware 1
mageia 4
ubuntucve 5
debiancve 5
cve 6
prion 6
suse 2
ics 1
ibm 2
seebug 1
checkpoint_advisories 1
checkpoint_security 1
nessus
nessus
RHEL 6 : rhev-hypervisor6 (RHSA-2014:0339)
2014-11-08 00:00:00
Oracle Linux 6 : libtiff (ELSA-2014-0222)
2014-02-28 00:00:00
Amazon Linux AMI : libtiff (ALAS-2014-307)
2014-03-18 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-307)
2015-09-08 00:00:00
RedHat Update for libtiff RHSA-2014:0222-01
2014-03-04 00:00:00
CentOS Update for libtiff CESA-2014:0222 centos6
2014-03-04 00:00:00
amazon
amazon
Medium: libtiff
2014-03-13 18:13:00
Medium: libtiff
2014-06-26 10:31:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
redhat
redhat
(RHSA-2014:0222) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0223) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0328) Important: kernel security and bug fix update
2014-03-25 00:00:00
oraclelinux
oraclelinux
libtiff security update
2014-02-27 00:00:00
libtiff security update
2014-02-27 00:00:00
kernel security and bug fix update
2014-03-25 00:00:00
centos
centos
libtiff security update
2014-02-28 00:43:50
libtiff security update
2014-02-28 00:37:27
kernel, perf, python security update
2014-03-25 21:39:34
f5
f5
SOL16715 - Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
K16715 : Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
K16718 : libTIFF vulnerability CVE-2010-2596
2015-06-04 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2014-05-06 00:00:00
LibTIFF vulnerabilities
2013-05-21 00:00:00
GnuTLS vulnerability
2014-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: libtiff-4.0.3-10.fc19
2014-06-10 03:07:40
[SECURITY] Fedora 20 Update: mingw-libtiff-4.0.3-4.fc20
2014-06-10 02:56:35
[SECURITY] Fedora 19 Update: mingw-libtiff-4.0.3-4.fc19
2014-06-10 03:14:08
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt20
2014-03-26 00:00:00
Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1
2019-04-09 00:00:00
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt22
2014-05-09 00:00:00
securityvulns
securityvulns
libtiff multiple security vulnerabilities
2013-08-28 00:00:00
[SECURITY] [DSA 2744-1] tiff security update
2013-08-28 00:00:00
[ MDVSA-2013:219 ] libtiff
2013-08-28 00:00:00
osv
osv
tiff - several
2013-08-27 00:00:00
tiff - buffer overflow
2013-06-18 00:00:00
debian
debian
[SECURITY] [DSA 2744-1] tiff security update
2013-08-27 15:27:12
[SECURITY] [DSA 2698-1] tiff security update
2013-06-18 19:39:25
tiff security update
2014-07-01 18:01:35
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2014-02-21 00:00:00
slackware
slackware
[slackware-security] libtiff
2013-10-18 19:38:32
mageia
mageia
Updated libtiff packagess fix multiple security vulnerabilities
2013-08-22 22:20:56
Updated kernel-linus packages fixes multiple bugs and vulnerabilities
2014-05-09 01:51:33
Updated kernel packages fixes multiple bugs and vulnerabilities
2014-05-09 01:48:19
ubuntucve
ubuntucve
CVE-2013-4232
2013-09-10 00:00:00
CVE-2013-4231
2014-01-19 00:00:00
CVE-2014-0092
2014-03-03 00:00:00
debiancve
debiancve
CVE-2013-4232
2013-09-10 19:55:00
CVE-2010-2596
2010-07-02 12:43:00
CVE-2013-4231
2014-01-19 17:16:00
cve
cve
CVE-2010-2596
2010-07-02 12:43:00
CVE-2013-4231
2014-01-19 17:16:00
CVE-2013-4232
2013-09-10 19:55:00
prion
prion
Input validation
2010-07-02 12:43:00
Design/Logic Flaw
2013-09-10 19:55:00
Buffer overflow
2014-01-19 17:16:00
suse
suse
Security update for gnutls (critical)
2014-03-04 18:04:13
gnutls: fixed SSL certificate validation problems (critical)
2014-03-05 08:04:11
ics
ics
Siemens RuggedCom ROX-based Devices Certificate Verification Vulnerability (Update A)
2018-09-06 12:00:00
ibm
ibm
Security Bulletin: IBM WebSphere Application Server Hypervisor GnuTLS certificate security bypass CVE-2014-0092
2021-06-03 15:23:50
Security Bulletin: TS3000 code level v7.x affected by Open Source GnuTLS cyrpto issue (CVE-2014-0092)
2022-08-20 00:54:31
seebug
seebug
Linux Kernel 'cdc-wdm' USB设备驱动程序堆缓冲区溢出漏洞
2013-03-19 00:00:00
checkpoint_advisories
checkpoint_advisories
GnuTLS Certificate Verification Policy Bypass (CVE-2014-0092)
2014-05-08 00:00:00
checkpoint_security
checkpoint_security
Check Point response to GnuTLS certificate verification vulnerability (CVE-2014-0092)
2014-03-04 22:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.935 High

EPSS

Percentile

98.6%

JSON
Related for RHSA-2014:0339
nessus55openvas52amazon2veracode8redhat4oraclelinux6centos4f55ubuntu3fedora10altlinux3securityvulns6osv2debian3gentoo1slackware1mageia4ubuntucve5debiancve5cve6prion6suse2ics1ibm2seebug1checkpoint_advisories1checkpoint_security1