Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1168
HistorySep 09, 2014 - 12:00 a.m.

(RHSA-2014:1168) Important: rhev-hypervisor6 security and bug fix update

2014-09-0900:00:00
access.redhat.com
28

0.049 Low

EPSS

Percentile

92.8%

JSON

The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: a subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.

A NULL pointer dereference flaw was found in the way the Linux kernel’s
networking implementation handled logging while processing certain invalid
packets coming in via a VxLAN interface. A remote attacker could use this
flaw to crash the system by sending a specially crafted packet to such an
interface. (CVE-2014-3535)

Two integer overflow flaws were found in the QEMU block driver for QCOW
version 1 disk images. A user able to alter the QEMU disk image files
loaded by a guest could use either of these flaws to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2014-0222, CVE-2014-0223)

Red Hat would like to thank NSA for reporting CVE-2014-0222 and
CVE-2014-0223.

This update also fixes the following bug:

  • Previously, an updated version of Qlogic firmware was not supported in
    the Red Hat Enterprise Virtualization Hypervisor 6.5 image and an error
    message returned when users were using a newer version of Qlogic firmware.
    This update includes the latest Qlogic firmware package in the Red Hat
    Enterprise Virtualization Hypervisor 6.5 image so no firmware errors are
    returned. (BZ#1135780)

This updated package also provides updated components that include fixes
for various security issues. These issues have no security impact on Red
Hat Enterprise Virtualization Hypervisor itself, however. The security
fixes included in this update address the following CVE numbers:

CVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706,
CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-0205, CVE-2014-3917,
and CVE-2014-4667 (kernel issues)

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package.

Related

nessus 54
redhat 10
openvas 41
centos 4
oraclelinux 10
f5 3
ibm 1
suse 3
ubuntu 13
veracode 15
debian 2
securityvulns 3
osv 2
threatpost 1
cve 7
prion 4
cvelist 7
ubuntucve 5
nvd 5
debiancve 5
thn 1
seebug 2
freebsd 1
nessus
nessus
RHEL 6 : rhev-hypervisor6 (RHSA-2014:1168)
2014-11-08 00:00:00
Oracle Linux 6 : kernel (ELSA-2014-0981)
2014-07-30 00:00:00
CentOS 6 : kernel (CESA-2014:0981)
2014-08-01 00:00:00
redhat
redhat
(RHSA-2014:0981) Important: kernel security, bug fix, and enhancement update
2014-07-29 00:00:00
(RHSA-2014:1101) Important: kernel security and bug fix update
2014-08-27 00:00:00
(RHSA-2014:1167) Important: kernel security and bug fix update
2014-09-09 00:00:00
openvas
openvas
RedHat Update for kernel RHSA-2014:0981-01
2014-08-05 00:00:00
CentOS Update for kernel CESA-2014:0981 centos6
2014-08-05 00:00:00
Oracle: Security Advisory (ELSA-2014-0981)
2015-10-06 00:00:00
centos
centos
kernel, perf, python security update
2014-07-31 19:57:06
kernel, perf, python security update
2014-09-09 23:10:17
qemu security update
2014-08-19 10:00:56
oraclelinux
oraclelinux
unbreakable enterprise kernel security update
2014-07-29 00:00:00
kernel security, bug fix, and enhancement update
2014-07-29 00:00:00
kernel security and bug fix update
2014-09-09 00:00:00
f5
f5
SOL15680 - Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667
2014-10-09 00:00:00
K15680 : Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667
2015-09-17 00:00:00
K16781 : Linux kernel vulnerability CVE-2014-3535
2015-06-26 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance.
2018-06-17 22:30:11
suse
suse
kernel: security and bugfix update (important)
2014-06-25 09:04:14
Security update for KVM (important)
2015-05-22 00:08:52
kernel: security and bugfix release (important)
2014-07-01 12:04:32
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-06-20 00:00:00
Linux kernel (Quantal HWE) vulnerabilities
2014-06-27 00:00:00
Linux kernel (EC2) vulnerabilities
2014-06-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:03:55
Denial Of Service (DoS)
2019-05-02 05:03:26
Information Disclosure
2019-05-02 05:03:25
debian
debian
[SECURITY] [DSA 2949-1] linux security update
2014-06-05 12:15:58
[SECURITY] [DSA 2949-1] linux security update
2014-06-05 12:15:58
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2014-05-29 00:00:00
[USN-2228-1] Linux kernel vulnerabilities
2014-05-29 00:00:00
[oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size
2014-05-15 00:00:00
osv
osv
linux-2.6 - security update
2014-07-12 00:00:00
linux - security update
2014-06-05 00:00:00
threatpost
threatpost
Pinkie Pie Linux Kernel Patch Available
2014-06-06 13:40:34
cve
cve
CVE-2012-6647
2014-05-26 22:55:05
CVE-2013-7339
2014-03-24 16:40:43
CVE-2014-4667
2014-07-03 04:22:16
prion
prion
Null pointer dereference
2014-05-26 22:55:00
Null pointer dereference
2014-03-24 16:40:00
Null pointer dereference
2014-09-28 19:55:00
cvelist
cvelist
CVE-2012-6647
2014-05-26 22:00:00
CVE-2013-7339
2014-03-24 10:00:00
CVE-2014-4667
2014-07-03 01:00:00
ubuntucve
ubuntucve
CVE-2013-7339
2014-03-24 00:00:00
CVE-2012-6647
2014-05-26 00:00:00
CVE-2014-3535
2014-09-28 00:00:00
nvd
nvd
CVE-2013-7339
2014-03-24 16:40:43
CVE-2012-6647
2014-05-26 22:55:05
CVE-2014-4667
2014-07-03 04:22:16
debiancve
debiancve
CVE-2012-6647
2014-05-26 22:55:05
CVE-2013-7339
2014-03-24 16:40:43
CVE-2014-4667
2014-07-03 04:22:16
thn
thn
Linux Kernel Vulnerable to Privilege Escalation and DoS Attack
2014-06-07 00:29:00
seebug
seebug
Linux Kernel "rds_ib_laddr_check()"η©ΊζŒ‡ι’ˆεΌ•η”¨ζΌζ΄ž
2014-03-25 00:00:00
Linux Kernel 'mac80211/sta_info.c'η©ΊζŒ‡ι’ˆεΌ•η”¨ζ‹’η»ζœεŠ‘ζΌζ΄ž
2014-04-08 00:00:00
freebsd
freebsd
cURL -- multiple vulnerabilities
2015-04-22 00:00:00

0.049 Low

EPSS

Percentile

92.8%

JSON
Related for RHSA-2014:1168
nessus54redhat10openvas41centos4oraclelinux10f53ibm1suse3ubuntu13veracode15debian2securityvulns3osv2threatpost1cve7prion4cvelist7ubuntucve5nvd5debiancve5thn1seebug2freebsd1