Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0888
HistoryApr 28, 2015 - 12:00 a.m.

(RHSA-2015:0888) Moderate: Red Hat Enterprise Virtualization Manager 3.5.1 update

2015-04-2800:00:00
access.redhat.com
13

0.001 Low

EPSS

Percentile

48.2%

JSON

Red Hat Enterprise Virtualization Manager is a visual tool for centrally
managing collections of virtual servers running Red Hat Enterprise Linux
and Microsoft Windows. This package also includes the Red Hat Enterprise
Virtualization Manager API, a set of scriptable commands that give
administrators the ability to perform queries and operations on Red Hat
Enterprise Virtualization Manager.

The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a User Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API).

It was discovered that the permissions to allow or deny snapshot creation
were ignored during live storage migration of a VM’s disk between storage
domains. An attacker able to live migrate a disk between storage domains
could use this flaw to cause a denial of service. (CVE-2015-0237)

It was discovered that a directory shared between the ovirt-engine-dwhd
service and a plug-in used during the service’s startup had incorrect
permissions. A local user could use this flaw to access files in this
directory, which could potentially contain sensitive information.
(CVE-2015-0257)

The CVE-2015-0237 issue was discovered by Red Hat Enterprise Visualization
Engineering, and the CVE-2015-0257 issue was discovered by Yedidyah Bar
David of the Red Hat Enterprise Virtualization team.

These updated Red Hat Enterprise Virtualization Manager packages also
include numerous bug fixes and various enhancements. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Virtualization 3.5 Technical Notes, linked to in the
References, for information on the most significant of these changes.

All Red Hat Enterprise Virtualization Manager users are advised to upgrade
to these updated packages, which resolve these issues and add these
enhancements.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchrhevm-setup< 3.5.1-0.4.el6evrhevm-setup-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-extensions-api-impl< 3.5.1-0.4.el6evrhevm-extensions-api-impl-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-setup-plugin-ovirt-engine< 3.5.1-0.4.el6evrhevm-setup-plugin-ovirt-engine-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm< 3.5.1-0.4.el6evrhevm-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-setup-plugin-websocket-proxy< 3.5.1-0.4.el6evrhevm-setup-plugin-websocket-proxy-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-restapi< 3.5.1-0.4.el6evrhevm-restapi-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-webadmin-portal< 3.5.1-0.4.el6evrhevm-webadmin-portal-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-extensions-api-impl-javadoc< 3.5.1-0.4.el6evrhevm-extensions-api-impl-javadoc-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-websocket-proxy< 3.5.1-0.4.el6evrhevm-websocket-proxy-3.5.1-0.4.el6ev.noarch.rpm
RedHat6noarchrhevm-lib< 3.5.1-0.4.el6evrhevm-lib-3.5.1-0.4.el6ev.noarch.rpm
Rows per page:
1-10 of 201

Related

nessus 1
nvd 2
cve 2
prion 2
cvelist 2
nessus
nessus
RHEL 6 : Virtualization Manager (RHSA-2015:0888)
2015-04-30 00:00:00
nvd
nvd
CVE-2015-0257
2015-05-01 15:59:03
CVE-2015-0237
2015-05-01 15:59:02
cve
cve
CVE-2015-0257
2015-05-01 15:59:03
CVE-2015-0237
2015-05-01 15:59:02
prion
prion
Directory traversal
2015-05-01 15:59:00
Code injection
2015-05-01 15:59:00
cvelist
cvelist
CVE-2015-0257
2015-05-01 15:00:00
CVE-2015-0237
2015-05-01 15:00:00

0.001 Low

EPSS

Percentile

48.2%

JSON
Related for RHSA-2015:0888
nessus1nvd2cve2prion2cvelist2