(RHSA-2015:1713) Important: rhev-hypervisor security, bug fix, and enhancement update

2015-09-03T04:00:00
ID RHSA-2015:1713
Type redhat
Reporter RedHat
Modified 2018-06-07T08:59:37

Description

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138)

A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-3247)

A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137)

It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended. (CVE-2015-1841)

Red Hat would like to thank oCERT for reporting CVE-2014-8137 and CVE-2014-8138. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter. The CVE-2015-3247 issue was discovered by Frediano Ziglio of Red Hat. The CVE-2015-1841 issue was discovered by Einav Cohen of Red Hat.

This update also fixes the following bug:

  • Previously, installing the Red Hat Enterprise Virtualization Hypervisor 7 RPM on a Red Hat Enterprise Linux 6 host failed, because no such thing was available. Now, the Red Hat Enterprise Virtualization Hypervisor 7 RPM is available in the rhel-6-server-rhevh-rpms channel, and can be installed on a Red Hat Enterprise Linux 6 host. (BZ#1193678)

In addition, this update adds the following enhancement:

  • With this release, the Red Hat Enterprise Virtualizaton Hypervisor now includes the drivers for the Dell Shared PERC8 RAID Controller. (BZ#1186582)

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.