8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
99.9%
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from the
nss_dns NSS service module. (CVE-2015-7547)
This issue was discovered by the Google Security Team and Red Hat.
Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to these updated packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | rhev-hypervisor6 | < 6.7-20160104.2.el6ev | rhev-hypervisor6-6.7-20160104.2.el6ev.noarch.rpm |
RedHat | 6 | src | rhev-hypervisor6 | < 6.7-20160104.2.el6ev | rhev-hypervisor6-6.7-20160104.2.el6ev.src.rpm |
RedHat | 6 | noarch | rhev-hypervisor7 | < 7.2-20160105.2.el6ev | rhev-hypervisor7-7.2-20160105.2.el6ev.noarch.rpm |
RedHat | 6 | src | rhev-hypervisor7 | < 7.2-20160105.2.el6ev | rhev-hypervisor7-7.2-20160105.2.el6ev.src.rpm |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
99.9%