From bugzilla at redhat.com Thu Aug 19 22:09:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Aug 2010 16:09:57 -0600 Subject: [RHSA-2010:0628-01] Moderate: vdsm22 security and bug fix update Message-ID: <201008192209.o7JM9vOk019356@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: vdsm22 security and bug fix update Advisory ID: RHSA-2010:0628-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0628.html Issue date: 2010-08-19 CVE Names: CVE-2010-2811 ===================================================================== 1. Summary: Updated vdsm22 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5.5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV Agents (VDSM) - x86_64 3. Description: VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts. Note: This update has been tested and is supported on Red Hat Enterprise Linux 5.5 (with all appropriate post-GA 5.5-specific updates). A flaw was found in the way VDSM accepted SSL connections. An attacker could trigger this flaw by creating a crafted SSL connection to VDSM, preventing VDSM from accepting SSL connections from other users. (CVE-2010-2811) These updated vdsm22 packages also fix the following bugs: * suspend-to-file hibernation failed for huge guests due to the migration and hibernation constant values being too short for huge guests. This update makes the timeouts proportional to guest RAM size, thus allowing suspension of huge guests in all cases except where storage is unbearably slow. (BZ#601275) * under certain circumstances, restarting a VDSM that was being used as a Storage Pool Manager killed all system processes on the host. With this update, stopping VDSM is ensured to kill only the processes that it started, and the VDSM SIGTERM handler is not run concurrently. With these changes, all processes on the host are no longer killed when VDSM is restarted. (BZ#614849) * when VDSM was requested to "start in paused mode", it incorrectly reported virtual guest state as "WaitForLaunch" instead of "Paused", which led to the virtual guest being inaccessible from Red Hat Enterprise Virtualization Manager. With this update, VDSM reports such virtual guests as "Paused", and users are able to connect to the virtual guest display. (BZ#616464) Red Hat Enterprise Virtualization Manager 2.2 users with Red Hat Enterprise Linux hosts should install these updated packages, which resolve these issues. Alternatively, Red Hat Enterprise Virtualization Manager can install the new package automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 622928 - CVE-2010-2811 vdsm: SSL accept() blocks on a non-blocking Connection 6. Package List: RHEV Agents (VDSM): x86_64: vdsm22-4.5-62.14.el5_5rhev2_2.x86_64.rpm vdsm22-cli-4.5-62.14.el5_5rhev2_2.x86_64.rpm vdsm22-debuginfo-4.5-62.14.el5_5rhev2_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2811.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMbaujXlSAg2UNWIIRAvzSAJ0a5FgKWxSKfLKk69TAGNIMwqVd9ACgoTTm Qx8Atl2WiDarilAYO2I+358= =g9uS -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 19 22:13:01 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Aug 2010 16:13:01 -0600 Subject: [RHSA-2010:0613-01] Moderate: Red Hat Enterprise Virtualization Manager security update Message-ID: <201008192213.o7JMD1it019080@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise Virtualization Manager security update Advisory ID: RHSA-2010:0613-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0613.html Issue date: 2010-08-19 CVE Names: CVE-2009-3552 ===================================================================== 1. Summary: Red Hat Enterprise Virtualization Manager 2.2.2 is now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. (CVE-2009-3552) Note: As part of the fix for CVE-2009-3552, this update changes the way the client-side Red Hat Enterprise Virtualization Manager interface communicates with the Red Hat Enterprise Virtualization Manager. After installing this update, the following steps must be performed when using HTTPS (that is, browsing to "https://localhost/RHEVmanager" or using the new "RHEVManager SSL" shortcut): 1) If you have previously browsed to the administrator portal using HTTP, you must remove the "RHEVManager/" cookie from Internet Explorer. After removing this cookie, restart Internet Explorer. 2) Navigate to "https://localhost/RHEVmanager". You will be prompted to install the Red Hat Enterprise Virtualization Manager CA (Certificate Authority) certificate. Once installed, restart Internet Explorer. It is recommended that you use the "https://" link or the "RHEVManager SSL" shortcut to connect to the administrator portal, and no longer use the "http://" link. This updated Red Hat Enterprise Virtualization Manager package also fixes several bugs. Documentation for these bug fixes will be available shortly from http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Ser vers/2.2/html/Technical_Notes/index.html All Red Hat Enterprise Virtualization Manager users are advised to install this updated package, which corrects this issue and fixes the bugs noted in the Technical Notes document, linked to in the References. 3. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 4. Bugs fixed (http://bugzilla.redhat.com/): 528890 - CVE-2009-3552 RHEV-M VDC - GUI: Man in the middle attack possible on the GUI to Backend SSL connection 5. References: https://www.redhat.com/security/data/cve/CVE-2009-3552.html http://www.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html 6. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMbawiXlSAg2UNWIIRAtREAKCxzXV5gAuoyYG6tWrzwFT/WW9lYQCgmHxz XVwuY/HfnBUYqlVbbpHJ9VU= =3n2Z -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 19 22:14:10 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Aug 2010 16:14:10 -0600 Subject: [RHSA-2010:0622-01] Important: rhev-hypervisor security and bug fix update Message-ID: <201008192214.o7JMEAvI020417@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-hypervisor security and bug fix update Advisory ID: RHSA-2010:0622-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0622.html Issue date: 2010-08-19 CVE Names: CVE-2010-0428 CVE-2010-0429 CVE-2010-0431 CVE-2010-0435 CVE-2010-2784 CVE-2010-2811 ===================================================================== 1. Summary: Updated rhev-hypervisor packages that fix multiple security issues and two bugs are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Virtualization Hypervisor 5 - noarch 3. Description: The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428) It was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429) It was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431) A flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784) A NULL pointer dereference flaw was found when Red Hat Enterprise Virtualization Hypervisor was run on a system that has a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service). (CVE-2010-0435) A flaw was found in the way VDSM accepted SSL connections. An attacker could trigger this flaw by creating a crafted SSL connection to VDSM, preventing VDSM from accepting SSL connections from other users. (CVE-2010-2811) These updated packages provide updated components that include fixes for security issues; however, these issues have no security impact for Red Hat Enterprise Virtualization Hypervisor. These fixes are for avahi issues CVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527, and CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and CVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212. These updated rhev-hypervisor packages also fix two bugs. Documentation for these bug fixes will be available shortly from http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Ser vers/2.2/html/Technical_Notes/index.html As Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug fixes from the KVM update RHSA-2010:0627 have been included in this update. Also included are the bug fixes from the VDSM update RHSA-2010:0628. KVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html VDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to these updated rhev-hypervisor packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 568699 - CVE-2010-0428 libspice: Insufficient guest provided pointers validation 568701 - CVE-2010-0429 libspice: Relying on guest provided data structures to indicate memory allocation 568809 - CVE-2010-0431 qemu: Insufficient guest provided pointers validation 570528 - CVE-2010-0435 kvm: vmx null pointer dereference 619411 - CVE-2010-2784 qemu: insufficient constraints checking in exec.c:subpage_register() 622928 - CVE-2010-2811 vdsm: SSL accept() blocks on a non-blocking Connection 6. Package List: Red Hat Enterprise Virtualization Hypervisor 5: Source: rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2.src.rpm noarch: rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0428.html https://www.redhat.com/security/data/cve/CVE-2010-0429.html https://www.redhat.com/security/data/cve/CVE-2010-0431.html https://www.redhat.com/security/data/cve/CVE-2010-0435.html https://www.redhat.com/security/data/cve/CVE-2010-2784.html https://www.redhat.com/security/data/cve/CVE-2010-2811.html http://www.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMbax7XlSAg2UNWIIRAs1dAKC+Aw8pQm0UArmWQFnQy6Ils9AF4wCbBqhS HU6TUfQpofSPFwp/iZD5XJo= =Cr2o -----END PGP SIGNATURE-----