From bugzilla at redhat.com Thu Jun 5 15:04:19 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jun 2014 15:04:19 +0000 Subject: [RHSA-2014:0629-01] Important: rhev-hypervisor6 security update Message-ID: <201406051504.s55F4KKb004742@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-hypervisor6 security update Advisory ID: RHSA-2014:0629-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0629.html Issue date: 2014-06-05 CVE Names: CVE-2014-0077 CVE-2014-0224 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes two security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0077) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0224. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224. The CVE-2014-0077 issue was discovered by Michael S. Tsirkin of Red Hat. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers: CVE-2014-0015 and CVE-2014-0138 (curl issues) CVE-2014-2523 and CVE-2013-6383 (kernel issues) CVE-2014-0179 (libvirt issue) CVE-2010-5298, CVE-2014-0198, CVE-2014-0221, CVE-2014-0195, and CVE-2014-3470 (openssl issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html/Administration_Guide/chap-Updating_the_Red_Hat_Enterprise_Virtualization_Environment.html#Updating_Red_Hat_Enterprise_Virtualization_Hypervisors1 5. Bugs fixed (https://bugzilla.redhat.com/): 1064440 - CVE-2014-0077 kernel: vhost-net: insufficiency in handling of big packets in handle_rx() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 6. Package List: RHEV Hypervisor for RHEL-6: noarch: rhev-hypervisor6-6.5-20140603.1.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0077.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/906913 https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html/Administration_Guide/chap-Updating_the_Red_Hat_Enterprise_Virtualization_Environment.html#Updating_Red_Hat_Enterprise_Virtualization_Hypervisors1 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTkIbfXlSAg2UNWIIRAuELAJ9TBQiVpya96V+yGKcHDWKjm3/kRQCeJ2P/ AfxUQT5AhkJIMI5JqpigVtY= =1IXk -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 10 21:50:26 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jun 2014 21:50:26 +0000 Subject: [RHSA-2014:0744-01] Moderate: qemu-kvm-rhev security update Message-ID: <201406102150.s5ALoRVR012110@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2014:0744-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0744.html Issue date: 2014-06-10 CVE Names: CVE-2013-4148 CVE-2013-4151 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-2894 CVE-2014-3461 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix several security issues are now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV Agents (vdsm) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) The CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat, Anthony Liguori, and Michael Roth. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1066334 - CVE-2013-4148 qemu: virtio-net: buffer overflow on invalid state load 1066342 - CVE-2013-4151 qemu: virtio: out-of-bounds buffer write on invalid state load 1066361 - CVE-2013-6399 qemu: virtio: buffer overrun on incoming migration 1066382 - CVE-2013-4542 qemu: virtio-scsi: buffer overrun on invalid state load 1066384 - CVE-2013-4541 qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load 1066401 - CVE-2013-4535 CVE-2013-4536 qemu: virtio: insufficient validation of num_sg when mapping 1087971 - CVE-2014-2894 QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART 1088986 - CVE-2014-0182 qemu: virtio: out-of-bounds buffer write on state load with invalid config_len 1096821 - CVE-2014-3461 Qemu: usb: fix up post load checks 6. Package List: RHEV Agents (vdsm): Source: qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.415.el6_5.10.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4148.html https://www.redhat.com/security/data/cve/CVE-2013-4151.html https://www.redhat.com/security/data/cve/CVE-2013-4535.html https://www.redhat.com/security/data/cve/CVE-2013-4536.html https://www.redhat.com/security/data/cve/CVE-2013-4541.html https://www.redhat.com/security/data/cve/CVE-2013-4542.html https://www.redhat.com/security/data/cve/CVE-2013-6399.html https://www.redhat.com/security/data/cve/CVE-2014-0182.html https://www.redhat.com/security/data/cve/CVE-2014-2894.html https://www.redhat.com/security/data/cve/CVE-2014-3461.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTl32LXlSAg2UNWIIRAhotAKCi9I5y+gRtZsj6zr/LBMKNAhhuEgCeNX2i /G/nmj9YVqp/1QG6fCm4piM= =ffEj -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 30 17:57:08 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Jun 2014 17:57:08 +0000 Subject: [RHSA-2014:0814-01] Moderate: rhevm security update Message-ID: <201406301757.s5UHv8WT000901@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rhevm security update Advisory ID: RHSA-2014:0814-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0814.html Issue date: 2014-06-30 CVE Names: CVE-2014-3485 ===================================================================== 1. Summary: Updated rhevm packages that fix one security issue are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV-M 3.4 - noarch 3. Description: The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API). It was found that the ovirt-engine REST API resolved entities in XML API calls. A remote attacker with credentials to call the ovirt-engine REST API could use this flaw to read files accessible to the user running the ovirt-engine JBoss server, and potentially perform other more advanced XXE attacks. (CVE-2014-3485) This issue was discovered by David Jorm of Red Hat Product Security. All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1107472 - CVE-2014-3485 ovirt-engine-api: XML eXternal Entity (XXE) flaw 6. Package List: RHEV-M 3.4: Source: rhevm-3.4.0-0.22.el6ev.src.rpm noarch: rhevm-3.4.0-0.22.el6ev.noarch.rpm rhevm-backend-3.4.0-0.22.el6ev.noarch.rpm rhevm-backend-3.4.0-0.22.el6ev.noarch.rpm rhevm-dbscripts-3.4.0-0.22.el6ev.noarch.rpm rhevm-lib-3.4.0-0.22.el6ev.noarch.rpm rhevm-lib-3.4.0-0.22.el6ev.noarch.rpm rhevm-restapi-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-base-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-base-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-plugin-allinone-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-plugin-ovirt-engine-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-plugin-ovirt-engine-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-plugin-ovirt-engine-common-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-plugin-ovirt-engine-common-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-plugin-websocket-proxy-3.4.0-0.22.el6ev.noarch.rpm rhevm-setup-plugin-websocket-proxy-3.4.0-0.22.el6ev.noarch.rpm rhevm-tools-3.4.0-0.22.el6ev.noarch.rpm rhevm-userportal-3.4.0-0.22.el6ev.noarch.rpm rhevm-userportal-3.4.0-0.22.el6ev.noarch.rpm rhevm-webadmin-portal-3.4.0-0.22.el6ev.noarch.rpm rhevm-webadmin-portal-3.4.0-0.22.el6ev.noarch.rpm rhevm-websocket-proxy-3.4.0-0.22.el6ev.noarch.rpm rhevm-websocket-proxy-3.4.0-0.22.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3485.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTsaS0XlSAg2UNWIIRAnk5AJ4121pcAl4KxnXg+sIPynFKK0SUJQCeLJKF E2co/OxuaK4I6CyFM0VUCfo= =vUCU -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 30 17:58:44 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Jun 2014 17:58:44 +0000 Subject: [RHSA-2014:0815-01] Important: rhev-hypervisor6 security update Message-ID: <201406301758.s5UHwiHA015546@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-hypervisor6 security update Advisory ID: RHSA-2014:0815-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0815.html Issue date: 2014-06-30 CVE Names: CVE-2014-3466 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes several security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. (CVE-2014-3468) Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467) Multiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469) Red Hat would like to thank GnuTLS upstream for reporting CVE-2014-3466, CVE-2014-3468, CVE-2014-3467, and CVE-2014-3469. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. This updated package provides an updated kernel component that includes fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers: CVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039 and CVE-2014-3153 (kernel issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1101932 - CVE-2014-3466 gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3) 1102022 - CVE-2014-3467 libtasn1: multiple boundary check issues 1102323 - CVE-2014-3468 libtasn1: asn1_get_bit_der() can return negative bit length 1102329 - CVE-2014-3469 libtasn1: asn1_read_value_type() NULL pointer dereference 1107789 - (rhevh-6.5.5) Packaging for RHEL 6.5 update 5 release 6. Package List: RHEV Hypervisor for RHEL-6: noarch: rhev-hypervisor6-6.5-20140624.0.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3466.html https://www.redhat.com/security/data/cve/CVE-2014-3467.html https://www.redhat.com/security/data/cve/CVE-2014-3468.html https://www.redhat.com/security/data/cve/CVE-2014-3469.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTsaUxXlSAg2UNWIIRAndwAJoD6jT4beXacPKphFUq4uGSbGWnswCgnLxJ c7c04ffAqiG8Bg+OiK3808k= =ZZ1Y -----END PGP SIGNATURE-----