From bugzilla at redhat.com Thu Oct 2 19:29:18 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 2 Oct 2014 19:29:18 +0000 Subject: [RHSA-2014:1354-01] Critical: rhev-hypervisor6 security update Message-ID: <201410021929.s92JTIxh031861@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rhev-hypervisor6 security update Advisory ID: RHSA-2014:1354-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1354.html Issue date: 2014-10-02 CVE Names: CVE-2014-1568 CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV-M 3.4 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271) It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186) An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. (CVE-2014-7187) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product Security. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht ml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente rprise_Virtualization_Hypervisors.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1141597 - CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands 1145429 - CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73) 1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271) 1146791 - CVE-2014-7186 bash: parser can allow out-of-bounds memory access while handling redir_stack 1146804 - CVE-2014-7187 bash: off-by-one error in deeply nested flow control constructs 6. Package List: RHEV-M 3.4: Source: rhev-hypervisor6-6.5-20140930.1.el6ev.src.rpm noarch: rhev-hypervisor6-6.5-20140930.1.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-1568.html https://www.redhat.com/security/data/cve/CVE-2014-6271.html https://www.redhat.com/security/data/cve/CVE-2014-7169.html https://www.redhat.com/security/data/cve/CVE-2014-7186.html https://www.redhat.com/security/data/cve/CVE-2014-7187.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFULad7XlSAg2UNWIIRArccAJ95pkvG2fyfrI6g4Ve/+fAdnbQq2QCffmYR IH3VLRMcNTi5Gr1GmWlBiFg= =DD5a -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 20 18:51:42 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Oct 2014 18:51:42 +0000 Subject: [RHSA-2014:1670-01] Low: qemu-kvm-rhev security and bug fix update Message-ID: <201410201851.s9KIpgLg014450@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm-rhev security and bug fix update Advisory ID: RHSA-2014:1670-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1670.html Issue date: 2014-10-20 CVE Names: CVE-2014-3615 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV-H and VDSM for 7 Hosts - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bug: * This update fixes a bug that caused the relative path to a backing file image to be switched to an absolute path during a live merge (block-commit). (BZ#1122925) All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1122925 - Maintain relative path to backing file image during live merge (block-commit) 1139115 - CVE-2014-3615 Qemu: information leakage when guest sets high resolution 6. Package List: RHEV-H and VDSM for 7 Hosts: Source: qemu-kvm-rhev-1.5.3-60.el7_0.10.src.rpm x86_64: libcacard-devel-rhev-1.5.3-60.el7_0.10.x86_64.rpm libcacard-rhev-1.5.3-60.el7_0.10.x86_64.rpm libcacard-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-img-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-common-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-rhev-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3615.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFURVmWXlSAg2UNWIIRAgKSAJ9ZWGKEYCnRRn3K9z8tC65XHMTjkACgk5KG DhRZ59vYzxIiqq3t5kyMGzo= =6I4t -----END PGP SIGNATURE-----