Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1661
Important: rhev-hypervisor6 security and bug fix update
22 November 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: rhev-hypervisor6
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Console/Physical
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-4592 CVE-2013-4591 CVE-2013-4419
CVE-2013-4387 CVE-2013-4345 CVE-2013-4344
CVE-2013-4332 CVE-2013-4242 CVE-2013-4238
CVE-2013-3231 CVE-2013-2892 CVE-2013-2889
CVE-2013-2888 CVE-2013-2851 CVE-2013-2777
CVE-2013-2776 CVE-2013-2234 CVE-2013-2164
CVE-2013-1929 CVE-2013-1928 CVE-2013-1914
CVE-2013-1813 CVE-2013-1775 CVE-2013-0343
CVE-2013-0242 CVE-2013-0223 CVE-2013-0222
CVE-2013-0221 CVE-2012-6545 CVE-2012-6542
CVE-2012-4453 CVE-2012-0787 CVE-2012-0786
CVE-2010-5107
Reference: ASB-2013.0093
ESB-2013.1558
ESB-2013.1528
ESB-2013.1527
ESB-2013.1364
ESB-2013.1349
ESB-2013.1297
ESB-2013.1136
ESB-2013.1028
ESB-2013.0955
ESB-2013.0845
ESB-2013.0787
ESB-2013.0715
ESB-2013.0702
ESB-2013.0691
ESB-2013.0577
ESB-2013.0539
ESB-2013.0516
ESB-2013.0355
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2013-1527.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rhev-hypervisor6 security and bug fix update
Advisory ID: RHSA-2013:1527-01
Product: Red Hat Enterprise Virtualization
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1527.html
Issue date: 2013-11-21
CVE Names: CVE-2010-5107 CVE-2013-2888 CVE-2013-2889
CVE-2013-2892 CVE-2013-4238 CVE-2013-4344
=====================================================================
1. Summary:
An updated rhev-hypervisor6 package that fixes multiple security issues and
one bug is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
RHEV Hypervisor for RHEL-6 - noarch
3. Description:
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: a subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization
Hypervisor through the 3.2 Manager administration portal, the Host may
appear with the status of "Install Failed". If this happens, place the host
into maintenance mode, then activate it again to get the host back to an
"Up" state.
A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT
LUNS" command when more than 256 LUNs were specified for a single SCSI
target. A privileged guest user could use this flaw to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)
Multiple flaws were found in the way Linux kernel handled HID (Human
Interface Device) reports. An attacker with physical access to the system
could use this flaw to crash the system or, potentially, escalate their
privileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892)
A flaw was found in the way the Python SSL module handled X.509 certificate
fields that contain a NULL byte. An attacker could potentially exploit this
flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that
to exploit this issue, an attacker would need to obtain a carefully crafted
certificate signed by an authority that the client trusts. (CVE-2013-4238)
The default OpenSSH configuration made it easy for remote attackers to
exhaust unauthorized connection slots and prevent other users from being
able to log in to a system. This flaw has been addressed by enabling random
early connection drops by setting MaxStartups to 10:30:100 by default.
For more information, refer to the sshd_config(5) man page. (CVE-2010-5107)
The CVE-2013-4344 issue was discovered by Asias He of Red Hat.
This updated package provides updated components that include fixes for
various security issues. These issues have no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however. The security fixes
included in this update address the following CVE numbers:
CVE-2012-0786 and CVE-2012-0787 (augeas issues)
CVE-2013-1813 (busybox issue)
CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)
CVE-2012-4453 (dracut issue)
CVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)
CVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592,
CVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928,
CVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues)
CVE-2013-4242 (libgcrypt issue)
CVE-2013-4419 (libguestfs issue)
CVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)
This update also fixes the following bug:
* A previous version of the rhev-hypervisor6 package did not contain the
latest vhostmd package, which provides a "metrics communication channel"
between a host and its hosted virtual machines, allowing limited
introspection of host resource usage from within virtual machines. This has
been fixed, and rhev-hypervisor6 now includes the latest vhostmd package.
(BZ#1026703)
This update also contains the fixes from the following errata:
* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which corrects these issues.
4. Solution:
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
To upgrade Hypervisors in Red Hat Enterprise Virtualization environments
using the disk image provided by this package, refer to:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat
_Enterprise_Virtualization_Hypervisors.html
5. Bugs fixed (https://bugzilla.redhat.com/):
908060 - rhev-hypervisor 6.5 release
908707 - CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks
996381 - CVE-2013-4238 python: hostname check bypassing vulnerability in SSL module
999890 - CVE-2013-2889 Kernel: HID: zeroplus: heap overflow flaw
1000429 - CVE-2013-2892 Kernel: HID: pantherlord: heap overflow flaw
1000451 - CVE-2013-2888 Kernel: HID: memory corruption flaw
1007330 - CVE-2013-4344 qemu: buffer overflow in scsi_target_emulate_report_luns
1026703 - Latest vhostmd package is not built in
6. Package List:
RHEV Hypervisor for RHEL-6:
noarch:
rhev-hypervisor6-6.5-20131115.0.3.2.el6_5.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-5107.html
https://www.redhat.com/security/data/cve/CVE-2013-2888.html
https://www.redhat.com/security/data/cve/CVE-2013-2889.html
https://www.redhat.com/security/data/cve/CVE-2013-2892.html
https://www.redhat.com/security/data/cve/CVE-2013-4238.html
https://www.redhat.com/security/data/cve/CVE-2013-4344.html
https://access.redhat.com/security/updates/classification/#important
https://rhn.redhat.com/errata/RHBA-2013-1528.html
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSjZTgXlSAg2UNWIIRAs2fAJ494SJEchFSytaJzyWDWzX67CQXpQCfTd4U
oKiWr2wIkagzmf/wWO/aDLY=
=Wach
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUo69pxLndAQH1ShLAQIyoBAAlRCZIEuDA4jqNKLlkHvVxAsrSkpmLL61
ji4oUSELvGDG35nIMe6XvzTzJPUTXjCNfNGgklkQx7X2fE2+pZaMM5rNKv4aJ+kk
uRak200wdunM1qVRvFll8N4A4GasDPuPDjPFUmtDpKx4AmqhbJdvIIUsWBORyHfA
z2P7jNh2hX6zO3DE3SaTLkAKxmnpM16VikVQvz/IXldNyOXwXaj6Shc5KguhuEYn
VwfqEQItxsRHO8lWxaIiNsVxWXDA6KgxgEbpKpAj/R/S3s+xcjPQzkYPpfjjF5ZD
bXoAo/IT2l+UUtMhX225vxDNtSIzeP8CQUW0nOZrV8ENO3/YXtMSFFTUaO7Xi03R
ix6A4kWOby2L7WQMxIBhR2CljGp6MsFX3GEbzGh55g60LTNRU7I8AZOghvyPKLKT
1OIMm3bMRk/u0+MgLySu2uhrQUmKwafgQ9DFiK7mBHGly10u7FIRvMoffL1lplR3
HjDxGisJsBnJvryuMTBSv49u22l3z8+k2Bs5OqexRM1URok1cgRSn2OHiYK2kLaS
AHQloK28phfGckQOjHXzMd2hzQu6uEjnoqpTlk4Tuy0hdbj7QGXuUK3Onjr3k5zV
XR3FHiUEOArlk4VLcU/oWd/LGmwjCJzaacqFViucpEZSG7ZmMu4OfocMSFMxmk23
6RO4qlg5MKs=
=7/R4
-----END PGP SIGNATURE-----