Operating System:

[Virtual][RedHat]

Published:

22 April 2014

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2014.0540 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0540
               Important: rhevm-spice-client security update
                               22 April 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           rhevm-spice-client
Publisher:         Red Hat
Operating System:  Red Hat
                   Virtualisation
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-0160 CVE-2013-4353 CVE-2013-0169
                   CVE-2012-4929  

Reference:         ASB-2014.0042
                   ESB-2014.0457

Original Bulletin: 
   https://rhn.redhat.com/errata/RHSA-2014-0416.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rhevm-spice-client security update
Advisory ID:       RHSA-2014:0416-01
Product:           Red Hat Enterprise Virtualization
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0416.html
Issue date:        2014-04-17
CVE Names:         CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 
                   CVE-2014-0160 
=====================================================================

1. Summary:

Updated rhevm-spice-client packages that fix multiple security issues are
now available for Red Hat Enterprise Virtualization Manager 3.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEV-M 3.3 - noarch

3. Description:

Red Hat Enterprise Virtualization Manager provides access to virtual
machines using SPICE. These SPICE client packages provide the SPICE client
and usbclerk service for both Windows 32-bit operating systems and Windows
64-bit operating systems.

The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE
client. OpenSSL, a general purpose cryptography library with a TLS
implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer
package has been updated to correct the following issues:

An information disclosure flaw was found in the way OpenSSL handled TLS and
DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server
could send a specially crafted TLS or DTLS Heartbeat packet to disclose a
limited portion of memory per request from a connected client or server.
Note that the disclosed portions of memory could potentially include
sensitive information such as private keys. (CVE-2014-0160)

It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)

A NULL pointer dereference flaw was found in the way OpenSSL handled
TLS/SSL protocol handshake packets. A specially crafted handshake packet
could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)

It was discovered that the TLS/SSL protocol could leak information about
plain text when optional compression was used. An attacker able to control
part of the plain text sent over an encrypted TLS/SSL connection could
possibly use this flaw to recover other portions of the plain text.
(CVE-2012-4929)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the
original reporter.

The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL
security fixes that have no security impact on mingw-virt-viewer itself.
The security fixes included in this update address the following CVE
numbers:

CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166

All Red Hat Enterprise Virtualization Manager users are advised to upgrade
to these updated packages, which address these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets
1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets

6. Package List:

RHEV-M 3.3:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm

noarch:
rhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm
rhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm
rhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm
rhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-4929.html
https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-4353.html
https://www.redhat.com/security/data/cve/CVE-2014-0160.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFTT8qkXlSAg2UNWIIRAl9MAKCZoCRG5sXeWHWzpMGC7Hf49QGAFgCeIGEX
lhz1ReDnz2v0u5/tBISb1Nc=
=0FK6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU1XklxLndAQH1ShLAQJ56Q/+IERxwy0JvfV/XWlLDslZVGikQVDDm5V5
Mr8k9Ql7zuxgS6b7LrpIviZ4YK54uESmx0jLR/ymgsi2QeSTaiz6IPr8s1JkjM5d
QZBxoQoNB7cYy/TPfE0IZqiyed7vmlierynCGgKtFUQGLR1tUzgz+/qxKqyLMnvL
4zcMJSiQsp37NMUOqTjSXSXviN0gZ/fNvJfhSTzokEczbSjYyMLbkJzg7BGGjoXZ
JZ72SX6Cr2aEcDLvw9/Ad3lm6vKuJrP51SkIEV5e1IUhQOJqj0je81pQkkZgX0ka
CLGTCI++NNKydaPVeeWJXajOjXhejRHHTeSCY3f2qyKMRsJpElPkaCw67gFwA3e4
bNM+l82ATJs9AvyXT5sIbKOO/evfZkbaBxLa1miM7ul52pYHXN+oMkO3eAD7TFWD
jntwH/wx1q7wEvyT2j83hs4+/Z6s6a8AVKktbG2C14L8JFGfJ+epeGtTrdiRTQ4i
tkLpuas19e0EsnN07MZP8E7p/MgoJyINVchgi0BNZZNHlqKGyKAE6EoM51R3mw37
HC7yvUniKdMspGcoGESl7FF+isUJGIjvpv3uPNTT0G84qvUTtBA5PDZ+M/lB3UWM
IbfhLc22a5NIF68s50InNVbvQ9stDXYilOpaRDjjcaCmH/RqW6MkNs3r2eB8vN1q
FaonI/5KHxM=
=ELSe
-----END PGP SIGNATURE-----