rhsa-2012_0531
Vulnerability from csaf_redhat
Published
2012-04-30 17:07
Modified
2024-11-22 05:16
Summary
Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update
Notes
Topic
An updated rhev-hypervisor6 package that fixes three security issues and
one bug is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A flaw was found in the way libtasn1 decoded DER data. An attacker could
create carefully-crafted DER encoded input (such as an X.509 certificate)
that, when parsed by an application that uses libtasn1 (such as
applications using GnuTLS), could cause the application to crash.
(CVE-2012-1569)
A flaw was found in the way GnuTLS decrypted malformed TLS records. This
could cause a TLS/SSL client or server to crash when processing a
specially-crafted TLS record from a remote TLS/SSL connection peer.
(CVE-2012-1573)
An integer overflow flaw was found in the implementation of the printf
functions family. This could allow an attacker to bypass FORTIFY_SOURCE
protections and execute arbitrary code using a format string flaw in an
application, even though these protections are expected to limit the
impact of such flaws to an application abort. (CVE-2012-0864)
Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting
CVE-2012-1569 and CVE-2012-1573.
This updated package provides updated components that include fixes for
various security issues. These issues have no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however. The security fixes
included in this update address the following CVE numbers:
CVE-2011-4128 (gnutls issue)
CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)
CVE-2012-0884 and CVE-2012-1165 (openssl issues)
CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)
This update also fixes the following bug:
* The Hypervisor previously set the lro_disable option for the enic driver.
The driver does not support this option, as a result the Hypervisor did
not correctly detect and configure the network interfaces of a Cisco M81KR
adaptor, when present. The Hypervisor has been updated and no longer sets
the invalid option for this driver. (BZ#809463)
Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which fixes these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated rhev-hypervisor6 package that fixes three security issues and\none bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug:\n\n* The Hypervisor previously set the lro_disable option for the enic driver.\nThe driver does not support this option, as a result the Hypervisor did\nnot correctly detect and configure the network interfaces of a Cisco M81KR\nadaptor, when present. The Hypervisor has been updated and no longer sets\nthe invalid option for this driver. (BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0531",
"url": "https://access.redhat.com/errata/RHSA-2012:0531"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "794766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"category": "external",
"summary": "804920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"category": "external",
"summary": "805432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0531.json"
}
],
"title": "Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T05:16:22+00:00",
"generator": {
"date": "2024-11-22T05:16:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2012:0531",
"initial_release_date": "2012-04-30T17:07:00+00:00",
"revision_history": [
{
"date": "2012-04-30T17:07:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-04-30T17:13:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T05:16:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEV Hypervisor for RHEL-6",
"product": {
"name": "RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch",
"product": {
"name": "rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch",
"product_id": "rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor6-tools@6.2-20120423.1.el6_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"product": {
"name": "rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"product_id": "rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor6@6.2-20120423.1.el6_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch"
},
"product_reference": "rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
},
"product_reference": "rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-0864",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2012-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "794766"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: FORTIFY_SOURCE format string protection bypass via \"nargs\" integer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-0864"
},
{
"category": "external",
"summary": "RHBZ#794766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0864",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0864"
}
],
"release_date": "2010-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-04-30T17:07:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0531"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: FORTIFY_SOURCE format string protection bypass via \"nargs\" integer overflow"
},
{
"acknowledgments": [
{
"names": [
"Matthew Hall"
],
"organization": "Mu Dynamics"
}
],
"cve": "CVE-2012-1569",
"discovery_date": "2012-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "804920"
}
],
"notes": [
{
"category": "description",
"text": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1569"
},
{
"category": "external",
"summary": "RHBZ#804920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1569",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1569"
}
],
"release_date": "2012-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-04-30T17:07:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0531"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)"
},
{
"acknowledgments": [
{
"names": [
"Matthew Hall"
],
"organization": "Mu Dynamics"
}
],
"cve": "CVE-2012-1573",
"discovery_date": "2012-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "805432"
}
],
"notes": [
{
"category": "description",
"text": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1573"
},
{
"category": "external",
"summary": "RHBZ#805432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1573"
}
],
"release_date": "2012-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-04-30T17:07:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0531"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.2-20120423.1.el6_2.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor6-tools-0:6.2-20120423.1.el6_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.