- Vulnerability/
- RHSA-2010:0095
RHSA-2010:0095: Important: rhev-hypervisor security and bug fix update
First published: Tue Feb 09 2010(Updated: )
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization<br>(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated<br>Kernel-based Virtual Machine (KVM) hypervisor. It includes everything<br>necessary to run and manage virtual machines: A subset of the Red Hat<br>Enterprise Linux operating environment and the Red Hat Enterprise<br>Virtualization Agent.<br>Note: RHEV Hypervisor is only available for the Intel 64 and AMD64<br>architectures with virtualization extensions.<br>A flaw was found in the IPv6 Extension Header (EH) handling<br>implementation in the Linux kernel. The skb->dst data structure was not<br>properly validated in the ipv6_hop_jumbo() function. This could possibly<br>lead to a remote denial of service. (CVE-2007-4567)<br>The Parallels Virtuozzo Containers team reported two flaws in the routing<br>implementation. If an attacker was able to cause a large enough number of<br>collisions in the routing hash table (via specially-crafted packets) for<br>the emergency route flush to trigger, a deadlock could occur. Secondly, if<br>the kernel routing cache was disabled, an uninitialized pointer would be<br>left behind after a route lookup, leading to a kernel panic.<br>(CVE-2009-4272)<br>A flaw was found in each of the following Intel PRO/1000 Linux drivers in<br>the Linux kernel: e1000 and e1000e. A remote attacker using packets larger<br>than the MTU could bypass the existing fragment check, resulting in<br>partial, invalid frames being passed to the network stack. These flaws<br>could also possibly be used to trigger a remote denial of service.<br>(CVE-2009-4536, CVE-2009-4538)<br>A flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel.<br>Receiving overly-long frames with a certain revision of the network cards<br>supported by this driver could possibly result in a remote denial of<br>service. (CVE-2009-4537)<br>The x86 emulator implementation was missing a check for the Current<br>Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest<br>could leverage these flaws to cause a denial of service (guest crash) or<br>possibly escalate their privileges within that guest. (CVE-2010-0298,<br>CVE-2010-0306)<br>A flaw was found in the Programmable Interval Timer (PIT) emulation. Access<br>to the internal data structure pit_state, which represents the data state<br>of the emulated PIT, was not properly validated in the pit_ioport_read()<br>function. A privileged guest user could use this flaw to crash the host.<br>(CVE-2010-0309)<br>This updated package provides updated components that include fixes for<br>security issues; however, these issues have no security impact for RHEV<br>Hypervisor. These fixes are for kernel issues CVE-2006-6304, CVE-2009-2910,<br>CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,<br>CVE-2009-4021, CVE-2009-4138, and CVE-2009-4141; ntp issue CVE-2009-3563;<br>dbus issue CVE-2009-1189; dnsmasq issues CVE-2009-2957 and CVE-2009-2958;<br>gnutls issue CVE-2009-2730; krb5 issue CVE-2009-4212; bind issue <br>CVE-2010-0097; gzip issue CVE-2010-0001; openssl issues CVE-2009-2409 and <br>CVE-2009-4355; and gcc issue CVE-2009-3736.<br>This update also fixes the following bugs:<br><li> on systems with a large number of disk devices, USB storage devices may</li> get enumerated after "/dev/sdz", for example, "/dev/sdcd". This was not<br>handled by the udev rules, resulting in a missing "/dev/live" symbolic<br>link, causing installations from USB media to fail. With this update, udev<br>rules correctly handle USB storage devices on systems with a large number<br>of disk devices, which resolves this issue. (BZ#555083)<br>As RHEV Hypervisor is based on KVM, the bug fixes from the KVM update<br>RHSA-2010:0088 have been included in this update:<br><a href="https://rhn.redhat.com/errata/RHSA-2010-0088.html" target="_blank">https://rhn.redhat.com/errata/RHSA-2010-0088.html</a> Users of the Red Hat Enterprise Virtualization Hypervisor are advised to<br>upgrade to this updated package, which corrects these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=545411
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=548641
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=550907
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=551214
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=552126
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=559091
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=560654
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=560887
- http://www.redhat.com/security/updates/classification/#important
- https://rhn.redhat.com/errata/RHSA-2010-0088.html
- https://access.redhat.com/errata/RHSA-2010:0095 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0095
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type