Skip to navigation

Security Advisory Important: rhev-hypervisor security, bug fix, and enhancement update

Advisory: RHSA-2010:0476-1
Type: Security Advisory
Severity: Important
Issued on: 2010-06-22
Last updated on: 2010-06-22
Affected Products: Red Hat Enterprise Virtualization
CVEs (cve.mitre.org): CVE-2010-0430
CVE-2010-0741
CVE-2010-2223

Details

An updated rhev-hypervisor package that fixes two security issues, multiple
bugs, and adds enhancements is now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.

A flaw was found in the way QEMU-KVM handled erroneous data provided by the
Linux virtio-net driver, used by guest operating systems. Due to a
deficiency in the TSO (TCP segment offloading) implementation, a guest's
virtio-net driver would transmit improper data to a certain QEMU-KVM
process on the host, causing the guest to crash. A remote attacker could
use this flaw to send specially-crafted data to a target guest system,
causing that guest to crash. (CVE-2010-0741)

A flaw was found in the way the Virtual Desktop Server Manager (VDSM)
handled the removal of a virtual machine's (VM) data back end (such as an
image or a volume). When removing an image or a volume, it was not securely
deleted from its corresponding data domain as expected. A guest user in a
new, raw VM, created in a data domain that has had VMs deleted from it,
could use this flaw to read limited data from those deleted VMs,
potentially disclosing sensitive information. (CVE-2010-2223)

This updated package provides updated components that include fixes for
security issues; however, these issues have no security impact for Red Hat
Enterprise Virtualization Hypervisor. These fixes are for dbus issue
CVE-2009-1189; kernel issues CVE-2010-0307, CVE-2010-0410, CVE-2010-0730,
CVE-2010-1085, and CVE-2010-1086; openldap issue CVE-2009-3767; and sudo
issues CVE-2010-0426, CVE-2010-0427, and CVE-2010-1163.

This update also fixes several bugs and adds several enhancements.
Documentation for these bug fixes and enhancements is available from
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2/html/Servers-5.5-2.2_Hypervisor_Security_Update

As Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug
fixes and enhancements from the KVM updates RHSA-2010:0271 and
RHBA-2010:0419 have been included in this update. Also included are the bug
fixes and enhancements from the Virtual Desktop Server Manager (VDSM)
update RHSA-2010:0473, and fence-agents update RHBA-2010:0477.

KVM: https://rhn.redhat.com/errata/RHSA-2010-0271.html and
https://rhn.redhat.com/errata/RHBA-2010-0419.html
VDSM: https://rhn.redhat.com/errata/RHSA-2010-0473.html
fence-agents: https://rhn.redhat.com/errata/RHBA-2010-0477.html

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which corrects these issues and adds these
enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Virtualization

x86_64:
rhev-hypervisor-5.5-2.2.4.2.el5rhev.noarch.rpm
File outdated by:  RHBA-2012:0015
    MD5: 615a6f186e6068359bfa9853aa1f405d
SHA-256: f8fef1b5e4ca89a7c91617f6d6cea201883d1a56503151443eb834716d5c12dd
rhev-hypervisor-pxe-5.5-2.2.4.2.el5rhev.noarch.rpm
File outdated by:  RHBA-2011:0365
    MD5: 16596f9b054d0fe501773d862d2a9272
SHA-256: da1cc212044aff25c8315e0811a49ff5e82d65bc80c783086996d008f9cbd234
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

577218 - CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver
604752 - CVE-2010-2223 vdsm: missing VM post-zeroing after removal


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/