Security Advisory Important: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.11

Advisory: RHSA-2017:1209-1
Type: Security Advisory
Severity: Important
Issued on: 2017-05-09
Last updated on: 2017-05-09
Affected Products: Red Hat Enterprise Virtualization 3
CVEs (cve.mitre.org): CVE-2017-6074

Details

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and
Agents for RHEL-6 and RHEV 3.X Hypervisor and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Security Fix(es):

* A use-after-free flaw was found in the way the Linux kernel's Datagram
Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
on the socket. A local, unprivileged user could use this flaw to alter the
kernel memory, allowing them to escalate their privileges on the system.
(CVE-2017-6074)

Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Virtualization 3

SRPMS:
rhev-hypervisor7-7.3-20170425.0.el6ev.src.rpm
File outdated by:  RHBA-2017:1568
    MD5: 28a4baab590f45662572befa3ebb537a
SHA-256: bba110dcb5a179cd39ba91b7874617ecf62bfbedf9dd5a2492138dd6fefc2001
 
x86_64:
rhev-hypervisor7-7.3-20170425.0.el6ev.noarch.rpm
File outdated by:  RHBA-2017:1568
    MD5: 593f65e5b35d74511615541ce44be870
SHA-256: c03153d5d24b8667677351e12e534d7e261f136063eead211b37cc90a8ad71b9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1423071 - CVE-2017-6074 kernel: use after free in dccp protocol
1434999 - Tracker bug for 3.6.11


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/