- Issued:
- 2017-04-27
- Updated:
- 2017-04-27
RHEA-2017:1188 - Product Enhancement Advisory
Synopsis
rhev-hypervisor bug fix and enhancement update for RHEV 3.6.10
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated rhev-hypervisor package is now available.
Description
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Security Fix(es):
- An out-of-bounds write flaw was found in the way NSS performed certain
Base64-decoding operations. An attacker could use this flaw to create a
specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Virtualization 7 x86_64
- Red Hat Virtualization 6 x86_64
Fixes
- BZ - 1445035 - rebase rhev-h 3.6.10
CVEs
(none)
References
(none)
Red Hat Virtualization 7
SRPM | |
---|---|
rhev-hypervisor7-7.3-20170424.0.el7ev.src.rpm | SHA-256: 431bf67e6581b69afd6c9c8bc19f5f105272131b25c6137d3d38a7a0898b15a8 |
x86_64 | |
rhev-hypervisor7-7.3-20170424.0.el7ev.noarch.rpm | SHA-256: 68f74db25bddf073c15c0d5a9f64eab8e3131459f741c20de68a3df6d5e2b646 |
Red Hat Virtualization 6
SRPM | |
---|---|
rhev-hypervisor7-7.3-20170424.0.el6ev.src.rpm | SHA-256: 907150b83dc0d1b4e7c3abf537d4f71c682b4ff96d21387ba8c1f9c95d9ada57 |
x86_64 | |
rhev-hypervisor7-7.3-20170424.0.el6ev.noarch.rpm | SHA-256: 3a92034a2068d9f340a6237caaf38be07ce9e03a09af909990a2876cf5f18b25 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.