Red Hat Product Errata RHSA-2016:0277 - Security Advisory

Issued:: 2016-02-19
Updated:: 2016-02-19

RHSA-2016:0277 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: rhev-hypervisor security update

Type/Severity

Security Advisory: Critical

Topic

Updated rhev-hypervisor packages that fix one security issue are now
available.

Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.

A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from the
nss_dns NSS service module. (CVE-2015-7547)

This issue was discovered by the Google Security Team and Red Hat.

Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Virtualization 7 x86_64
Red Hat Virtualization 6 x86_64

Fixes

BZ - 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

CVEs

CVE-2015-7547

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 6

SRPM
rhev-hypervisor6-6.7-20160104.2.el6ev.src.rpm	SHA-256: 0845dd21bcf38679cef7a5afec406c434e44fac4fccb25fbf80323e6f1aa7bae
rhev-hypervisor7-7.2-20160105.2.el6ev.src.rpm	SHA-256: 3c4b7a4cb7349e573b136f419f665c781b67d91243c44d90ab06f8da26d81fca
x86_64
rhev-hypervisor6-6.7-20160104.2.el6ev.noarch.rpm	SHA-256: 10cec585df427fbfa4a386bb0d9d372aac123efd10d52c8e49d088f1f91caaa6
rhev-hypervisor7-7.2-20160105.2.el6ev.noarch.rpm	SHA-256: b66e707093f54d279b71b99896a9cba0855337af04104a9245242672a36851b9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories