An updated rhev-hypervisor6 package that fixes several security issues isnow available.Red Hat Product Security has rated this update as having Critical securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.
The rhev-hypervisor6 package provides a Red Hat Enterprise VirtualizationHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisoris a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includeseverything necessary to run and manage virtual machines: a subset of theRed Hat Enterprise Linux operating environment and the Red Hat EnterpriseVirtualization Agent.Note: Red Hat Enterprise Virtualization Hypervisor is only available forthe Intel 64 and AMD64 architectures with virtualization extensions.A flaw was found in the way Bash evaluated certain specially craftedenvironment variables. An attacker could use this flaw to override orbypass environment restrictions to execute shell commands. Certain servicesand applications allow remote unauthenticated attackers to provideenvironment variables, allowing them to exploit this issue. (CVE-2014-6271)It was found that the fix for CVE-2014-6271 was incomplete, and Bash stillallowed certain characters to be injected into other environments viaspecially crafted environment variables. An attacker could potentially usethis flaw to override or bypass environment restrictions to execute shellcommands. Certain services and applications allow remote unauthenticatedattackers to provide environment variables, allowing them to exploit thisissue. (CVE-2014-7169)A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)input from certain RSA signatures. A remote attacker could use this flaw toforge RSA certificates by providing a specially crafted signature to anapplication using NSS. (CVE-2014-1568)It was discovered that the fixed-sized redir_stack could be forced tooverflow in the Bash parser, resulting in memory corruption, and possiblyleading to arbitrary code execution when evaluating untrusted input thatwould not otherwise be run as code. (CVE-2014-7186)An off-by-one error was discovered in the way Bash was handling deeplynested flow control constructs. Depending on the layout of the .bsssegment, this could allow arbitrary execution of code that would nototherwise be executed by Bash. (CVE-2014-7187)Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271,and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledgesAntoine Delignat-Lavaud and Intel Product Security Incident Response Teamas the original reporters of CVE-2014-1568. The CVE-2014-7186 andCVE-2014-7187 issues were discovered by Florian Weimer of Red Hat ProductSecurity.Users of the Red Hat Enterprise Virtualization Hypervisor are advised toupgrade to this updated package.
1141597 – CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands1145429 – CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)1146319 – CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)1146791 – CVE-2014-7186 bash: parser can allow out-of-bounds memory access while handling redir_stack1146804 – CVE-2014-7187 bash: off-by-one error in deeply nested flow control constructs
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from: