Updated rhev-hypervisor packages that fix one security issue are nowavailable.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

The rhev-hypervisor packages provide a Red Hat Enterprise VirtualizationHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisoris a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includeseverything necessary to run and manage virtual machines: a subset of theRed Hat Enterprise Linux operating environment and the Red Hat EnterpriseVirtualization Agent.Note: Red Hat Enterprise Virtualization Hypervisor is only available forthe Intel 64 and AMD64 architectures with virtualization extensions.An out-of-bounds memory access flaw was found in the way QEMU’s virtualFloppy Disk Controller (FDC) handled FIFO buffer access while processingcertain FDC commands. A privileged guest user could use this flaw to crashthe guest or, potentially, execute arbitrary code on the host with theprivileges of the host’s QEMU process corresponding to the guest.(CVE-2015-3456)Red Hat would like to thank Jason Geffner of CrowdStrike for reportingthis issue.Users of the Red Hat Enterprise Virtualization Hypervisor are advised toupgrade to this updated package.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258
1218611 – CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply