An updated rhev-hypervisor package that fixes several security issues,bugs, and enhancements is now available.Red Hat Product Security has rated this update as having Importantsecurity impact.
A Common Vulnerability Scoring System (CVSS) basescore, which gives a detailed severity rating, is available from theCVE link in the References section.
The rhev-hypervisor package provides a Red Hat EnterpriseVirtualization Hypervisor ISO disk image.
The Red Hat EnterpriseVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine(KVM) hypervisor.
It includes everything necessary to run and managevirtual machines: a subset of the Red Hat Enterprise Linux operatingenvironment and the Red Hat Enterprise Virtualization Agent.Note: Red Hat Enterprise Virtualization Hypervisor is only availablefor the Intel 64 and AMD64 architectures with virtualizationextensions.A padding oracle flaw was found in the Secure Sockets Layer version2.0 (SSLv2) protocol.
An attacker could potentially use this flaw todecrypt RSA-encrypted cipher text from a connection using a newerSSL/TLS protocol version, allowing them to decrypt such connections.This cross-protocol attack is publicly referred to as DROWN.(CVE-2016-0800)Note: This issue was addressed by disabling the SSLv2 protocol bydefault when using the ‘SSLv23’ connection methods, and removingsupport for weak SSLv2 cipher suites.
For more information, refer tothe knowledge base article linked in the References section.A flaw was found in the way malicious SSLv2 clients could negotiateSSLv2 ciphers that have been disabled on the server.
This couldresult in weak SSLv2 ciphers being used for SSLv2 connections,making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)A side-channel attack was found that makes use of cache-bankconflicts on the Intel Sandy-Bridge microarchitecture.
An attackerwho has the ability to control code in a thread running on the samehyper-threaded core as the victim’s thread that is performingdecryption, could use this flaw to recover RSA private keys.(CVE-2016-0702)A double-free flaw was found in the way OpenSSL parsed certainmalformed DSA (Digital Signature Algorithm) private keys.
Anattacker could create specially crafted DSA private keys that, whenprocessed by an application compiled against OpenSSL, could causethe application to crash. (CVE-2016-0705)An integer overflow flaw, leading to a NULL pointer dereference or aheap-based memory corruption, was found in the way some BIGNUMfunctions of OpenSSL were implemented.
Applications that use thesefunctions with large untrusted input could crash or, potentially,execute arbitrary code. (CVE-2016-0797)Red Hat would like to thank the OpenSSL project for reporting theseissues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzelas the original reporters of CVE-2016-0800 and CVE-2015-3197; YuvalYarom (University of Adelaide and NICTA), Daniel Genkin (Technionand Tel Aviv University), Nadia Heninger (University of Pennsylvania)as the original reporters of CVE-2016-0702; Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705; and GuidoVranken as the original reporter of CVE-2016-0797.All openssl users are advised to upgrade to this updated package,which contain backported patches to correct these issues.
For theupdate to take effect, all services linked to the OpenSSL librarymust be restarted, or the system rebooted.Changes to the rhev-hypervisor component:* Previously, a race between services during boot prevented networkconfiguration from upgrading correctly.
The risk for the race hasnow been reduced significantly to allow the upgrade of the networkconfiguration to complete correctly. (BZ#1194068)* Previously, using the text user interface (TUI) to log in to theadministrator account of Red Hat Enterprise VirtualizationHypervisor failed with a Python backtrace.
This update makes the”six” module correctly importable under all circumstances, whichensures that logging in to Red Hat Enterprise VirtualizationHypervisor using TUI proceeds as expected. (BZ#1246836)
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258
1194068 – vdsm-3.5 network conf upgrade fails, due to `service network restart` by node1236508 – [Tracker] Build RHEV-H for RHEV 3.6.01283498 – messages log flooded with ‘Failed to reset devices.list on /machine.slice: Invalid argument’1301846 – CVE-2015-3197 OpenSSL: SSLv2 doesn’t block disabled ciphers1302248 – RHEV-H 7.2 RC1: Remove “Beta” keyword from plymouth1310593 – CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)1310596 – CVE-2016-0705 OpenSSL: Double-free in DSA code1310599 – CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation1311880 – CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: