RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)

low Nessus Plugin ID 78959

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated vdsm packages that fix one security issue and various bugs are now available.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.

A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167)

The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.

This update also fixes various bugs. Refer to the Technical Notes for information about these changes :

https://access.redhat.com/site/documentation/en-US/ Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/ chap-RHSA-2013-0886.html

All users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.

Solution

Update the affected packages.

See Also

https://access.redhat.com/documentation/en-US/

https://access.redhat.com/errata/RHSA-2013:0886

https://access.redhat.com/security/cve/cve-2013-0167

Plugin Details

Severity: Low

ID: 78959

File Name: redhat-RHSA-2013-0886.nasl

Version: 1.12

Type: local

Agent: unix

Published: 11/8/2014

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Low

Base Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:vdsm, p-cpe:/a:redhat:enterprise_linux:vdsm-cli, p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo, p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd, p-cpe:/a:redhat:enterprise_linux:vdsm-python, p-cpe:/a:redhat:enterprise_linux:vdsm-reg, p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 6/10/2013

Vulnerability Publication Date: 8/19/2013

Reference Information

CVE: CVE-2013-0167

RHSA: 2013:0886