RHEL 6 : rhev-hypervisor6 (RHSA-2013:0746)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated rhev-hypervisor6 package that fixes several security issues
and various bugs is now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The rhev-hypervisor6 package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: A subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
extensions.

A flaw was found in the way KVM handled guest time updates when the
buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME
machine state register (MSR) crossed a page boundary. A privileged
guest user could use this flaw to crash the host or, potentially,
escalate their privileges, allowing them to execute arbitrary code at
the host kernel level. (CVE-2013-1796)

A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest
registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) fell into a movable or removable memory region of the
hosting user-space process (by default, QEMU-KVM) on the host. If that
memory region is deregistered from KVM using
KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a
privileged guest user could potentially use this flaw to escalate
their privileges on the host. (CVE-2013-1797)

A flaw was found in the way KVM emulated IOAPIC (I/O Advanced
Programmable Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)

An integer overflow flaw was discovered in one of pixman's
manipulation routines. If a remote attacker could trick an application
using pixman into performing a certain manipulation, it could cause
the application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2013-1591)

Red Hat would like to thank Andrew Honig of Google for reporting
CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798.

This updated package provides updated components that include fixes
for various security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however. The
security fixes included in this update address the following CVE
numbers :

CVE-2013-2266 (a bind issue)

CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667 (perl
issues)

This update contains the fixes from the following errata :

ovirt-node: RHBA-2013:0745 libvirt: RHBA-2013:0725 vdsm:
RHBA-2013:0704 kernel: RHSA-2013:0744

Users of the Red Hat Enterprise Virtualization Hypervisor are advised
to upgrade to this updated package, which corrects these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-1591.html
https://www.redhat.com/security/data/cve/CVE-2013-1796.html
https://www.redhat.com/security/data/cve/CVE-2013-1797.html
https://www.redhat.com/security/data/cve/CVE-2013-1798.html
http://www.nessus.org/u?64c6b598
https://rhn.redhat.com/errata/RHBA-2013-0745.html
https://rhn.redhat.com/errata/RHBA-2013-0725.html
https://rhn.redhat.com/errata/RHBA-2013-0704.html
https://rhn.redhat.com/errata/RHSA-2013-0744.html
http://rhn.redhat.com/errata/RHSA-2013-0746.html
http://www.nessus.org/u?c6b506c4

Solution :

Update the affected rhev-hypervisor6 package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 78955 ()

Bugtraq ID: 58193
58604
58605
58607

CVE ID: CVE-2013-1591
CVE-2013-1796
CVE-2013-1797
CVE-2013-1798

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now