This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An updated rhev-hypervisor5 package that fixes three security issues
and one bug is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The rhev-hypervisor5 package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: A subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
A flaw was found in the way libtasn1 decoded DER data. An attacker
could create a carefully-crafted X.509 certificate that, when parsed
by an application that uses GnuTLS, could cause the application to
A flaw was found in the way GnuTLS decrypted malformed TLS records.
This could cause a TLS/SSL client or server to crash when processing a
specially crafted TLS record from a remote TLS/SSL connection peer.
An integer overflow flaw was found in the implementation of the printf
functions family. This could allow an attacker to bypass
FORTIFY_SOURCE protections and execute arbitrary code using a format
string flaw in an application, even though these protections are
expected to limit the impact of such flaws to an application abort.
Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting
CVE-2012-1569 and CVE-2012-1573.
This updated package provides updated components that include fixes
for various security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however. The
security fixes included in this update address the following CVE
CVE-2011-4128 (gnutls issue)
CVE-2012-1583 (kernel issue)
CVE-2011-3045 (libpng issue)
CVE-2012-0884 and CVE-2012-1165 (openssl issues)
Further information on the changes made to the package is available on
the relevant errata :
Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which fixes these issues.
See also :
Update the affected rhev-hypervisor5 and / or rhev-hypervisor5-tools
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 79286 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now