This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated rhev-hypervisor packages that fix one security issue are now
Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The rhev-hypervisor package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: A subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
A stack-based buffer overflow was found in the way the libresolv
library performed dual A/AAAA DNS queries. A remote attacker could
create a specially crafted DNS response which could cause libresolv to
crash or, potentially, execute code with the permissions of the user
running the library. Note: this issue is only exposed when libresolv
is called from the nss_dns NSS service module. (CVE-2015-7547)
This issue was discovered by the Google Security Team and Red Hat.
Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to these updated packages.
See also :
Update the affected rhev-hypervisor6 and / or rhev-hypervisor7
Risk factor :
Critical / CVSS Base Score : 10.0