RHEA-2015:2527
Vulnerability from csaf_redhat
Published
2015-12-01 19:35
Modified
2024-11-14 15:27
Summary
Red Hat Enhancement Advisory: rhev-hypervisor bug fix, and enhancement update
Notes
Topic
Updated rhev-hypervisor packages that fix several
bugs and add various enhancements are now available.
Details
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhev-hypervisor packages that fix several\nbugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization \nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor \nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes \neverything necessary to run and manage virtual machines: A subset of the \nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise \nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for \nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2015:2527",
"url": "https://access.redhat.com/errata/RHEA-2015:2527"
},
{
"category": "external",
"summary": "1273144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273144"
},
{
"category": "external",
"summary": "1282346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282346"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhea-2015_2527.json"
}
],
"title": "Red Hat Enhancement Advisory: rhev-hypervisor bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T15:27:04+00:00",
"generator": {
"date": "2024-11-14T15:27:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHEA-2015:2527",
"initial_release_date": "2015-12-01T19:35:18+00:00",
"revision_history": [
{
"date": "2015-12-01T19:35:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-12-01T19:35:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T15:27:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEV Hypervisor for RHEL-6",
"product": {
"name": "RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
}
}
},
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H",
"product": {
"name": "RHEL 7-based RHEV-H",
"product_id": "7Server-RHEV-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch",
"product": {
"name": "rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch",
"product_id": "rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor6@6.7-20151123.0.el6ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch",
"product": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch",
"product_id": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20151129.1.el6ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch",
"product": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch",
"product_id": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20151129.1.el7ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.src",
"product": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.src",
"product_id": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20151129.1.el6ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.src",
"product": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.src",
"product_id": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20151129.1.el7ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch"
},
"product_reference": "rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch"
},
"product_reference": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.src as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.src"
},
"product_reference": "rhev-hypervisor7-0:7.2-20151129.1.el6ev.src",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch as a component of RHEL 7-based RHEV-H",
"product_id": "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch"
},
"product_reference": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.src as a component of RHEL 7-based RHEV-H",
"product_id": "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.src"
},
"product_reference": "rhev-hypervisor7-0:7.2-20151129.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-Hypervisor-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michal Skrivanek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5201",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-08-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1253882"
}
],
"notes": [
{
"category": "description",
"text": "VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RHEV: vdsm spice disable-ticketing and VM suspend and restore allows auth bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was fixed in RHSA-2015-2527 (https://rhn.redhat.com/errata/RHEA-2015-2527.html) in the rhev-hypervisor package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.src",
"7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch",
"7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5201"
},
{
"category": "external",
"summary": "RHBZ#1253882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5201",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5201"
}
],
"release_date": "2015-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-12-01T19:35:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.src",
"7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch",
"7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:2527"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20151123.0.el6ev.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.noarch",
"6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20151129.1.el6ev.src",
"7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.noarch",
"7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20151129.1.el7ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "RHEV: vdsm spice disable-ticketing and VM suspend and restore allows auth bypass"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.