-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: rhev-hypervisor7 security update
Advisory ID:       RHSA-2018:2404-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2404
Issue date:        2018-08-15
CVE Names:         CVE-2018-3620 CVE-2018-3646 
====================================================================
1. Summary:

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and
Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents
Extended Lifecycle Support for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 7-based RHEV-H ELS - noarch
RHEV Hypervisor for RHEL-6 ELS - noarch

3. Description:

The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Security Fix(es):

* Modern operating systems implement virtualization of physical memory to
efficiently use available system resources and provide inter-domain
protection through access control and isolation. The L1TF issue was found
in the way the x86 microprocessor designs have implemented speculative
execution of instructions (a commonly used performance optimisation) in
combination with handling of page-faults caused by terminated virtual to
physical address resolving process. As a result, an unprivileged attacker
could use this flaw to read privileged memory of the kernel or other
processes and/or cross guest/host boundaries to read host memory by
conducting targeted cache side-channel attacks. (CVE-2018-3620,
CVE-2018-3646)

Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting these
issues.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1585005 - CVE-2018-3646 CVE-2018-3620 Kernel: hw: cpu: L1 terminal fault (L1TF)
1614065 - [Tracker] Tracking bug for RHEV-H 3.6.13 respin

6. Package List:

RHEV Hypervisor for RHEL-6 ELS:

Source:
rhev-hypervisor7-7.3-20180813.0.el6ev.src.rpm

noarch:
rhev-hypervisor7-7.3-20180813.0.el6ev.noarch.rpm

RHEL 7-based RHEV-H ELS:

Source:
rhev-hypervisor7-7.3-20180813.0.el7ev.src.rpm

noarch:
rhev-hypervisor7-7.3-20180813.0.el7ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3620
https://access.redhat.com/security/cve/CVE-2018-3646
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/L1TF

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW3RGDtzjgjWX9erEAQhb4A//ZwpUUnLxZZXrBCi9u0NAJQrIIS6gQmn2
Jmgd7S/tSAlS3d0sslY5yx9eJjWp3t7LWbKwQXpP9+brvClMCP0abCj49vyGxE3o
rMiAk/Cyy7kBTTSMMRQFePa9tl5lJW6l7Qk5z2qcspxTAk/ysiC14heG8AcdXAv1
xVdsRiuXhfF00oIRPvMsTFi3P/03PiZnOHPo6cXw9FaIBu9sspu++07RQRj8Id6B
7C0v6yE6lpEvyDy2jgrzoPYDpMnRRwt/zxXSnMKGBjRhRSU+svVzRqM3fR2wTQBa
1QEFC9G0HZ1nEKcGnDRzKKwpU0OfilxdT4aUAzDxY5TsNV80qJIRQO8kQgSpJcPW
+SFH2Nks9fu6Mdaa2dwxJBE/QRasKbSQXoo58v40TVou9lBXA1tQRmV7rtg4/TpW
GyNQ0UXf0p6ViBD54BoSnwelh5XcPJJGRPv9UB5K44I6++N0CQnpeqcXIVXZMoLU
WlgBOjgAAH2Thb8W1B2447JdNgE7e6hY6JDcRQ13mILc643M/zWURcn2/4cyB+xH
NL7TbbYLN6ZGZDTK8AF3TqItLFc/lQIbg0IGeo7IvXkNkjEwk5if2owz5JBNLU6f
0uzhsJS4MbF55p/b2O5TYTHFBhAfBOizjVANEjrzkDC77x1aE9iC+Ce781vo/nUw
Cxlql9oitcg=tuP7
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-2404:01 Important: rhev-hypervisor7 security update

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for ...

Summary

The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Security Fix(es):
* Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646)
Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting these issues.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891

References

https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF

Package List

RHEV Hypervisor for RHEL-6 ELS:
Source: rhev-hypervisor7-7.3-20180813.0.el6ev.src.rpm
noarch: rhev-hypervisor7-7.3-20180813.0.el6ev.noarch.rpm
RHEL 7-based RHEV-H ELS:
Source: rhev-hypervisor7-7.3-20180813.0.el7ev.src.rpm
noarch: rhev-hypervisor7-7.3-20180813.0.el7ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2018:2404-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2404
Issued Date: : 2018-08-15
CVE Names: CVE-2018-3620 CVE-2018-3646

Topic

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor andAgents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and AgentsExtended Lifecycle Support for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

RHEL 7-based RHEV-H ELS - noarch

RHEV Hypervisor for RHEL-6 ELS - noarch


Bugs Fixed

1585005 - CVE-2018-3646 CVE-2018-3620 Kernel: hw: cpu: L1 terminal fault (L1TF)

1614065 - [Tracker] Tracking bug for RHEV-H 3.6.13 respin


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved