====================================================================                   Red Hat Security Advisory

Synopsis:          Important: virtio-win security and bug fix update
Advisory ID:       RHSA-2015:1043-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2015:1043.html
Issue date:        2015-06-03
CVE Names:         CVE-2015-3215 
====================================================================
1. Summary:

An updated virtio-win package that fixes one security issue and two bugs is
now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - noarch
Red Hat Enterprise Linux Server Supplementary (v. 6) - noarch
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - noarch

3. Description:

The virtio-win package provides paravirtualized network drivers for most
Microsoft Windows operating systems. Paravirtualized drivers are
virtualization-aware drivers used by fully virtualized guests running on
Red Hat Enterprise Linux. Fully virtualized guests using the
paravirtualized drivers gain significantly better I/O performance than
fully virtualized guests running without the drivers.

It was found that the Windows Virtio NIC driver did not sufficiently
sanitize the length of the incoming IP packets, as demonstrated by a packet
with IP options present but the overall packet length not being adjusted to
reflect the length of those options. A remote attacker able to send a
specially crafted IP packet to the guest could use this flaw to crash that
guest. (CVE-2015-3215)

Red Hat would like to thank Google Project Zero for reporting this issue.

This update also fixes the following bugs:

* When creating a Windows guest using virtio drivers and direct Logical
Unit Number (LUN) access with more than 4 SCSI disks under one
virtio-scsi-pci controller, the guest terminated unexpectedly with a stop
error, also known as the blue screen of death. This update increases the
maximum amount of LUNs per a single virtio-scsi-pci controller has been
increased to 254, which prevents the described crash from occurring.
(BZ#1210196)

* The license.txt file in the virtio-win build has been updated to include
the correct year number in the copyright information section. (BZ#1210195)

All virtio-win users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1227634 - CVE-2015-3215 virtio-win: netkvm: malformed packet can cause BSOD

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

noarch:
virtio-win-1.7.4-1.el6_6.noarch.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

noarch:
virtio-win-1.7.4-1.el6_6.noarch.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

noarch:
virtio-win-1.7.4-1.el6_6.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3215
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.