Detections
Analytics

RHEL 7 : Red Hat Virtualization (RHSA-2018:2079)

medium Nessus Plugin ID 110885

Language:

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2079 advisory.

 The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

 The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release- virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

 The following packages have been upgraded to a later upstream version: imgbased (1.0.20), redhat-release- virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1590664)

 Security Fix(es):

 * ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)

 For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

 Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting this issue.

 Bug Fix(es):

 * Previously, if systems were configured to skip Logical Volume Manager (LVM) clusters, imgbased sees output that is unrelated to the Logical Volumes that are being queried.

 As a result, imgbased failed to parse the output, causing Red Hat Virtualization Host updates to fail.

 In this release imgbased now ignores output from skipped clusters enabling imgbased LVM commands to return successfully. (BZ#1568414)

 Enhancement(s):

 * Starting from version 4.0, Red Hat Virtualization Hosts could not be deployed from Satellite, and therefore could not take advantage of Satellite's tooling features.

 In this release, Red Hat Virtualization Hosts can now be deployed from Satellite 6.3.2 and later.
 (BZ#1484532)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?3026da61

https://access.redhat.com/errata/RHSA-2018:2079

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1484532

https://bugzilla.redhat.com/show_bug.cgi?id=1534197

https://bugzilla.redhat.com/show_bug.cgi?id=1568414

https://bugzilla.redhat.com/show_bug.cgi?id=1588855

Plugin Details

Severity: Medium

ID: 110885

File Name: redhat-RHSA-2018-2079.nasl

Version: 1.9

Type: local

Agent: unix

Published: 7/3/2018

Updated: 11/5/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-10855

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:imgbased, p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host, p-cpe:/a:redhat:enterprise_linux:python-imgbased, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update, p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host, p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 6/27/2018

Vulnerability Publication Date: 7/3/2018

Reference Information

CVE: CVE-2018-10855

CWE: 532

RHSA: 2018:2079