Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems.

The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues :

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
(CVE-2014-0160)

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)

A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash.
(CVE-2013-4353)

It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter.

The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers :

CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166

All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.

The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in the Oracle Java       implementation. Please review the CVE identifiers referenced below for       details.
  Impact :

    An unauthenticated, remote attacker could exploit these vulnerabilities       to execute arbitrary code.
      Furthermore, a local or remote attacker could exploit these       vulnerabilities to cause unspecified impact, possibly including remote       execution of arbitrary code.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the IcedTea JDK. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, bypass intended security policies, or have other       unspecified impact.
  Workaround :

    There is no known workaround at this time.

This version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40. It is therefore, potentially affected by security issues in the following components :

 - Deployment

  - JMX

  - JSSE

  - Libraries

Versions of OpenSSL prior to 0.9.8y are reportedly affected by the following vulnerabilities :

  - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166)

  - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)

The remote host is missing Mac OS X security update 2013-004 that fixes multiple security issues. 

The remote host is running a version of Mac OS X 10.8 that is older than 10.8.5. The newer version contains numerous security-related fixes for the following components :

  - Apache
  - Bind
  - Certificate Trust Policy
  - CoreGraphics
  - ImageIO
  - Installer
  - IPSec
  - Kernel
  - Mobile Device Management
  - OpenSSL
  - PHP
  - PostgreSQL
  - Power Management
  - QuickTime
  - Screen Lock
  - sudo

 This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit.

 Note that successful exploitation of the most serious issues could result in arbitrary code execution.

ID	Name	Product	Family	Published	Updated	Severity
79013	RHEL 6 : rhevm-spice-client (RHSA-2014:0416)	Nessus	Red Hat Local Security Checks	11/8/2014	4/25/2023	high
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	1/27/2014	12/5/2022	critical
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	6/30/2014	12/5/2022	critical
6699	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1)	Nessus Network Monitor	Web Clients	2/26/2012	3/6/2019	critical
6868	OpenSSL < 0.9.8y / 1.0.1d / 1.0.0k Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	6/11/2013	3/6/2019	low
8008	Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)	Nessus Network Monitor	Web Clients	9/16/2013	3/6/2019	critical

Detections

Analytics

Plugins Search

high

critical

critical

critical

low

critical