Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1108348

Summary: [RHEV-H] Updated Image for RHEV-M 3.2 with the most recent openssl and gnutls CVE fixes
Product: Red Hat Enterprise Virtualization Manager Reporter: Simon Sekidde <ssekidde>
Component: rhev-hypervisorAssignee: Fabian Deutsch <fdeutsch>
Status: CLOSED WORKSFORME QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.2.0CC: cshao, fdeutsch, hadong, huiwa, iheim, leiwang, mkalinin, pmatouse, ssekidde, yaniwang, ycui, yeylon
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: node
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-30 19:09:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ISO Downloads none

Description Simon Sekidde 2014-06-11 19:15:54 UTC 
Created attachment 907816 [details]
ISO Downloads

Description of problem:

Please update the RHEV-H6.5.z (3.2) iso with the OpenSSL CCS Injection Security Vulnerability (CVE-2014-0224) and the GnuTLS Crypto Library Vulnerability CVE-2014-3466 fixes. 

Version-Release number of selected component (if applicable):

rhev-hypervisor6-6.5-20140118.1.3.2.iso

Actual results:

openssl-1.0.1e-16.el6_5.7.x86_64 (RSA/8, Mon Apr  7 19:46:51 2014, Key ID 199e2f91fd431d51)
gnutls-2.8.5-13.el6_5.x86_64 (RSA/8, Sun Mar  2 09:46:16 2014, Key ID 199e2f91fd431d51)
gnutls-utils-2.8.5-13.el6_5.x86_64 (RSA/8, Sun Mar  2 09:46:16 2014, Key ID 199e2f91fd431d51)

Expected results:

openssl-1.0.1e-16.el6_5.14.x86_64
gnutls-2.8.5-14.el6_5.x86_64
gnutls-utils-2.8.5-14.el6_5.x86_64
Comment 2 Petr Matousek 2014-06-12 09:04:04 UTC 
RHEV-H 3.2 is out of support. We won't release any further (security) updates for RHEV-H 3.2. Please contact GSS, they might provide hotfix iso for the customer. For further info please see https://access.redhat.com/site/support/policy/updates/rhev.