RedHat: RHSA-2015-1043:01 Important: virtio-win security and bug fix update
Summary
The virtio-win package provides paravirtualized network drivers for most
Microsoft Windows operating systems. Paravirtualized drivers are
virtualization-aware drivers used by fully virtualized guests running on
Red Hat Enterprise Linux. Fully virtualized guests using the
paravirtualized drivers gain significantly better I/O performance than
fully virtualized guests running without the drivers.
It was found that the Windows Virtio NIC driver did not sufficiently
sanitize the length of the incoming IP packets, as demonstrated by a packet
with IP options present but the overall packet length not being adjusted to
reflect the length of those options. A remote attacker able to send a
specially crafted IP packet to the guest could use this flaw to crash that
guest. (CVE-2015-3215)
Red Hat would like to thank Google Project Zero for reporting this issue.
This update also fixes the following bugs:
* When creating a Windows guest using virtio drivers and direct Logical
Unit Number (LUN) access with more than 4 SCSI disks under one
virtio-scsi-pci controller, the guest terminated unexpectedly with a stop
error, also known as the blue screen of death. This update increases the
maximum amount of LUNs per a single virtio-scsi-pci controller has been
increased to 254, which prevents the described crash from occurring.
(BZ#1210196)
* The license.txt file in the virtio-win build has been updated to include
the correct year number in the copyright information section. (BZ#1210195)
All virtio-win users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2015-3215 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
noarch:
virtio-win-1.7.4-1.el6_6.noarch.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
noarch:
virtio-win-1.7.4-1.el6_6.noarch.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
noarch:
virtio-win-1.7.4-1.el6_6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An updated virtio-win package that fixes one security issue and two bugs isnow available for Red Hat Enterprise Linux 6 Supplementary.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - noarch
Red Hat Enterprise Linux Server Supplementary (v. 6) - noarch
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - noarch
Bugs Fixed
1227634 - CVE-2015-3215 virtio-win: netkvm: malformed packet can cause BSOD