Are RHEV-H images affected by GHOST (CVE-2015-0235)

Solution Verified - Updated 5 Aug 2024

Environment

Red Hat Enterprise Virtualization 3.x
Red Hat Enterprise Virtualization Hypervisor 3.x (RHEV-H)

Issue

Does Red Hat provide a fix for CVE-2015-0235 in RHEV-H image
Is RHEV-H affected by CVE-2015-0235
Does RHEV-H include a fix for CVE-2015-0235

Resolution

The CVE-2015-0235 issue has been fixed in rhev-hypervisor6-6.6-20150123.1, which was provided by the RHSA-2015:0126 advisory.

Root Cause

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

SBR

Product(s)

Red Hat Virtualization

Components

rhev-hypervisor

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.