RHSA-2014:0224: Moderate: redhat-support-plugin-rhev security update
The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a newfeature which offers seamless integrated access to Red Hat Access servicesfrom the Red Hat Enterprise Virtualization Administration Portal. Theplug-in provides automated functionality that enables quicker help,answers, and proactive services. It offers easy and instant access to RedHat exclusive knowledge, resources, engagement, and diagnostic features.Detailed information about this plug-in can be found in the Red HatCustomer Portal at https://access.redhat.com/site/articles/425603 The Jakarta Commons HttpClient component did not verify that the serverhostname matched the domain name in the subject's Common Name (CN) orsubjectAltName field in X.509 certificates. This could allow aman-in-the-middle attacker to spoof an SSL server if they had a certificatethat was valid for any domain name. (CVE-2012-5783)All users of the Red Hat Support plug-in on Red Hat EnterpriseVirtualization Manager are advised to install this updated package, whichfixes this issue.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2014:0224?
The severity of RHSA-2014:0224 is classified as moderate.
How do I fix RHSA-2014:0224?
To fix RHSA-2014:0224, update the 'redhat-support-plugin-rhev' package to version 3.3.0-14.el6e or later.
Which software versions are affected by RHSA-2014:0224?
RHSA-2014:0224 affects the 'redhat-support-plugin-rhev' package version up to 3.3.0-14.el6e.
What is the purpose of the Red Hat Support plug-in mentioned in RHSA-2014:0224?
The Red Hat Support plug-in for Red Hat Enterprise Virtualization provides seamless integrated access to Red Hat Access services.
Is there a specific package I need to address for RHSA-2014:0224?
Yes, you need to address the 'redhat-support-plugin-rhev' package for RHSA-2014:0224.