Skip to navigation

Security Advisory Moderate: rhev 3.2 - vdsm security and bug fix update

Advisory: RHSA-2013:0886-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-06-10
Last updated on: 2013-06-10
Affected Products: Red Hat Enterprise Virtualization 3
Red Hat Enterprise Virtualization 3.2
CVEs (cve.mitre.org): CVE-2013-0167

Details

Updated vdsm packages that fix one security issue and various bugs are now
available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

VDSM is a management module that serves as a Red Hat Enterprise
Virtualization Manager agent on Red Hat Enterprise Virtualization
Hypervisor or Red Hat Enterprise Linux hosts.

A flaw was found in the way unexpected fields in guestInfo dictionaries
were processed. A privileged guest user could potentially use this flaw to
make the host the guest is running on unavailable to the management
server. (CVE-2013-0167)

The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat
Enterprise Virtualization team.

This update also fixes various bugs. Refer to the Technical Notes for
information about these changes:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html

All users managing Red Hat Enterprise Linux Virtualization hosts using Red
Hat Enterprise Virtualization Manager are advised to install these updated
packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise
Virtualization Hypervisor in the next rhev-hypervisor6 errata package.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Virtualization 3

SRPMS:
vdsm-4.10.2-22.0.el6ev.src.rpm
File outdated by:  RHBA-2014:0024
    MD5: bfde149aaaad556179beb74a4768c55d
SHA-256: a44905f159257ae44406db09773e682980dd81feac756abfb37783f153ecaddc
 
x86_64:
vdsm-4.10.2-22.0.el6ev.x86_64.rpm
File outdated by:  RHBA-2014:0392
    MD5: a058a5be65cf77c606f3402783043d35
SHA-256: 425305653ef6cbc34d52066ea634d6add5f5e04b909fc9ba4925976db242dd0e
vdsm-bootstrap-4.10.2-22.0.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0024
    MD5: 2e8a7781bd81bce036b27910399cda3f
SHA-256: 3a757f4ba6b93a4faade1fb1fa8340f1b56343dfa376ae92f6af3267ff1ebf20
vdsm-cli-4.10.2-22.0.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0392
    MD5: b2bfbc4fa0761d0b475ec457311ac04a
SHA-256: 367ece8aef1927dbd5ae6a3acf61a3bed4683cf330753bb01694c536364a6ac7
vdsm-debuginfo-4.10.2-22.0.el6ev.x86_64.rpm
File outdated by:  RHBA-2014:0392
    MD5: ee40d107d864229c5d39c6caaa48626d
SHA-256: 2a62729b5be2ff1c4a108efe5cc970db619133a62b4e6aa6fd00fb6d970ca2bc
vdsm-hook-vhostmd-4.10.2-22.0.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0392
    MD5: 485f2eb5af5e6b0abdb61e1ff5c3c318
SHA-256: a5bea439e75ad251ea70fc427ddacdac96e192b783a02a84d56a1f04f37f4f86
vdsm-python-4.10.2-22.0.el6ev.x86_64.rpm
File outdated by:  RHBA-2014:0392
    MD5: bd9357644bf9dba9a6b230ad71953acd
SHA-256: a60077c7777c05fae4b0caa43e0cffa537b184ce740d6911e91309bef832cb88
vdsm-reg-4.10.2-22.0.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0392
    MD5: 766c21d0d9a6d8b42c09b3317e428495
SHA-256: 8cc81b0928238aae7c1e3168593e7934f4b730428b7561d180eccacba08aea6d
vdsm-xmlrpc-4.10.2-22.0.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0392
    MD5: 3d8c8d74bdd0fa4fb48267673df94c33
SHA-256: 79ebd09e2d019e7df36d07b52e7fa39bd32674232abf9350938c55d2765c0f23
 
Red Hat Enterprise Virtualization 3.2

SRPMS:
vdsm-4.10.2-22.0.el6ev.src.rpm
File outdated by:  RHBA-2014:0024
    MD5: bfde149aaaad556179beb74a4768c55d
SHA-256: a44905f159257ae44406db09773e682980dd81feac756abfb37783f153ecaddc
 
x86_64:
vdsm-bootstrap-4.10.2-22.0.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0024
    MD5: 2e8a7781bd81bce036b27910399cda3f
SHA-256: 3a757f4ba6b93a4faade1fb1fa8340f1b56343dfa376ae92f6af3267ff1ebf20
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

834041 - 3.1 - [vdsm] vdsm losses its connection to libvirt socket on certain case
852956 - 3.2 - prepareForShutdown is not called when connection to libvirt is broken with event: libvirtError: internal error client socket is closed
861701 - 3.2 - need to sync networks between vdsm and libvirt.
871616 - Guest agent information is missing after few VM's migrations
873145 - 3.2 - vdsm [Storage Live Migration]: vm changes state to pause for a few seconds during storage live migration
875487 - 3.2 Failed to break BOND and attach custom MTU networks while VM is running
875775 - 3.2.0 - [Storage] Unable to extend storage domain if PV is in use.
878064 - engine: Error while executing action SetVmTicket: Unexpected exception
879253 - 3.2 - [vdsm] ConnectStoragePool fail with 2 hosts in NFS due to stale cache
880961 - 3.2 - [Upgrade] vdsm daemon not responding after upgrading from vdsm-4.9-113.4.el6_3 to vdsm-4.9.6-44.0.el6_3
881947 - 3.2 [vdsm] getDeviceList is failing with vdsm 4.10.2-1
882276 - 3.2 - [vdsm] Failure upgrading a storage domain to V3 - No space left on device
882667 - vdsm: master domain is partially inaccessible when umount fails for iso/export domain (only on posix master domain over nfs)
883327 - 3.2 - vdsm: Unexpected exception when upgrading local/NFS domain from 3.0 to 3.1
883390 - Attach Storage Domain is failing on FC storage if Create Storage Domain was initiated from Non-Spm host
885418 - vdsm: error log throws exception in forceIscsiScan when vdsm config minimal or maximal timeout parameters are illegel
890572 - If RHEV-H host registered from RHEV-M and later re-registered from RHEV-H, the 'Management Server Port' value cannot be changed.
890983 - vdsm: dumpStorageTable.py exits on KeyError for buildVolumesChain
893193 - 'vdsm.log' does not report the correct vdsm release for RHEV 3.1 versions.
893332 - CVE-2013-0167 vdsm: unfiltered guestInfo dictionary DoS
895912 - Rhevh failed downloading RHEV-M certificate when Register it to RHEV-M via port 80
905930 - Screen is locked immediately after an user auto-logs into guest via SSO from User Portal
910445 - Storage Live Migration of thick disk results in corrupted disk
911209 - vdsm: vm's sent with wipe after delete in NFS storage will not be removed from domain
911417 - After upgrading to RHEL6.3 NFS images permissions are 440 and qemu user cannot start 2.2 vms
912308 - vdsm.log ownership is root:root when log rotate run at the same time as supervdsm writes to the same log file
915068 - vdsm: 'ValueError: field and value cannot include = character' when removing disks
917363 - vdsm: can't remove/export a vm with exception on getAllVolumes
918541 - The VM Channels Listener thread appears to stall , blocking all communication between VDSM and the hosted guest agents.
918666 - Don't fail when a non-existing bond is requested via setupNetworks.
919201 - Warning when migration is delayed/get stuck due to high guest memory writes.
919356 - [RHEVM] [vdsm] unexpected exception on VNIC hot unplug with MAC change
920532 - [scale] Attaching a big number of NFS Storage Domain fails. (fails on too many open files on VDSM side)
920614 - decrease libvirtd log level
920671 - [rhevh upgrade] Reporting a 'Failed to upgrade' to engine, while it really succeeded
920688 - VDSM attribute error exception when trying to write to vdsm log.
922515 - vdsm: vdsm fails to recover after restart with 'AttributeError: 'list' object has no attribute 'split'' error
923773 - vmHotplugDisk failed with "VolumeError: Bad volume specification"
923964 - vdsm: within few seconds after a live snapshot the volume extension requests might be too large
925967 - Debug messages show on TUI just after register to rhevm
925981 - default migration bandwidth capping is not honored anymore
927143 - [vdsm] ShutdownVM fails after plugging shared disk to 2 vms at once due to 'Bad File Descriptor' in vdsm
928217 - Vdsm logs are filling filesystem up - logrotation of vdsm logs doesn't work correctly
928861 - VDSM will fail to start if rsyslogd's configuration is invalid.
947014 - Vdsm fails to decode application list if an application name containing Non-ASCII character is present on guest
948346 - vdsm [UPGRADE]: upgrade to v3 fails when the domain links are missing
948940 - [vdsm] concurrent live storage migration of multiple disks might result in a saveState exception
949192 - [vdsm] [scale] After libvirt failure vdsm restarts and starts responding to XML-RPC after a big delay
951057 - vdsm should report the storage domain version in the statistics
955593 - vdsm errors/Tracebacks when migrating a VM, migration itself is successful
956683 - The default migration_max_bandwidth (32MiBps) & default max_outgoing_migrations (5) will saturate a 1Gbps link.
962549 - VM no longer bootable after snapshot removal


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/