Skip to navigation

Security Advisory Moderate: Red Hat Enterprise Virtualization Manager 3.2 update

Advisory: RHSA-2013:0888-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-06-10
Last updated on: 2013-06-10
Affected Products: Red Hat Enterprise Virtualization 3
Red Hat Enterprise Virtualization 3.2
CVEs (cve.mitre.org): CVE-2013-2144

Details

Red Hat Enterprise Virtualization Manager 3.2 is now available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat Enterprise Virtualization Manager is a visual tool for centrally
managing collections of virtual servers running Red Hat Enterprise Linux
and Microsoft Windows. This package also includes the Red Hat Enterprise
Virtualization Manager API, a set of scriptable commands that give
administrators the ability to perform queries and operations on Red Hat
Enterprise Virtualization Manager.

It was found that permission checks were not performed on the target
storage domain when cloning a virtual machine from a snapshot. An attacker
could use this flaw to perform a denial of service attack, exhausting free
disk space on the target storage domain. (CVE-2013-2144)

The CVE-2013-2144 issue was discovered by Daniel Erez of Red Hat.

This update also fixes various bugs. Refer to the Technical Notes for
information about these changes:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html

All Red Hat Enterprise Virtualization Manager users are advised to upgrade
to these updated packages, which resolve these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Virtualization 3

SRPMS:
rhevm-3.2.0-11.30.el6ev.src.rpm
File outdated by:  RHBA-2014:0251
    MD5: 1ddd838a1b433524bc10ac0f3a8c0ece
SHA-256: e513554e23c0c2b0de8e494e29287b2bb151aac1af937e4d318ec9c9e63c1159
 
x86_64:
rhevm-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: d0517fb6bb9e318d88f716dfd658de81
SHA-256: bc0a8ffe8802404104f25f8dbc7d35ce6a376ceef6abb8d59b7e6b2d7b673de4
rhevm-backend-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 31d4afb092eda5de4e6cce5a0030465f
SHA-256: ce5f0d36734c1d720d19688d47af53021b7b416d8066c22a054ac0016bd27df7
rhevm-config-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 1ef9de40b8d4690b4ee58bbfe0e8185b
SHA-256: 9878813e9165a1e2b95aab88c470a07f944998d95318e4b73ea4dfa02b1abcc3
rhevm-dbscripts-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: cdae0c4a012b539f32cbe713c4bd68e5
SHA-256: 08360d855735c062a65bdb47d4d60072543dc08ff18097443c674701af1f9b61
rhevm-genericapi-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 6b560d3d64fa1bec01deb49753520e90
SHA-256: 609123d5d69c53dbaaf20a4b1929d99b64dcbdcb9bcc6d37db32a4096c2c2c13
rhevm-notification-service-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: c54582a039abb38fe8b629d4143ee056
SHA-256: 9130659a649c7e3996ffdbc898f258fefcdd8fe54a96354cbdff958475ca020c
rhevm-restapi-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: bf508cfa28a99f9befd00540d57cc3ed
SHA-256: a384c3ba6ad5ac2a79efdd854ef3690bc22dc80d40b7657beeffad3b0c2c3c1f
rhevm-setup-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 1566269a72af0a59706977202898144f
SHA-256: caae8dc71d5b9ce632ace3ff95bfe413ea1b5fcbf322380d4dbc8f2a5702a1e6
rhevm-setup-plugin-allinone-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 671aeacb5dc05314966e6ff13a49c1a7
SHA-256: c03004e77cc2acf709a9b4a0a2c8ac65e2dc4e9016522ed4c5955f7b36814ba4
rhevm-tools-common-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 0d92455c8f619cf7fb69389e195640ed
SHA-256: 3f7e6a99915722331f078ed18a0486afdccf395c81b03611050d95723ac138b1
rhevm-userportal-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: a9d8bc9aeeb8dffd7b6198eedf63f4de
SHA-256: 4162c8fe89ae19b60778f99bfebc4889d97fde144e0803c288e17847377ea917
rhevm-webadmin-portal-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 626947a70c928c3029e6348a9e550c5e
SHA-256: db1636e11cbc06dfe07953d65effb19938e4569592c0c7adcd6f7a1b9ab35312
 
Red Hat Enterprise Virtualization 3.2

SRPMS:
rhevm-3.2.0-11.30.el6ev.src.rpm
File outdated by:  RHBA-2014:0251
    MD5: 1ddd838a1b433524bc10ac0f3a8c0ece
SHA-256: e513554e23c0c2b0de8e494e29287b2bb151aac1af937e4d318ec9c9e63c1159
 
x86_64:
rhevm-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: d0517fb6bb9e318d88f716dfd658de81
SHA-256: bc0a8ffe8802404104f25f8dbc7d35ce6a376ceef6abb8d59b7e6b2d7b673de4
rhevm-backend-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 31d4afb092eda5de4e6cce5a0030465f
SHA-256: ce5f0d36734c1d720d19688d47af53021b7b416d8066c22a054ac0016bd27df7
rhevm-config-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 1ef9de40b8d4690b4ee58bbfe0e8185b
SHA-256: 9878813e9165a1e2b95aab88c470a07f944998d95318e4b73ea4dfa02b1abcc3
rhevm-dbscripts-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: cdae0c4a012b539f32cbe713c4bd68e5
SHA-256: 08360d855735c062a65bdb47d4d60072543dc08ff18097443c674701af1f9b61
rhevm-genericapi-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 6b560d3d64fa1bec01deb49753520e90
SHA-256: 609123d5d69c53dbaaf20a4b1929d99b64dcbdcb9bcc6d37db32a4096c2c2c13
rhevm-notification-service-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: c54582a039abb38fe8b629d4143ee056
SHA-256: 9130659a649c7e3996ffdbc898f258fefcdd8fe54a96354cbdff958475ca020c
rhevm-restapi-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: bf508cfa28a99f9befd00540d57cc3ed
SHA-256: a384c3ba6ad5ac2a79efdd854ef3690bc22dc80d40b7657beeffad3b0c2c3c1f
rhevm-setup-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 1566269a72af0a59706977202898144f
SHA-256: caae8dc71d5b9ce632ace3ff95bfe413ea1b5fcbf322380d4dbc8f2a5702a1e6
rhevm-setup-plugin-allinone-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 671aeacb5dc05314966e6ff13a49c1a7
SHA-256: c03004e77cc2acf709a9b4a0a2c8ac65e2dc4e9016522ed4c5955f7b36814ba4
rhevm-tools-common-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 0d92455c8f619cf7fb69389e195640ed
SHA-256: 3f7e6a99915722331f078ed18a0486afdccf395c81b03611050d95723ac138b1
rhevm-userportal-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: a9d8bc9aeeb8dffd7b6198eedf63f4de
SHA-256: 4162c8fe89ae19b60778f99bfebc4889d97fde144e0803c288e17847377ea917
rhevm-webadmin-portal-3.2.0-11.30.el6ev.noarch.rpm
File outdated by:  RHBA-2014:0251
    MD5: 626947a70c928c3029e6348a9e550c5e
SHA-256: db1636e11cbc06dfe07953d65effb19938e4569592c0c7adcd6f7a1b9ab35312
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

829625 - RESTAPI: API should expose hypervisor version
837907 - PRD32 - RFE: Add support for iLO2 and iLO4 as a fencing (Power Management) options [TEXT]
838457 - PRD32 - webadmin: the default of the tree should be expanded with DCs, at least
838469 - PRD32 - [RFE] Support cpu -host (passthrough) for virtual machines
838470 - PRD32 - [RFE] Allow e1000 to be selected as nic type for Windows VM
839205 - ovirt-engine-restapi : [RFE] There is no way to know which hooks are installed on a host
843058 - Can't run large amount of VMs simultaneously. Getting error Cant find VDS to run the VM.
843410 - PRD32 - Allow non plugin automatic invocation of console session (basic - no cd, disconnect reason, etc.)
845022 - ovirt-engine-backend [Quota]: superuser cannot add or run a vm when quota policy is changed to enforce when there is no quota defined
848398 - remove special restrictions on Windows templates names
854489 - PRD32 - webadmin: Add a new Disks tab under the Storage tab in the UI
854535 - PRD32 - bootstrap: support longer bootstrap duration
854540 - PRD32 - pki: use PKCS#12 format to store keys
854964 - [Storage] There is a scenario when VM might have several bootable disks which is wrong.
855630 - [RFE] Add tool tip for configuration a Quota feature
858742 - PRD32 - Networks Main Tab
859762 - ovirt-engine-backend : search engine does not complete values for disks:bootable and disks:sharable
861098 - RESTAPI: Mapping of empty name in user object
861576 - PRD32 - packaging: use yum API
862797 - Rhev-m admin GUI logs actions done by <UNKNOWN> in the Events tab
866123 - PRD32 - RFE: Allow plugins to add events into the engine's event log
866889 - PRD32 - vdsm-bootstrap rewrite
867543 - PRD32 - RFE: collect host bios information
868626 - RESTAPI: api should allow detailed resource listing via header/matrix parameter
870159 - 3.2 - storage: set block schedule elevator using udev
870352 - [ja_JP] Test case failure: Check the message for Alert/Events/Tasks: The Date part of the message contains minutes in the month-section.
871371 - PRD32 - RFE: allow to define termination protection per vm (block delete without a config change)
871802 - [engine-core] Null Pointer Exception when during “preview mode” action, service ovirt-engine restart (TryBackToAllSnapshotsOfVm threw an exception: java.lang.NullPointerException), and all disks VM enter to Locked state
872506 - Importing a VM from an OVF without the diskAlias property with copyCollapse=false will not auto-generate disk aliases
873581 - PCI addresses are deleted when VM Template is imported
874019 - ovirt-engine-backend: Non-operational Hosts that been switched to 'Maintenance' returns to non-operational status when disconnectStoragePool fails.
874080 - PRD32 - [RFE] engine [Live Storage Migration]: cannot concurrently live migrate several disks of the same VM
875527 - PRD32 - bootstrap: do not get unique id at canDoAction
875528 - PRD32 - bootstrap rewrite (engine)
875814 - Use appropriate caching policy for GWT application resources
876109 - Ovirt-engine-backend: AuditLog throws exception when attempting to Add Direct-Lun to VM.
876235 - PRD32 - Do not force fencing proxy to be in UP status
877818 - [RFE] Need indication that GWT app is loading
878064 - engine: Error while executing action SetVmTicket: Unexpected exception
878509 - Power User Portal (a.k.a User Portal "Extended" tab): Improve performace on IE8 / Windows XP
878778 - engine [RACE]: cancel migration will fail because domain no longer exists in src by the time cancel is sent
879291 - left-pane tree: "expand all" should fully-expand only the selected tree-node (and not the entire tree, unless "System" is selected)
879308 - Tree title should be changed
879930 - ovirt-engine-backend [Scalability]: The queries getstorage_domains_by_storagepoolid && getdisksvmguid caused postmaster processes to consume constantly 100%cpu.
880969 - ovirt-engine-backend [Scalability]:Problematic query 'getallfromvms' causes user portal to become stuck after user login.
881024 - PRD32 - [RFE] Adding the ability to remove a VM without removing its disks
882651 - PRD32 - CDROM payload should not interfere with devices of the same type
882807 - PRD32-GLUSTER - Forced removal of a host
882812 - PRD32-GLUSTER - Configuration sync with Gluster CLI
882813 - PRD32-GLUSTER - Import of existing gluster clusters
882824 - PRD32-GLUSTER - search support for gluster volumes
882837 - PRD32 - engine - if connect storage pool fails on version mismatch, do reconstruct master
882847 - upgrade 3.0 to 3.1: event notification is not sent.
883871 - [RESTAPI] Disk move action missing.
885391 - PRD32 - webadmin: support ui-plugins
886133 - PRD32 - [RFE] Add the ability to scan/import existing disk images in a storage domain using REST-API
886709 - PRD32 - bootstrap: fetch logs to engine
886824 - 'Configure Local Disk' does not work properly in Japanese environment
887230 - Units for statistics of host NICs are wrong: BYTES_PER_SECOND should be MEGABYTES_PER_SECOND.
887741 - ISO uploader: on upgrade, change the default port for 'rhevm' in /etc/ovirt-engine/isouploader.conf to localhost:8443 (and not the default 443)
888689 - [User Portal] An user with UserRole assigned to a pool does not see pool's VMs
889795 - engine: we use gzip -9 to zip files in engine instead of xz (vdsm already uses xz)
889985 - [ovirt-engine] auto-recovery for storage server should change to "True", auto-recovery for hosts should be True by default on engine as in DB.
891279 - [RFE] Backend: 'migration complete' event should include the destination VDS, not the source [TEXT]
891280 - [RFE] [Admin Portal] - Add a Console button in Hosts -->VMs tab.
892532 - [ovirt-engine-backend] DB upgrade from 3.0 to 3.1 fails
892724 - engine: java.lang.IndexOutOfB oundsException for undo/commit of preview on snapshot with no disks
894020 - PRD32 - [RFE] spice seamless migration support in win client
894288 - RHEVM GUI: Failure to language selection in specific case
894345 - PRD32 - [RFE] Spice arbitrary resolution
894396 - PRD32 - [RFE] Spice native usb live migration support in win client
894681 - RFE: Engine should support having configurable entries for ldap servers per domain
895049 - Reports should be able to be installed from scratch on an upgraded system
895103 - Provide native dialog for showDialog() UI plugin API instead of browser window
903287 - When creating a network the default network doesn't get chosen.
905446 - Lexicographic sorting by IP when searching for VMs
905564 - [Upgrade] [Live Storage Migration] Auto generated snapshot for Live Storage migration can not be deleted.
907232 - Custom Materialized Views should be treated differently from regular product Materialized Views
907240 - [SetupNetworks] Slaves data sent by the user is being overridden with engine's data
908745 - RFE: change VdsRefreshTimeout to 3 seconds
912449 - [rhevh] can't upgrade to newer version due to 'ovirt ISOs directory not found'
912697 - When importing a VM with collapseSnapshots=false not all images are actually imported
915036 - REST-API : server replies in yaml instead of xml on GET: /api/vms/xxx/reporteddevices
915675 - Gluster volume is stopped, but brick status on the UI is still 'UP'
915950 - Resizable columns in sub-tabs
916582 - REST API - Omit of prefer header doesn't turn off session based authentication
916728 - [ovirt-engine-backend] Upgrade from 3.1 to 3.2 fails
917522 - [RHEVM] [backend] VNIC plug/unplug is incorrectly reported in logs
917698 - [User Portal] VM action buttons are now missing static IDs (needed for automated testing)
917719 - engine: CreateAllSnapshotsFromVm threw an exception during vdsm restart
919672 - [webadmin] After import vm/template values in subtab general of vm/template stuck.
921201 - rhevm-upgrade is failing between si26.4 to si27.4 (3.1.3) in async task cleanup
923443 - Gateway is not defined after bonding the RHEVM interface.
923614 - procedures are owned by postgres instead of engine user
923992 - engine: engine deletes live storage migration destination copy after finish the copy (storage live migration doesn't work)
924605 - Spice proxy setting in console configuration popup dialog
948282 - Transaction errror during CreateSnapshotFromTemplate (child of AddVmCommand)
950073 - import reported as successful too early
953690 - VM taken by a user from a prestarted pool does not show as "Up" until page refreshed
956378 - please add tool-tips for grid column-headers
957051 - Add spice console invocation method switching to console dialog
957611 - Add the 'mount ISO from SPICE client' functionality back into RHEV
971058 - CVE-2013-2144 rhevm: insufficient target domain permission check when cloning a VM from a snapshot


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/