-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rhev 3.2 - vdsm security and bug fix update Advisory ID: RHSA-2013:0886-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0886.html Issue date: 2013-06-10 CVE Names: CVE-2013-0167 ===================================================================== 1. Summary: Updated vdsm packages that fix one security issue and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV Agents (vdsm) - noarch, x86_64 RHEV-M 3.2 - noarch, x86_64 3. Description: VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts. A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167) The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team. This update also fixes various bugs. Refer to the Technical Notes for information about these changes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html All users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues. These updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 834041 - 3.1 - [vdsm] vdsm losses its connection to libvirt socket on certain case 852956 - 3.2 - prepareForShutdown is not called when connection to libvirt is broken with event: libvirtError: internal error client socket is closed 861701 - 3.2 - need to sync networks between vdsm and libvirt. 871616 - Guest agent information is missing after few VM's migrations 873145 - 3.2 - vdsm [Storage Live Migration]: vm changes state to pause for a few seconds during storage live migration 875487 - 3.2 Failed to break BOND and attach custom MTU networks while VM is running 875775 - 3.2.0 - [Storage] Unable to extend storage domain if PV is in use. 878064 - engine: Error while executing action SetVmTicket: Unexpected exception 879253 - 3.2 - [vdsm] ConnectStoragePool fail with 2 hosts in NFS due to stale cache 880961 - 3.2 - [Upgrade] vdsm daemon not responding after upgrading from vdsm-4.9-113.4.el6_3 to vdsm-4.9.6-44.0.el6_3 881947 - 3.2 [vdsm] getDeviceList is failing with vdsm 4.10.2-1 882276 - 3.2 - [vdsm] Failure upgrading a storage domain to V3 - No space left on device 882667 - vdsm: master domain is partially inaccessible when umount fails for iso/export domain (only on posix master domain over nfs) 883327 - 3.2 - vdsm: Unexpected exception when upgrading local/NFS domain from 3.0 to 3.1 883390 - Attach Storage Domain is failing on FC storage if Create Storage Domain was initiated from Non-Spm host 885418 - vdsm: error log throws exception in forceIscsiScan when vdsm config minimal or maximal timeout parameters are illegel 890572 - If RHEV-H host registered from RHEV-M and later re-registered from RHEV-H, the 'Management Server Port' value cannot be changed. 890983 - vdsm: dumpStorageTable.py exits on KeyError for buildVolumesChain 893193 - 'vdsm.log' does not report the correct vdsm release for RHEV 3.1 versions. 893332 - CVE-2013-0167 vdsm: unfiltered guestInfo dictionary DoS 895912 - Rhevh failed downloading RHEV-M certificate when Register it to RHEV-M via port 80 905930 - Screen is locked immediately after an user auto-logs into guest via SSO from User Portal 910445 - Storage Live Migration of thick disk results in corrupted disk 911209 - vdsm: vm's sent with wipe after delete in NFS storage will not be removed from domain 911417 - After upgrading to RHEL6.3 NFS images permissions are 440 and qemu user cannot start 2.2 vms 912308 - vdsm.log ownership is root:root when log rotate run at the same time as supervdsm writes to the same log file 915068 - vdsm: 'ValueError: field and value cannot include = character' when removing disks 917363 - vdsm: can't remove/export a vm with exception on getAllVolumes 918541 - The VM Channels Listener thread appears to stall , blocking all communication between VDSM and the hosted guest agents. 918666 - Don't fail when a non-existing bond is requested via setupNetworks. 919201 - Warning when migration is delayed/get stuck due to high guest memory writes. 919356 - [RHEVM] [vdsm] unexpected exception on VNIC hot unplug with MAC change 920532 - [scale] Attaching a big number of NFS Storage Domain fails. (fails on too many open files on VDSM side) 920614 - decrease libvirtd log level 920671 - [rhevh upgrade] Reporting a 'Failed to upgrade' to engine, while it really succeeded 920688 - VDSM attribute error exception when trying to write to vdsm log. 922515 - vdsm: vdsm fails to recover after restart with 'AttributeError: 'list' object has no attribute 'split'' error 923773 - vmHotplugDisk failed with "VolumeError: Bad volume specification" 923964 - vdsm: within few seconds after a live snapshot the volume extension requests might be too large 925967 - Debug messages show on TUI just after register to rhevm 925981 - default migration bandwidth capping is not honored anymore 927143 - [vdsm] ShutdownVM fails after plugging shared disk to 2 vms at once due to 'Bad File Descriptor' in vdsm 928217 - Vdsm logs are filling filesystem up - logrotation of vdsm logs doesn't work correctly 928861 - VDSM will fail to start if rsyslogd's configuration is invalid. 947014 - Vdsm fails to decode application list if an application name containing Non-ASCII character is present on guest 948346 - vdsm [UPGRADE]: upgrade to v3 fails when the domain links are missing 948940 - [vdsm] concurrent live storage migration of multiple disks might result in a saveState exception 949192 - [vdsm] [scale] After libvirt failure vdsm restarts and starts responding to XML-RPC after a big delay 951057 - vdsm should report the storage domain version in the statistics 955593 - vdsm errors/Tracebacks when migrating a VM, migration itself is successful 956683 - The default migration_max_bandwidth (32MiBps) & default max_outgoing_migrations (5) will saturate a 1Gbps link. 962549 - VM no longer bootable after snapshot removal 6. Package List: RHEV Agents (vdsm): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/vdsm-4.10.2-22.0.el6ev.src.rpm noarch: vdsm-cli-4.10.2-22.0.el6ev.noarch.rpm vdsm-hook-vhostmd-4.10.2-22.0.el6ev.noarch.rpm vdsm-reg-4.10.2-22.0.el6ev.noarch.rpm vdsm-xmlrpc-4.10.2-22.0.el6ev.noarch.rpm x86_64: vdsm-4.10.2-22.0.el6ev.x86_64.rpm vdsm-debuginfo-4.10.2-22.0.el6ev.x86_64.rpm vdsm-python-4.10.2-22.0.el6ev.x86_64.rpm RHEV-M 3.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/vdsm-4.10.2-22.0.el6ev.src.rpm noarch: vdsm-bootstrap-4.10.2-22.0.el6ev.noarch.rpm x86_64: vdsm-debuginfo-4.10.2-22.0.el6ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0167.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtj6KXlSAg2UNWIIRAv4xAJoD+HZL3kpjwQjO5nsqg5VhethCngCgqx8o aUu6zn0LxAYIhaOi5xeMRIk= =V1fc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce