RHSA-2012:0748 - Security Advisory

Topic

Updated libvirt packages that fix one security issue, multiple bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Bus and device IDs were ignored when attempting to attach multiple USB
devices with identical vendor or product IDs to a guest. This could result
in the wrong device being attached to a guest, giving that guest root
access to the device. (CVE-2012-2693)

These updated libvirt packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for
information on the most significant of these changes.

All users of libvirt are advised to upgrade to these updated packages,
which fix these issues and add these enhancements. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 515293 - RFE: Support formatting of new (ext3/4) filesystems for fs storage pool type
• BZ - 589849 - [LXC] Changing shutoff guest max memory can effect current memory
• BZ - 605953 - RFE: Add a command to quickly setup a Bridge Networking for KVM
• BZ - 611823 - Storage driver should prohibit pools with duplicate underlying storage
• BZ - 611824 - RFE: Expose 'virDomainMemoryPeek' and 'virDomainBlockPeek' in python bindings
• BZ - 613537 - [LXC] Fail to start vm that have multi network interfaces.
• BZ - 619846 - virsh dump gives very cryptic error messages
• BZ - 624447 - [vdsm] [libvirt] permission error on run vm task when using NFS storage (libvirt log!)
• BZ - 625115 - cannot run virt-manager as regular user in a VNC session
• BZ - 625362 - libvirt-guests should start and shut down guests in parallel
• BZ - 628823 - DOCS: Document that the bootable disk must be first in the XML
• BZ - 638633 - [RHEL6-Beta] 'virsh attach-interface' succeeds even if a nonexistent script file is specified to the option --script.
• BZ - 639599 - "virt-xml-validate" failed to validate guest domain configuration file if the domain name got a "#" in it .
• BZ - 643373 - RFE: Add ability to control link up/down state of guest NICs via XML & on the fly.
• BZ - 648594 - Support online resizing of block devices
• BZ - 673499 - Some virsh vol-* commands require the pool option, but don't indicate this when they fail
• BZ - 673811 - [RFE] VIRSH : Add ability to specify max migration bandwidth
• BZ - 680880 - The defined NFS pool can not be started
• BZ - 685083 - virt-xml-validate fails if xml is generated from running domain
• BZ - 689768 - libvirt should report better error than: cannot send monitor command '{"execute":"qmp_capabilities"}'
• BZ - 693758 - libvirt-guests init script saves but doesn't restore non-persistent domains
• BZ - 697808 - Improve error message when passing XML doc with wrong root element to define/create APIs.
• BZ - 698521 - virsh freecell command help and man pages should be more clear
• BZ - 700272 - RFE add support for "host cpu" in Libvirt
• BZ - 700523 - clearing caps before running ssh breaks prevents ssh-askpass from launching from 'sudo virt-manager'
• BZ - 702260 - Libvirt can't remove logical volume because it doesn't deactivate it first
• BZ - 708735 - [RFE] Show column and line on XML parsing error
• BZ - 709265 - empty vg storage pool can break GetVolumeByPath for all pools
• BZ - 712266 - Hotplug virtio disk fails with error message "Duplicate ID 'drive-virtio-disk2' for drive"
• BZ - 713932 - RFE: implement insert-media and eject-media virsh commands
• BZ - 715019 - (libvirt) Report disk latency (read and write) for each storage device
• BZ - 715590 - Add support for USB 2.0 (EHCI) to libvirt
• BZ - 725269 - generated qemu -smp string is ambiguous, gives unexpected results
• BZ - 725373 - [libvirt] when using domabortjob to abort stuck migration , the migration command still hangs.
• BZ - 726174 - Impossible libvirt remote administration via qemu+ssh
• BZ - 726771 - libvirt does not specify problem file if persistent xml is invalid
• BZ - 729694 - bootindex added after install completes. causes boot failure in KVM with mixed virtio/ide disks
• BZ - 731151 - RFE: allow capabilities/guest XML to be used with virsh cpu-compare
• BZ - 731645 - cpu-baseline should support the complete <capabilities> elements
• BZ - 731656 - virsh: the results of domblkstat is unreadable for user
• BZ - 733587 - Reattach a pci device to host which is using by guest sometimes outputs wrong info
• BZ - 735950 - The network xml with mutiple dhcp sections can be defined and started successfully although there is prompt error
• BZ - 738933 - Improving virsh manual for virsh memtune command
• BZ - 741510 - Aligning issue with snapshot XML description
• BZ - 743671 - USB device can be reassigned to another VM without error
• BZ - 744237 - Corner cases of migration with --dname and dxml
• BZ - 746111 - libvirtd fails to start due to mDNS requirement
• BZ - 747619 - Host PCI device's original states are not honored anymore after deamon is restarted
• BZ - 748248 - libvirt should use vgchange -aly/-aln instead of vgchange -ay/-an for clustered volume groups
• BZ - 748354 - [lxc]setmem will get wrong error message when cgroup is unmounted.
• BZ - 748405 - PCI device will be driver reprobing without honoring the original states
• BZ - 748742 - Expose 'virNodeGetMemoryStats' and 'virNodeGetCPUStats' APIs in python binding
• BZ - 750683 - vol-info get the wrong "Type" for a directory
• BZ - 751631 - Default block cache mode for migration
• BZ - 751725 - virsh detach-device does not change owner and selinux label of USB device if device managed
• BZ - 752255 - libvirt fails to initialize nwfilter when /tmp is mounted with noexec option
• BZ - 753169 - QEMU driver mistakenly passes a plain file FD to QEMU for migration
• BZ - 754128 - Shutting Down VM changes its state to "Pause" for 10sec
• BZ - 758231 - Add support for ESXi 5
• BZ - 758590 - domblklist will returen non zero value when everything is ok
• BZ - 760149 - general error return on migrate after calling abortjob()
• BZ - 760436 - virsh connect fails with remote machine which has different libvirt version
• BZ - 760883 - Failed to install a guest with pxe method
• BZ - 761005 - libvirt [RFE] Add support for new sandy bridge cpu
• BZ - 761344 - memory leak on cmdBlkdeviotune sucessful path
• BZ - 761345 - memory leak on cmdDomIfGetLink sucessful path
• BZ - 761347 - Return value error on the function cmdDomIfGetLink
• BZ - 761402 - memory leak on cmdDomblklist function
• BZ - 761453 - memory leak on remoteDomainScreenshot function
• BZ - 765698 - Improve virsh nodesuspend output information
• BZ - 766308 - libvirtd does not close all fds opened by virt-install
• BZ - 766553 - Expose 'virDomainSnapshotListChildrenNames' API in python binding
• BZ - 767104 - Libvirt shouldn't check the presence of the live snapshot file
• BZ - 767333 - enhance reboot API to use guest agent when available
• BZ - 767364 - RFE [libvirt] add support for AMD Bulldozer cpu
• BZ - 767488 - [libvirt]memleak when "run virsh console guest".
• BZ - 768268 - Libvirt fail to detach PF/VF device when the address of pci device described as decimalism
• BZ - 768450 - libvirt should have mapping for cpu64-rhel cputype
• BZ - 768860 - memory leak on libvirt_virConnectOpenAuth
• BZ - 768870 - Guest can not be started with <iotune> setting in xml
• BZ - 769224 - memory leak when run 'virsh domxml-to-native'
• BZ - 769251 - blockresize lack of "free lock" after given wrong parameter
• BZ - 769506 - Need to improve virsh domxml-*-native command docs
• BZ - 769752 - Fail to start LXC guest
• BZ - 770031 - the guest's mac will change after attach a vnet with the option persistent and then restart it.
• BZ - 770458 - Request for backporting to move 'send-key' and 'echo' descriptions into other more appropriate sections in virsh man page
• BZ - 770520 - blkiotune set weight on total and virtio device together will cause libvirtd hang
• BZ - 770683 - blockIoTune did not work right with parameters
• BZ - 770919 - Sometimes virsh command screenshot may hang
• BZ - 770940 - memory leaks on libvirt_virDomainGetSchedulerParameters
• BZ - 770941 - memory leaks on libvirt_virDomainGetMemoryParameters
• BZ - 770942 - memory leaks on libvirt_virDomainBlockStatsFlags
• BZ - 770943 - memory leaks on libvirt_virNodeGetCPUStats
• BZ - 770944 - memory leaks on libvirt_virNodeGetMemoryStats
• BZ - 770971 - Expose 'virDomain{Get,Set}InterfaceParameters' APIs in python binding
• BZ - 771016 - virsh destroy a guest . guest status will hang with in shutdown
• BZ - 771021 - Coverity scan revealed defects
• BZ - 771562 - Change numa parameters with 'nodeset' option will crash libvirtd
• BZ - 771570 - Restart libvirtd will get error and fail to reconnect domains on nfs storage
• BZ - 771591 - Expose 'virDomain{G, S}etNumaParameters' APIs in python binding
• BZ - 772697 - libvirt-devel grew a dependency on systemtap, preventing installs on ppc
• BZ - 773208 - Migration with non-existent xml does not report error
• BZ - 773667 - virsh attach-device fails with 'Unable to reset PCI device' for Broadcom NetExtreme II
• BZ - 781562 - [RFE] Support for qemu PCI romfile option
• BZ - 781985 - When detach PCI device from guest, unknown error occurs.
• BZ - 782716 - Change interface parameters with '{in,out}bound' option will crash libvirtd
• BZ - 783184 - storage cloning ignores "sparse" and creates non-sparse disk images
• BZ - 783921 - libvirt cannot disable kvmclock
• BZ - 785164 - libvirt needs ipv6 support for ssh uris
• BZ - 785269 - Make avahi failure on startup non-fatal
• BZ - 786534 - Add vm-pid to VIRT_CONTROL audit events
• BZ - 786674 - Plug memory leak on cmdUndefine
• BZ - 786770 - Unwanted messages when installing libvirt-client
• BZ - 787761 - undefined symbol: libvirt_event_poll_purge_timeout_semaphore
• BZ - 788338 - Resource leaks on virsh desc command
• BZ - 789220 - memory leak on client programming failure path
• BZ - 790436 - libvirt runs qemu with tls options even when certs/keys are not set
• BZ - 790744 - Delete snapshot parent will crash libvirtd
• BZ - 790745 - [Regression]libvirtd dead when create a guest with "--channel pty,target_type=virtio" by virt-install.
• BZ - 790789 - virsh console fails when executed via remote ssh
• BZ - 795093 - [libvirt] missing 'source file' attribute when passing 'optional' param in xml
• BZ - 795127 - pre-migration hook needed at destination
• BZ - 795656 - destroyFlags should raise exception with proper error code
• BZ - 795978 - polkit authorization broken in libvirt 0.9.10
• BZ - 796526 - Improve memory usage readability in guest XML configuration
• BZ - 797066 - Output message error when create a bridge base on an existing network device
• BZ - 798220 - [libvirt]can't start guest with spice
• BZ - 798497 - Plug memory leak on migration
• BZ - 798938 - Snapshot-revert will report error with startupPolicy='requisite' when floppy/cdrom disk is missing
• BZ - 799478 - libvirt emits inappropriate error when using domabortjob to abort stuck migration
• BZ - 800366 - libvirt does not report the system and user cpu usage separately for vms.
• BZ - 801160 - managedsave+restart of <cpu mode='host-model'> VM crashes libvirtd
• BZ - 801443 - Libvirt shouldn't fail on tlsPort setting if none set
• BZ - 801970 - libvirt with QEmu does not support disk filenames with comma
• BZ - 802644 - segfault when attempting to detach non-existent network device
• BZ - 802851 - memory leaks/dangling pointers caused by virDomainDetachDeviceConfig (virsh detach-*)
• BZ - 802854 - memory leak when performing persistent network device update (e.g. virsh domif-setlink --persistent)
• BZ - 802856 - Missing support for persistent hotplug attach/detach of <hostdev> devices
• BZ - 803591 - virsh segfault when attempting to detach disk from non-existent domain
• BZ - 804028 - Cannot roundtrip blkio parameters due to broken deviceWeight handling
• BZ - 806098 - Support qemu 1.0
• BZ - 807147 - virsh snapshot-create --disk-only failed
• BZ - 807555 - Plug memory leak on cmdSnapshotList with failure path
• BZ - 807751 - [libvirt] Failed to set vm niceness with latest libvirt
• BZ - 808371 - libvirtd crashed with SIGSEGV in __strcmp_ssse3()
• BZ - 808459 - USB 2.0 pass-through won't boot guest VM a SECOND time.
• BZ - 808522 - regression in parsing libvirt-generated xml memory limits
• BZ - 808527 - Check for guest agent presence when issuing command
• BZ - 808979 - memory leak in virDomainGetVcpus / virsh vcpuinfo
• BZ - 810100 - occasional segfault while running networkxml2argvtest
• BZ - 810157 - numad: Pre-set memory policy and convert nodeset from numad to CPUs list before affinity setting
• BZ - 810241 - Save the guest to pre-created file on root_squashing export nfs with dynamic_ownership=1 Permission denied
• BZ - 810559 - FTBFS: libvirt has parallel make race that can stop build
• BZ - 811227 - RFE: Ability to specify custom BIOS for QEMU/KVM using <loader> XML (for WHQL testing)
• BZ - 811497 - Deadlock in qemu driver on forced console connection
• BZ - 811683 - deal with change from RHEL 6.2 sync block_job_cancel to RHEL 6.3 async block-job-cancel
• BZ - 813972 - libvirt should reject invalid memory values in xml
• BZ - 814021 - [Doc]There is one typo "virsh list --note" in virsh list manual
• BZ - 814080 - Syscall param rt_sigaction(act->sa_flags) points to uninitialised byte(s)
• BZ - 815270 - [Regression]Libvirtd will die if start a guest with macvtap nic.
• BZ - 815791 - deal with qemu block-job-set-speed race fix
• BZ - 816465 - libvirtd may die after restart the service
• BZ - 816662 - Improve virsh blockpull error message for a offline domain
• BZ - 817078 - libvirtd crashing on rhel 6.3 beta vm
• BZ - 817234 - libvirtd crash when start a net with special MAC address
• BZ - 819014 - blockIoTune modifies live xml even on failure
• BZ - 819498 - libvirt: missing spice channel 'usbredir'
• BZ - 819499 - libvirt: missing spice channel 'default'
• BZ - 819636 - virsh heap corruption due to bad memmove
• BZ - 820461 - numad support is lost in the 6.3 build.
• BZ - 820869 - Fix automatic PCI address assignment for USB2 companion controllers
• BZ - 831164 - CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored

CVEs

• CVE-2012-2693

References

• https://access.redhat.com/security/updates/classification/#low
• https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/libvirt.html#RHSA-2012-0748