RHSA-2013:0886 - Security Advisory

Topic

Updated vdsm packages that fix one security issue and various bugs are now
available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

VDSM is a management module that serves as a Red Hat Enterprise
Virtualization Manager agent on Red Hat Enterprise Virtualization
Hypervisor or Red Hat Enterprise Linux hosts.

A flaw was found in the way unexpected fields in guestInfo dictionaries
were processed. A privileged guest user could potentially use this flaw to
make the host the guest is running on unavailable to the management
server. (CVE-2013-0167)

The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat
Enterprise Virtualization team.

This update also fixes various bugs. Refer to the Technical Notes for
information about these changes:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html

All users managing Red Hat Enterprise Linux Virtualization hosts using Red
Hat Enterprise Virtualization Manager are advised to install these updated
packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise
Virtualization Hypervisor in the next rhev-hypervisor6 errata package.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Virtualization 3.2 x86_64
• Red Hat Virtualization 3 for RHEL 6 x86_64

Fixes

• BZ - 834041 - 3.1 - [vdsm] vdsm losses its connection to libvirt socket on certain case
• BZ - 852956 - 3.2 - prepareForShutdown is not called when connection to libvirt is broken with event: libvirtError: internal error client socket is closed
• BZ - 861701 - 3.2 - need to sync networks between vdsm and libvirt.
• BZ - 871616 - Guest agent information is missing after few VM's migrations
• BZ - 873145 - 3.2 - vdsm [Storage Live Migration]: vm changes state to pause for a few seconds during storage live migration
• BZ - 875487 - 3.2 Failed to break BOND and attach custom MTU networks while VM is running
• BZ - 875775 - 3.2.0 - [Storage] Unable to extend storage domain if PV is in use.
• BZ - 878064 - engine: Error while executing action SetVmTicket: Unexpected exception
• BZ - 879253 - 3.2 - [vdsm] ConnectStoragePool fail with 2 hosts in NFS due to stale cache
• BZ - 880961 - 3.2 - [Upgrade] vdsm daemon not responding after upgrading from vdsm-4.9-113.4.el6_3 to vdsm-4.9.6-44.0.el6_3
• BZ - 881947 - 3.2 [vdsm] getDeviceList is failing with vdsm 4.10.2-1
• BZ - 882276 - 3.2 - [vdsm] Failure upgrading a storage domain to V3 - No space left on device
• BZ - 882667 - vdsm: master domain is partially inaccessible when umount fails for iso/export domain (only on posix master domain over nfs)
• BZ - 883327 - 3.2 - vdsm: Unexpected exception when upgrading local/NFS domain from 3.0 to 3.1
• BZ - 883390 - Attach Storage Domain is failing on FC storage if Create Storage Domain was initiated from Non-Spm host
• BZ - 885418 - vdsm: error log throws exception in forceIscsiScan when vdsm config minimal or maximal timeout parameters are illegel
• BZ - 890572 - If RHEV-H host registered from RHEV-M and later re-registered from RHEV-H, the 'Management Server Port' value cannot be changed.
• BZ - 890983 - vdsm: dumpStorageTable.py exits on KeyError for buildVolumesChain
• BZ - 893193 - 'vdsm.log' does not report the correct vdsm release for RHEV 3.1 versions.
• BZ - 893332 - CVE-2013-0167 vdsm: unfiltered guestInfo dictionary DoS
• BZ - 895912 - Rhevh failed downloading RHEV-M certificate when Register it to RHEV-M via port 80
• BZ - 905930 - Screen is locked immediately after an user auto-logs into guest via SSO from User Portal
• BZ - 910445 - Storage Live Migration of thick disk results in corrupted disk
• BZ - 911209 - vdsm: vm's sent with wipe after delete in NFS storage will not be removed from domain
• BZ - 911417 - After upgrading to RHEL6.3 NFS images permissions are 440 and qemu user cannot start 2.2 vms
• BZ - 912308 - vdsm.log ownership is root:root when log rotate run at the same time as supervdsm writes to the same log file
• BZ - 915068 - vdsm: 'ValueError: field and value cannot include = character' when removing disks
• BZ - 917363 - vdsm: can't remove/export a vm with exception on getAllVolumes
• BZ - 918541 - The VM Channels Listener thread appears to stall , blocking all communication between VDSM and the hosted guest agents.
• BZ - 918666 - Don't fail when a non-existing bond is requested via setupNetworks.
• BZ - 919201 - Warning when migration is delayed/get stuck due to high guest memory writes.
• BZ - 919356 - [RHEVM] [vdsm] unexpected exception on VNIC hot unplug with MAC change
• BZ - 920532 - [scale] Attaching a big number of NFS Storage Domain fails. (fails on too many open files on VDSM side)
• BZ - 920614 - decrease libvirtd log level
• BZ - 920671 - [rhevh upgrade] Reporting a 'Failed to upgrade' to engine, while it really succeeded
• BZ - 920688 - VDSM attribute error exception when trying to write to vdsm log.
• BZ - 922515 - vdsm: vdsm fails to recover after restart with 'AttributeError: 'list' object has no attribute 'split'' error
• BZ - 923773 - vmHotplugDisk failed with "VolumeError: Bad volume specification"
• BZ - 923964 - vdsm: within few seconds after a live snapshot the volume extension requests might be too large
• BZ - 925967 - Debug messages show on TUI just after register to rhevm
• BZ - 925981 - default migration bandwidth capping is not honored anymore
• BZ - 927143 - [vdsm] ShutdownVM fails after plugging shared disk to 2 vms at once due to 'Bad File Descriptor' in vdsm
• BZ - 928217 - Vdsm logs are filling filesystem up - logrotation of vdsm logs doesn't work correctly
• BZ - 928861 - VDSM will fail to start if rsyslogd's configuration is invalid.
• BZ - 947014 - Vdsm fails to decode application list if an application name containing Non-ASCII character is present on guest
• BZ - 948346 - vdsm [UPGRADE]: upgrade to v3 fails when the domain links are missing
• BZ - 948940 - [vdsm] concurrent live storage migration of multiple disks might result in a saveState exception
• BZ - 949192 - [vdsm] [scale] After libvirt failure vdsm restarts and starts responding to XML-RPC after a big delay
• BZ - 951057 - vdsm should report the storage domain version in the statistics
• BZ - 955593 - vdsm errors/Tracebacks when migrating a VM, migration itself is successful
• BZ - 956683 - The default migration_max_bandwidth (32MiBps) & default max_outgoing_migrations (5) will saturate a 1Gbps link.
• BZ - 962549 - VM no longer bootable after snapshot removal

CVEs

• CVE-2013-0167

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html