RHSA-2013:0888 - Security Advisory

Topic

Red Hat Enterprise Virtualization Manager 3.2 is now available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Red Hat Enterprise Virtualization Manager is a visual tool for centrally
managing collections of virtual servers running Red Hat Enterprise Linux
and Microsoft Windows. This package also includes the Red Hat Enterprise
Virtualization Manager API, a set of scriptable commands that give
administrators the ability to perform queries and operations on Red Hat
Enterprise Virtualization Manager.

It was found that permission checks were not performed on the target
storage domain when cloning a virtual machine from a snapshot. An attacker
could use this flaw to perform a denial of service attack, exhausting free
disk space on the target storage domain. (CVE-2013-2144)

The CVE-2013-2144 issue was discovered by Daniel Erez of Red Hat.

This update also fixes various bugs. Refer to the Technical Notes for
information about these changes:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html

All Red Hat Enterprise Virtualization Manager users are advised to upgrade
to these updated packages, which resolve these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Virtualization 3.2 x86_64

Fixes

• BZ - 829625 - RESTAPI: API should expose hypervisor version
• BZ - 837907 - PRD32 - RFE: Add support for iLO2 and iLO4 as a fencing (Power Management) options [TEXT]
• BZ - 838457 - PRD32 - webadmin: the default of the tree should be expanded with DCs, at least
• BZ - 838469 - PRD32 - [RFE] Support cpu -host (passthrough) for virtual machines
• BZ - 838470 - PRD32 - [RFE] Allow e1000 to be selected as nic type for Windows VM
• BZ - 839205 - ovirt-engine-restapi : [RFE] There is no way to know which hooks are installed on a host
• BZ - 843058 - Can't run large amount of VMs simultaneously. Getting error Cant find VDS to run the VM.
• BZ - 843410 - PRD32 - Allow non plugin automatic invocation of console session (basic - no cd, disconnect reason, etc.)
• BZ - 845022 - ovirt-engine-backend [Quota]: superuser cannot add or run a vm when quota policy is changed to enforce when there is no quota defined
• BZ - 848398 - remove special restrictions on Windows templates names
• BZ - 854489 - PRD32 - webadmin: Add a new Disks tab under the Storage tab in the UI
• BZ - 854535 - PRD32 - bootstrap: support longer bootstrap duration
• BZ - 854540 - PRD32 - pki: use PKCS#12 format to store keys
• BZ - 854964 - [Storage] There is a scenario when VM might have several bootable disks which is wrong.
• BZ - 855630 - [RFE] Add tool tip for configuration a Quota feature
• BZ - 858742 - PRD32 - Networks Main Tab
• BZ - 859762 - ovirt-engine-backend : search engine does not complete values for disks:bootable and disks:sharable
• BZ - 861098 - RESTAPI: Mapping of empty name in user object
• BZ - 861576 - PRD32 - packaging: use yum API
• BZ - 862797 - Rhev-m admin GUI logs actions done by <UNKNOWN> in the Events tab
• BZ - 866123 - PRD32 - RFE: Allow plugins to add events into the engine's event log
• BZ - 866889 - PRD32 - vdsm-bootstrap rewrite
• BZ - 867543 - PRD32 - RFE: collect host bios information
• BZ - 868626 - RESTAPI: api should allow detailed resource listing via header/matrix parameter
• BZ - 870159 - 3.2 - storage: set block schedule elevator using udev
• BZ - 870352 - [ja_JP] Test case failure: Check the message for Alert/Events/Tasks: The Date part of the message contains minutes in the month-section.
• BZ - 871371 - PRD32 - RFE: allow to define termination protection per vm (block delete without a config change)
• BZ - 871802 - [engine-core] Null Pointer Exception when during “preview mode” action, service ovirt-engine restart (TryBackToAllSnapshotsOfVm threw an exception: java.lang.NullPointerException), and all disks VM enter to Locked state
• BZ - 872506 - Importing a VM from an OVF without the diskAlias property with copyCollapse=false will not auto-generate disk aliases
• BZ - 873581 - PCI addresses are deleted when VM Template is imported
• BZ - 874019 - ovirt-engine-backend: Non-operational Hosts that been switched to 'Maintenance' returns to non-operational status when disconnectStoragePool fails.
• BZ - 874080 - PRD32 - [RFE] engine [Live Storage Migration]: cannot concurrently live migrate several disks of the same VM
• BZ - 875527 - PRD32 - bootstrap: do not get unique id at canDoAction
• BZ - 875528 - PRD32 - bootstrap rewrite (engine)
• BZ - 875814 - Use appropriate caching policy for GWT application resources
• BZ - 876109 - Ovirt-engine-backend: AuditLog throws exception when attempting to Add Direct-Lun to VM.
• BZ - 876235 - PRD32 - Do not force fencing proxy to be in UP status
• BZ - 877818 - [RFE] Need indication that GWT app is loading
• BZ - 878064 - engine: Error while executing action SetVmTicket: Unexpected exception
• BZ - 878509 - Power User Portal (a.k.a User Portal "Extended" tab): Improve performace on IE8 / Windows XP
• BZ - 878778 - engine [RACE]: cancel migration will fail because domain no longer exists in src by the time cancel is sent
• BZ - 879291 - left-pane tree: "expand all" should fully-expand only the selected tree-node (and not the entire tree, unless "System" is selected)
• BZ - 879308 - Tree title should be changed
• BZ - 879930 - ovirt-engine-backend [Scalability]: The queries getstorage_domains_by_storagepoolid && getdisksvmguid caused postmaster processes to consume constantly 100%cpu.
• BZ - 880969 - ovirt-engine-backend [Scalability]:Problematic query 'getallfromvms' causes user portal to become stuck after user login.
• BZ - 881024 - PRD32 - [RFE] Adding the ability to remove a VM without removing its disks
• BZ - 882651 - PRD32 - CDROM payload should not interfere with devices of the same type
• BZ - 882807 - PRD32-GLUSTER - Forced removal of a host
• BZ - 882812 - PRD32-GLUSTER - Configuration sync with Gluster CLI
• BZ - 882813 - PRD32-GLUSTER - Import of existing gluster clusters
• BZ - 882824 - PRD32-GLUSTER - search support for gluster volumes
• BZ - 882837 - PRD32 - engine - if connect storage pool fails on version mismatch, do reconstruct master
• BZ - 882847 - upgrade 3.0 to 3.1: event notification is not sent.
• BZ - 883871 - [RESTAPI] Disk move action missing.
• BZ - 885391 - PRD32 - webadmin: support ui-plugins
• BZ - 886133 - PRD32 - [RFE] Add the ability to scan/import existing disk images in a storage domain using REST-API
• BZ - 886709 - PRD32 - bootstrap: fetch logs to engine
• BZ - 886824 - 'Configure Local Disk' does not work properly in Japanese environment
• BZ - 887230 - Units for statistics of host NICs are wrong: BYTES_PER_SECOND should be MEGABYTES_PER_SECOND.
• BZ - 887741 - ISO uploader: on upgrade, change the default port for 'rhevm' in /etc/ovirt-engine/isouploader.conf to localhost:8443 (and not the default 443)
• BZ - 888689 - [User Portal] An user with UserRole assigned to a pool does not see pool's VMs
• BZ - 889795 - engine: we use gzip -9 to zip files in engine instead of xz (vdsm already uses xz)
• BZ - 889985 - [ovirt-engine] auto-recovery for storage server should change to "True", auto-recovery for hosts should be True by default on engine as in DB.
• BZ - 891279 - [RFE] Backend: 'migration complete' event should include the destination VDS, not the source [TEXT]
• BZ - 891280 - [RFE] [Admin Portal] - Add a Console button in Hosts -->VMs tab.
• BZ - 892532 - [ovirt-engine-backend] DB upgrade from 3.0 to 3.1 fails
• BZ - 892724 - engine: java.lang.IndexOutOfB oundsException for undo/commit of preview on snapshot with no disks
• BZ - 894020 - PRD32 - [RFE] spice seamless migration support in win client
• BZ - 894288 - RHEVM GUI: Failure to language selection in specific case
• BZ - 894345 - PRD32 - [RFE] Spice arbitrary resolution
• BZ - 894396 - PRD32 - [RFE] Spice native usb live migration support in win client
• BZ - 894681 - RFE: Engine should support having configurable entries for ldap servers per domain
• BZ - 895049 - Reports should be able to be installed from scratch on an upgraded system
• BZ - 895103 - Provide native dialog for showDialog() UI plugin API instead of browser window
• BZ - 903287 - When creating a network the default network doesn't get chosen.
• BZ - 905446 - Lexicographic sorting by IP when searching for VMs
• BZ - 905564 - [Upgrade] [Live Storage Migration] Auto generated snapshot for Live Storage migration can not be deleted.
• BZ - 907232 - Custom Materialized Views should be treated differently from regular product Materialized Views
• BZ - 907240 - [SetupNetworks] Slaves data sent by the user is being overridden with engine's data
• BZ - 908745 - RFE: change VdsRefreshTimeout to 3 seconds
• BZ - 912449 - [rhevh] can't upgrade to newer version due to 'ovirt ISOs directory not found'
• BZ - 912697 - When importing a VM with collapseSnapshots=false not all images are actually imported
• BZ - 915036 - REST-API : server replies in yaml instead of xml on GET: /api/vms/xxx/reporteddevices
• BZ - 915675 - Gluster volume is stopped, but brick status on the UI is still 'UP'
• BZ - 915950 - Resizable columns in sub-tabs
• BZ - 916582 - REST API - Omit of prefer header doesn't turn off session based authentication
• BZ - 916728 - [ovirt-engine-backend] Upgrade from 3.1 to 3.2 fails
• BZ - 917522 - [RHEVM] [backend] VNIC plug/unplug is incorrectly reported in logs
• BZ - 917698 - [User Portal] VM action buttons are now missing static IDs (needed for automated testing)
• BZ - 917719 - engine: CreateAllSnapshotsFromVm threw an exception during vdsm restart
• BZ - 919672 - [webadmin] After import vm/template values in subtab general of vm/template stuck.
• BZ - 921201 - rhevm-upgrade is failing between si26.4 to si27.4 (3.1.3) in async task cleanup
• BZ - 923443 - Gateway is not defined after bonding the RHEVM interface.
• BZ - 923614 - procedures are owned by postgres instead of engine user
• BZ - 923992 - engine: engine deletes live storage migration destination copy after finish the copy (storage live migration doesn't work)
• BZ - 924605 - Spice proxy setting in console configuration popup dialog
• BZ - 948282 - Transaction errror during CreateSnapshotFromTemplate (child of AddVmCommand)
• BZ - 950073 - import reported as successful too early
• BZ - 953690 - VM taken by a user from a prestarted pool does not show as "Up" until page refreshed
• BZ - 956378 - please add tool-tips for grid column-headers
• BZ - 957051 - Add spice console invocation method switching to console dialog
• BZ - 957611 - Add the 'mount ISO from SPICE client' functionality back into RHEV
• BZ - 971058 - CVE-2013-2144 rhevm: insufficient target domain permission check when cloning a VM from a snapshot

CVEs

• CVE-2013-2144

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html