Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2013:0888 - Security Advisory
Issued:
2013-06-10
Updated:
2013-06-10

RHSA-2013:0888 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat Enterprise Virtualization Manager 3.2 update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat Enterprise Virtualization Manager 3.2 is now available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Red Hat Enterprise Virtualization Manager is a visual tool for centrally
managing collections of virtual servers running Red Hat Enterprise Linux
and Microsoft Windows. This package also includes the Red Hat Enterprise
Virtualization Manager API, a set of scriptable commands that give
administrators the ability to perform queries and operations on Red Hat
Enterprise Virtualization Manager.

It was found that permission checks were not performed on the target
storage domain when cloning a virtual machine from a snapshot. An attacker
could use this flaw to perform a denial of service attack, exhausting free
disk space on the target storage domain. (CVE-2013-2144)

The CVE-2013-2144 issue was discovered by Daniel Erez of Red Hat.

This update also fixes various bugs. Refer to the Technical Notes for
information about these changes:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html

All Red Hat Enterprise Virtualization Manager users are advised to upgrade
to these updated packages, which resolve these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Virtualization 3.2 x86_64

Fixes

  • BZ - 829625 - RESTAPI: API should expose hypervisor version
  • BZ - 837907 - PRD32 - RFE: Add support for iLO2 and iLO4 as a fencing (Power Management) options [TEXT]
  • BZ - 838457 - PRD32 - webadmin: the default of the tree should be expanded with DCs, at least
  • BZ - 838469 - PRD32 - [RFE] Support cpu -host (passthrough) for virtual machines
  • BZ - 838470 - PRD32 - [RFE] Allow e1000 to be selected as nic type for Windows VM
  • BZ - 839205 - ovirt-engine-restapi : [RFE] There is no way to know which hooks are installed on a host
  • BZ - 843058 - Can't run large amount of VMs simultaneously. Getting error Cant find VDS to run the VM.
  • BZ - 843410 - PRD32 - Allow non plugin automatic invocation of console session (basic - no cd, disconnect reason, etc.)
  • BZ - 845022 - ovirt-engine-backend [Quota]: superuser cannot add or run a vm when quota policy is changed to enforce when there is no quota defined
  • BZ - 848398 - remove special restrictions on Windows templates names
  • BZ - 854489 - PRD32 - webadmin: Add a new Disks tab under the Storage tab in the UI
  • BZ - 854535 - PRD32 - bootstrap: support longer bootstrap duration
  • BZ - 854540 - PRD32 - pki: use PKCS#12 format to store keys
  • BZ - 854964 - [Storage] There is a scenario when VM might have several bootable disks which is wrong.
  • BZ - 855630 - [RFE] Add tool tip for configuration a Quota feature
  • BZ - 858742 - PRD32 - Networks Main Tab
  • BZ - 859762 - ovirt-engine-backend : search engine does not complete values for disks:bootable and disks:sharable
  • BZ - 861098 - RESTAPI: Mapping of empty name in user object
  • BZ - 861576 - PRD32 - packaging: use yum API
  • BZ - 862797 - Rhev-m admin GUI logs actions done by <UNKNOWN> in the Events tab
  • BZ - 866123 - PRD32 - RFE: Allow plugins to add events into the engine's event log
  • BZ - 866889 - PRD32 - vdsm-bootstrap rewrite
  • BZ - 867543 - PRD32 - RFE: collect host bios information
  • BZ - 868626 - RESTAPI: api should allow detailed resource listing via header/matrix parameter
  • BZ - 870159 - 3.2 - storage: set block schedule elevator using udev
  • BZ - 870352 - [ja_JP] Test case failure: Check the message for Alert/Events/Tasks: The Date part of the message contains minutes in the month-section.
  • BZ - 871371 - PRD32 - RFE: allow to define termination protection per vm (block delete without a config change)
  • BZ - 871802 - [engine-core] Null Pointer Exception when during “preview mode” action, service ovirt-engine restart (TryBackToAllSnapshotsOfVm threw an exception: java.lang.NullPointerException), and all disks VM enter to Locked state
  • BZ - 872506 - Importing a VM from an OVF without the diskAlias property with copyCollapse=false will not auto-generate disk aliases
  • BZ - 873581 - PCI addresses are deleted when VM Template is imported
  • BZ - 874019 - ovirt-engine-backend: Non-operational Hosts that been switched to 'Maintenance' returns to non-operational status when disconnectStoragePool fails.
  • BZ - 874080 - PRD32 - [RFE] engine [Live Storage Migration]: cannot concurrently live migrate several disks of the same VM
  • BZ - 875527 - PRD32 - bootstrap: do not get unique id at canDoAction
  • BZ - 875528 - PRD32 - bootstrap rewrite (engine)
  • BZ - 875814 - Use appropriate caching policy for GWT application resources
  • BZ - 876109 - Ovirt-engine-backend: AuditLog throws exception when attempting to Add Direct-Lun to VM.
  • BZ - 876235 - PRD32 - Do not force fencing proxy to be in UP status
  • BZ - 877818 - [RFE] Need indication that GWT app is loading
  • BZ - 878064 - engine: Error while executing action SetVmTicket: Unexpected exception
  • BZ - 878509 - Power User Portal (a.k.a User Portal "Extended" tab): Improve performace on IE8 / Windows XP
  • BZ - 878778 - engine [RACE]: cancel migration will fail because domain no longer exists in src by the time cancel is sent
  • BZ - 879291 - left-pane tree: "expand all" should fully-expand only the selected tree-node (and not the entire tree, unless "System" is selected)
  • BZ - 879308 - Tree title should be changed
  • BZ - 879930 - ovirt-engine-backend [Scalability]: The queries getstorage_domains_by_storagepoolid && getdisksvmguid caused postmaster processes to consume constantly 100%cpu.
  • BZ - 880969 - ovirt-engine-backend [Scalability]:Problematic query 'getallfromvms' causes user portal to become stuck after user login.
  • BZ - 881024 - PRD32 - [RFE] Adding the ability to remove a VM without removing its disks
  • BZ - 882651 - PRD32 - CDROM payload should not interfere with devices of the same type
  • BZ - 882807 - PRD32-GLUSTER - Forced removal of a host
  • BZ - 882812 - PRD32-GLUSTER - Configuration sync with Gluster CLI
  • BZ - 882813 - PRD32-GLUSTER - Import of existing gluster clusters
  • BZ - 882824 - PRD32-GLUSTER - search support for gluster volumes
  • BZ - 882837 - PRD32 - engine - if connect storage pool fails on version mismatch, do reconstruct master
  • BZ - 882847 - upgrade 3.0 to 3.1: event notification is not sent.
  • BZ - 883871 - [RESTAPI] Disk move action missing.
  • BZ - 885391 - PRD32 - webadmin: support ui-plugins
  • BZ - 886133 - PRD32 - [RFE] Add the ability to scan/import existing disk images in a storage domain using REST-API
  • BZ - 886709 - PRD32 - bootstrap: fetch logs to engine
  • BZ - 886824 - 'Configure Local Disk' does not work properly in Japanese environment
  • BZ - 887230 - Units for statistics of host NICs are wrong: BYTES_PER_SECOND should be MEGABYTES_PER_SECOND.
  • BZ - 887741 - ISO uploader: on upgrade, change the default port for 'rhevm' in /etc/ovirt-engine/isouploader.conf to localhost:8443 (and not the default 443)
  • BZ - 888689 - [User Portal] An user with UserRole assigned to a pool does not see pool's VMs
  • BZ - 889795 - engine: we use gzip -9 to zip files in engine instead of xz (vdsm already uses xz)
  • BZ - 889985 - [ovirt-engine] auto-recovery for storage server should change to "True", auto-recovery for hosts should be True by default on engine as in DB.
  • BZ - 891279 - [RFE] Backend: 'migration complete' event should include the destination VDS, not the source [TEXT]
  • BZ - 891280 - [RFE] [Admin Portal] - Add a Console button in Hosts -->VMs tab.
  • BZ - 892532 - [ovirt-engine-backend] DB upgrade from 3.0 to 3.1 fails
  • BZ - 892724 - engine: java.lang.IndexOutOfB oundsException for undo/commit of preview on snapshot with no disks
  • BZ - 894020 - PRD32 - [RFE] spice seamless migration support in win client
  • BZ - 894288 - RHEVM GUI: Failure to language selection in specific case
  • BZ - 894345 - PRD32 - [RFE] Spice arbitrary resolution
  • BZ - 894396 - PRD32 - [RFE] Spice native usb live migration support in win client
  • BZ - 894681 - RFE: Engine should support having configurable entries for ldap servers per domain
  • BZ - 895049 - Reports should be able to be installed from scratch on an upgraded system
  • BZ - 895103 - Provide native dialog for showDialog() UI plugin API instead of browser window
  • BZ - 903287 - When creating a network the default network doesn't get chosen.
  • BZ - 905446 - Lexicographic sorting by IP when searching for VMs
  • BZ - 905564 - [Upgrade] [Live Storage Migration] Auto generated snapshot for Live Storage migration can not be deleted.
  • BZ - 907232 - Custom Materialized Views should be treated differently from regular product Materialized Views
  • BZ - 907240 - [SetupNetworks] Slaves data sent by the user is being overridden with engine's data
  • BZ - 908745 - RFE: change VdsRefreshTimeout to 3 seconds
  • BZ - 912449 - [rhevh] can't upgrade to newer version due to 'ovirt ISOs directory not found'
  • BZ - 912697 - When importing a VM with collapseSnapshots=false not all images are actually imported
  • BZ - 915036 - REST-API : server replies in yaml instead of xml on GET: /api/vms/xxx/reporteddevices
  • BZ - 915675 - Gluster volume is stopped, but brick status on the UI is still 'UP'
  • BZ - 915950 - Resizable columns in sub-tabs
  • BZ - 916582 - REST API - Omit of prefer header doesn't turn off session based authentication
  • BZ - 916728 - [ovirt-engine-backend] Upgrade from 3.1 to 3.2 fails
  • BZ - 917522 - [RHEVM] [backend] VNIC plug/unplug is incorrectly reported in logs
  • BZ - 917698 - [User Portal] VM action buttons are now missing static IDs (needed for automated testing)
  • BZ - 917719 - engine: CreateAllSnapshotsFromVm threw an exception during vdsm restart
  • BZ - 919672 - [webadmin] After import vm/template values in subtab general of vm/template stuck.
  • BZ - 921201 - rhevm-upgrade is failing between si26.4 to si27.4 (3.1.3) in async task cleanup
  • BZ - 923443 - Gateway is not defined after bonding the RHEVM interface.
  • BZ - 923614 - procedures are owned by postgres instead of engine user
  • BZ - 923992 - engine: engine deletes live storage migration destination copy after finish the copy (storage live migration doesn't work)
  • BZ - 924605 - Spice proxy setting in console configuration popup dialog
  • BZ - 948282 - Transaction errror during CreateSnapshotFromTemplate (child of AddVmCommand)
  • BZ - 950073 - import reported as successful too early
  • BZ - 953690 - VM taken by a user from a prestarted pool does not show as "Up" until page refreshed
  • BZ - 956378 - please add tool-tips for grid column-headers
  • BZ - 957051 - Add spice console invocation method switching to console dialog
  • BZ - 957611 - Add the 'mount ISO from SPICE client' functionality back into RHEV
  • BZ - 971058 - CVE-2013-2144 rhevm: insufficient target domain permission check when cloning a VM from a snapshot

CVEs

  • CVE-2013-2144

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 3.2

SRPM
x86_64
rhevm-3.2.0-11.30.el6ev.noarch.rpm SHA-256: bc0a8ffe8802404104f25f8dbc7d35ce6a376ceef6abb8d59b7e6b2d7b673de4
rhevm-backend-3.2.0-11.30.el6ev.noarch.rpm SHA-256: ce5f0d36734c1d720d19688d47af53021b7b416d8066c22a054ac0016bd27df7
rhevm-config-3.2.0-11.30.el6ev.noarch.rpm SHA-256: 9878813e9165a1e2b95aab88c470a07f944998d95318e4b73ea4dfa02b1abcc3
rhevm-dbscripts-3.2.0-11.30.el6ev.noarch.rpm SHA-256: 08360d855735c062a65bdb47d4d60072543dc08ff18097443c674701af1f9b61
rhevm-genericapi-3.2.0-11.30.el6ev.noarch.rpm SHA-256: 609123d5d69c53dbaaf20a4b1929d99b64dcbdcb9bcc6d37db32a4096c2c2c13
rhevm-notification-service-3.2.0-11.30.el6ev.noarch.rpm SHA-256: 9130659a649c7e3996ffdbc898f258fefcdd8fe54a96354cbdff958475ca020c
rhevm-restapi-3.2.0-11.30.el6ev.noarch.rpm SHA-256: a384c3ba6ad5ac2a79efdd854ef3690bc22dc80d40b7657beeffad3b0c2c3c1f
rhevm-setup-3.2.0-11.30.el6ev.noarch.rpm SHA-256: caae8dc71d5b9ce632ace3ff95bfe413ea1b5fcbf322380d4dbc8f2a5702a1e6
rhevm-setup-plugin-allinone-3.2.0-11.30.el6ev.noarch.rpm SHA-256: c03004e77cc2acf709a9b4a0a2c8ac65e2dc4e9016522ed4c5955f7b36814ba4
rhevm-tools-common-3.2.0-11.30.el6ev.noarch.rpm SHA-256: 3f7e6a99915722331f078ed18a0486afdccf395c81b03611050d95723ac138b1
rhevm-userportal-3.2.0-11.30.el6ev.noarch.rpm SHA-256: 4162c8fe89ae19b60778f99bfebc4889d97fde144e0803c288e17847377ea917
rhevm-webadmin-portal-3.2.0-11.30.el6ev.noarch.rpm SHA-256: db1636e11cbc06dfe07953d65effb19938e4569592c0c7adcd6f7a1b9ab35312

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility