RHSA-2014:0038 - Security Advisory

Topic

Red Hat Enterprise Virtualization Manager 3.3 is now available.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

Red Hat Enterprise Virtualization Manager is a visual tool for centrally
managing collections of virtual servers running Red Hat Enterprise Linux
and Microsoft Windows. This package also includes the Red Hat Enterprise
Virtualization Manager API, a set of scriptable commands that give
administrators the ability to perform queries and operations on Red Hat
Enterprise Virtualization Manager.

A flaw was found in the way Red Hat Enterprise Virtualization Manager
relayed SPICE connection information to remote-viewer when a native SPICE
client invocation method was used. As a result, remote-viewer attempted an
insecure connection first and only switched to a secure connection when
requested by the SPICE server. An attacker able to intercept the SPICE
connection could use this flaw to conduct man-in-the-middle attacks.
(CVE-2013-6434)

Red Hat would like to thank Michael Samuel of Amcom for reporting this
issue.

This update also fixes several bugs and adds various enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All Red Hat Enterprise Virtualization Manager users are advised to upgrade
to these updated packages, which resolve these issues and add these
enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Virtualization 3.3 x86_64

Fixes

• BZ - 787578 - PRD33 - RFE: add support for multiple monitors on QXL device (single device with more RAM)
• BZ - 825801 - PRD33 - [webadmin] RFE: Improve bonding logic
• BZ - 829672 - [RFE] RESTAPI: vm/template Import candidates should have /disks sub-collection
• BZ - 835543 - PRD33 - RFE: Allow to edit file (nfs/posix/local) domain connections (incl. advanced options)
• BZ - 838456 - PRD33 - [RFE] Localization of landing / welcome / splash page
• BZ - 838527 - [rhevm] unable to start ovirt-engine if service crash and pid is left
• BZ - 853739 - [RFE] RESTAPI: On action api returns parameters in response body instead of actual action result
• BZ - 859727 - [RFE] There is no way to distinguish between user and group in search
• BZ - 863211 - PRD33 - predictable host timeouts for ha/fencing (backend - vdsNotResponding takes too long before fence host)
• BZ - 867642 - PRD33 - add spm priority to host general subtab
• BZ - 872719 - PRD33 - [RFE] Add support for adding and managing external tasks
• BZ - 873795 - PRD33 - Default time zone in New VM dialog
• BZ - 879904 - engine: engine fails to connect to DB and cannot be started with NPE
• BZ - 880773 - [RFE] [rhevm-upgrade] during upgrade rhev-guest-tools-iso is not updated to latest version and remains with old version
• BZ - 885135 - [RFE] provide a more informative message in event when a VM started in Paused Mode
• BZ - 886840 - [RFE] RSDL : Add the option to set custom ticket to a VM
• BZ - 889271 - PRD33 - [RFE] RHEV should log and keep track of the versions installed and upgraded
• BZ - 890568 - PRD33 - [RFE] Branding as external package
• BZ - 891056 - PRD33 - [RFE] Normalized ovirtmgmt Initialization - provision mgmt network post bootstrap
• BZ - 892642 - Disk permission don't disappear after disk is deleted(is shown as 'null(Disk)').
• BZ - 902353 - PRD33 - Web Admin: There is no way to define VM default host using RunOnce [RFE]
• BZ - 907491 - [Admin Portal] improve/fix grid/tab content loading animation
• BZ - 908327 - Trying to import a template again after a previously failed import attempt results in 'Error while executing action: Cannot copy Template. The Storage Domain already contains the target disk(s)'
• BZ - 908656 - PRD33 - [RFE] Add VDSM hook for hotplug disk
• BZ - 908835 - [RFE] [Admin Portal] Copying a quota drops consumers and permissions
• BZ - 909270 - [RFE] [User Portal] RDP console opened from User Portal does not pass clipboard
• BZ - 909930 - PRD33 - Add 'Create Snapshot' as an action on a VM
• BZ - 912076 - PRD33 - Implement a plug-in scheduler implementation that interfaces to external scheduler via scheduling API and SDK
• BZ - 912258 - [RFE] [Admin Portal] "No $objects to display" text missing in some sub-tabs
• BZ - 915778 - [RFE][RHEVM] [webadmin] Network Interfaces statistics are not shown for VM unless VNIC is selected
• BZ - 915904 - [RFE] Improve performance for General sub-tabs
• BZ - 916832 - [RFE] Allow to set VncKeyboardLayout via REST API per VM
• BZ - 916866 - PRD33 - Allow to set VncKeyboardLayout in GUI
• BZ - 917586 - [RFE] Use /etc/ovirt-engine/engine.conf for local configuration instead of /etc/sysconfig/ovirt-engine
• BZ - 918890 - PRD33 - Allow non plugin automatic invocation of RDP session (basic - no cd, disconnect reason, etc.)
• BZ - 920694 - engine: deactivating the master domain and concurrently putting all hosts in maintenance leaves hosts non-op upon activation
• BZ - 921544 - PRD33 - LUNs 'In Use' field is confusing
• BZ - 922475 - PRD33 - [RFE] Backup and Restore API for Independent Software Vendors
• BZ - 922504 - PRD33 - ovirt-engine-backend: Distinguish between regular and force removal of data center events
• BZ - 922609 - Cannot edit description field of running VMs - Need to stop and restart the guest for a new description to be effected.
• BZ - 926928 - [RFE] RHEVM-API: Add /applications sub-collection under vm
• BZ - 947977 - PRD33 - [RFE] Support a watchdog VM device in the engine
• BZ - 948481 - use logrotate instead of proprietary solution to handle log rotation
• BZ - 948744 - Some java exceptions are not logged to the log file
• BZ - 949281 - Hibernate VM was started for a VM that has already Hibernate VM run for.
• BZ - 949484 - Underscores in tag names break tags
• BZ - 950768 - Windows XP guest fails to start when enabling native USB support.
• BZ - 952107 - Under certain circumstances live storage migration failure leaves images split among old and new storage as well as tasks running in database
• BZ - 952297 - PRD33 - ovirt-engine service re-work
• BZ - 953614 - Automatic logout does not always happen as per UserSessionTimeOutInterval value
• BZ - 953989 - PRD33 - Events main tab / sub-tabs Must Support the UI Plug-in Model
• BZ - 955498 - Desktop VM from RHEV 3.0 does not have any sound device after importing to RHEV 3.1
• BZ - 957703 - engine: can't live migrate vm's disk after a failure because image already exists in the target
• BZ - 957729 - [RFE] Expose VM Limit config values to rhevm-config
• BZ - 959879 - [REST-API] Update of power management by sending entire host representation is ignored
• BZ - 960931 - PRD33 - RFE: live snapshot with cpu/memory/disk status
• BZ - 961645 - PRD33 - [RHEVM-RHS] Bootstrapping should set iptables rules, allowing gluster process on RHS Nodes
• BZ - 962162 - PRD33 - [RFE] [host-deploy] support ssh public key authentication
• BZ - 962177 - [rhevm-dwh] - ETL Reports error when a Single Host in setup is Non-Responsive ("ETL service sampling has encountered an error")
• BZ - 965179 - [RFE] Add delete-this-file feature support to the engine
• BZ - 966003 - Changing vmpool's quota is ignored.
• BZ - 966192 - PRD33 - AuditLogDirector.log(*) methods should also update engine.log
• BZ - 966198 - PRD33 - Add new column to audit_log SQL table for stack trace
• BZ - 966980 - backup.sh return code always 0 even on error
• BZ - 967268 - boot order has been changed after unexpected reboot
• BZ - 967278 - PRD33 - [RFE] Foreman as host provider
• BZ - 967327 - PRD33 - Add support for OpenLDAP as domain provider
• BZ - 967328 - PRD33 - add soft fencing over SSH (restart VDSM) as a preliminary step before fencing a None-Responsive host
• BZ - 967353 - PRD33 - force Apache proxy on upgrade and clean install
• BZ - 967516 - PRD33 - Tech Preview - Add support for Neutron based networks
• BZ - 967541 - PRD33 - custom properties per vnic / device
• BZ - 967572 - PRD33 - mom integration - balloon to try and get memory up to guaranteed memory
• BZ - 967573 - PRD33 - alert on VMs not respecting balloon
• BZ - 967574 - PRD33 - engine monitoring/balancing VMs not getting guaranteed memory
• BZ - 967604 - engine: AutoRecovery of host fails and host is set as NonOperational when export domain continues to be reported with error code 358
• BZ - 967987 - Provide additional logging at JndiAction level that would show credentials chosen for manage-domains authentication
• BZ - 968178 - [RHEVM-RHS] Should check for gluster capabilities when moving host from virt to gluster cluster
• BZ - 968499 - PRD33 - upgrade gwt framework to 2.5
• BZ - 970046 - PRD33 - gluster - Supporting RHS hooks through RHEV-M
• BZ - 970195 - webadmin portal only reports VMs in "Up" status in the "Load" column
• BZ - 970948 - PRD33 - Quota support
• BZ - 971237 - RHEVM slow due to stored procedure getdisksvmguid() consuming most CPU
• BZ - 971346 - Rhevm-setup misguides user with regards to steps for rhevm-reports upgrade
• BZ - 971695 - webadmin: Events main tab: When applying an Events search filter (which results in few items) by hitting "Enter" - duplicate entries are shown.
• BZ - 972455 - PRD33 - Select SPM as default host for new storage dialog
• BZ - 973383 - Upgrade from RHEV-M 3.1 to 3.2 failed with 'GroupsError: No Groups Available in any repository'
• BZ - 974066 - PRD33 - externalize vm level configuration values to a property file
• BZ - 974148 - RHEV-M AD authentication does not work if one of the DCs is defunct.
• BZ - 974982 - make rhevm-config to set TZ
• BZ - 975097 - PRD33 - glance import/export templates and raw floating disks
• BZ - 976671 - Recreate trust store when upgrading
• BZ - 977322 - rest-api: Missing node <snapshot_states> in /api/capabilities
• BZ - 977689 - After enable concurrent option under host power management fencing begin failed
• BZ - 978268 - Unable to put a host into maintenance because VMs previously managed by vdsm are running on the host
• BZ - 979763 - [engine-setup] setup fails when selinux is disabled
• BZ - 980486 - Attaching a network to a host's nic inherits the host nic's IP to the new network
• BZ - 980926 - Upgrade from 3.2.0-11.30 to 3.2.0-11.37 fails during 'Preparing CA' stage.
• BZ - 982050 - VM UUID is not shown prominently in Web UI
• BZ - 982527 - Disk entries remain in database after deleting the datacenter
• BZ - 982636 - Cloning VM from snapshot of another VM results in corruption of original VM
• BZ - 983120 - PRD33 - Provide MoTD on logon screen
• BZ - 983295 - Unable to bypass FQDN requirement for rhevm-setup
• BZ - 985635 - Changing email address for event notification results in error "User is already subscribed to this event with the same Notification method"
• BZ - 986700 - [user portal] RHEVM slow due to stored procedure getdisksvmguid() consuming most CPU
• BZ - 986979 - It is not possible to assign any network to an cluster in WebAdmin portal.
• BZ - 987783 - Live Storage Migration attempted on an unplugged disk of a running VM (instead of a simple cold move)
• BZ - 988259 - [Admin Portal] Cannot update VM properties - Field timeZone can not be updated when status is Up
• BZ - 989041 - Unable to detach VMs from a pool if pool contains more than 100 VMs
• BZ - 993123 - REST-API doesn't return statistics for VLAN tagged interfaces
• BZ - 994218 - Rhev-m admin GUI logs actions done by <UNKNOWN> in the Events tab
• BZ - 994463 - Failed attached Export Storage Domain - Could not obtain lock
• BZ - 995501 - [host-deploy] block concurrent installation for same host
• BZ - 996816 - Unable to create a windows 2012 ( 64bit ) VM with 32GB memory
• BZ - 999812 - RestAPI URI template style query for 'users' and 'disks' resources do not work.
• BZ - 1000789 - Failed to create VM from template without any image disks
• BZ - 1002401 - [RFE] backup/restore: support restoring to different database location
• BZ - 1002664 - Failures to remove images from an import domain result in imported images on data domains being marked as illegal.
• BZ - 1003117 - Make UseSecureConnectionWithServers config option availabe via rhevm-config
• BZ - 1004066 - Host: Exit message: internal error No more available PCI addresses
• BZ - 1005256 - When deleting snapshots created for Live Storage Migration, RHEV removes the source disk rather than the snapshot
• BZ - 1006659 - prestarted VMs in a pool do not use sysprep file
• BZ - 1012798 - [RFE] [webadmin] pin left pane to dialog window in New logical network dialog
• BZ - 1013860 - "Resources" tab on the Power User Portal unable to display all virtual machine disks
• BZ - 1015148 - [RFE] Ability to see additional detail on Storage summary in the RHEV-M environment
• BZ - 1015638 - VmPoolMonitor throws a NullPointerException while starting a guest that in turn remains down with its images locked.
• BZ - 1018201 - CPU pinning option is not available for the VMs running on "Local on Host" type DataCenter.
• BZ - 1021326 - Max Memory Over Commitment's units should use percentage and not "MB"
• BZ - 1023131 - DestroyVDSCommand called after CancelMigrateVDSCommand failure when attempting to cancel multiple live migrations at a time
• BZ - 1023952 - [RFE] [RHEVM][webadmin] vNIC profile screens are missing features
• BZ - 1028966 - require openjdk version which solves the memory leak in RHEV-M: service ovirt-engine gets OOM killed after few days of uptime
• BZ - 1029106 - getallfromvmtemplates stored in procedure execution takes long time making VM creation take long time when having more than 80 templates
• BZ - 1029177 - taskcleaner.sh '-l' option does not produce logfile
• BZ - 1032807 - TryBackToAllSnapshotsOfVm threw NullPointerException during snapshot-preview because of random disk attached to VM
• BZ - 1037894 - rhevm-manage-domains fails to update ldapServers entries when using action=edit
• BZ - 1039839 - CVE-2013-6434 rhev: remote-viewer spice tls-stripping issue

CVEs

• CVE-2013-6434

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html/Technical_Notes/chap-RHSA-20140038_-_rhevm.html