Red Hat Product Errata RHSA-2018:3470 - Security Advisory

Issued:: 2018-11-05
Updated:: 2018-11-05

RHSA-2018:3470 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat Virtualization security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
glusterfs: Multiple flaws (CVE-2018-10904, CVE-2018-10907, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-10911, CVE-2018-10914, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661, CVE-2018-10913)
samba: Insufficient input validation in libsmbclient (CVE-2018-10858)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting CVE-2018-10904, CVE-2018-10907, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-10911, CVE-2018-10914, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661, and CVE-2018-10913. The CVE-2018-10873 issue was discovered by Frediano Ziglio (Red Hat).

Bug Fix(es):

When upgrading Red Hat Virtualization Host (RHVH), imgbased fails to run garbage collection on previous layers, so new logical volumes are removed, and the boot entry points to a logical volume that was removed.

If the RHVH upgrade finishes successfully, the hypervisor boots successfully, even if garbage collection fails. (BZ#1632058)

During the upgrade process, when lvremove runs garbage collection, it prompts for user confirmation, causing the upgrade process to fail. Now the process uses "lvremove --force" when trying to remove logical volumes and does not fail even if garbage collection fails, and as a result, the upgrade process finishes successfully. (BZ#1632585)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

Red Hat Virtualization 4 for RHEL 7 x86_64
Red Hat Virtualization Host 4 x86_64

Fixes

BZ - 1501276 - RHVH 4.2 should include RHGS 3.4 Batch #1 packages
BZ - 1593731 - [downstream clone - 4.2.7] Rpm verify fails for newly installed libvirt-daemon-config-nwfilter package .
BZ - 1596008 - CVE-2018-10873 spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
BZ - 1601298 - CVE-2018-10904 glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code
BZ - 1601642 - CVE-2018-10907 glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code
BZ - 1601657 - CVE-2018-10911 glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory
BZ - 1607617 - CVE-2018-10914 glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c
BZ - 1607618 - CVE-2018-10913 glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c
BZ - 1610659 - CVE-2018-10923 glusterfs: I/O to arbitrary devices on storage server
BZ - 1612658 - CVE-2018-10927 glusterfs: File status information leak and denial of service
BZ - 1612659 - CVE-2018-10928 glusterfs: Improper resolution of symlinks allows for privilege escalation
BZ - 1612660 - CVE-2018-10929 glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code
BZ - 1612664 - CVE-2018-10930 glusterfs: Files can be renamed outside volume
BZ - 1612805 - CVE-2018-10858 samba: Insufficient input validation in libsmbclient
BZ - 1613143 - CVE-2018-10926 glusterfs: Device files can be created in arbitrary locations
BZ - 1613231 - goferd errors in /var/log/messages of Red Hat Virtualization Host
BZ - 1614971 - Upgrading RHV-H from 4.0.X to 4.2 is failing during migrate_var
BZ - 1619590 - Rebase RHV-H on RHEL 7.6
BZ - 1624453 - Host "hostname" moved to Non-Operational state as host does not meet the cluster's minimum CPU level. Missing CPU features : ssbd, spec_ctrl
BZ - 1626960 - [el7.6]Network parameters IPv4/route/ovirtmgmt are missing during deploying Hosted-Engine
BZ - 1631576 - CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files
BZ - 1632585 - lvremove command will fail if it asks for confirmation while removing old RHV-H layers
BZ - 1632974 - CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service
BZ - 1633431 - CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message
BZ - 1635926 - CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion
BZ - 1635929 - CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service
BZ - 1636880 - CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 7

SRPM
imgbased-1.0.29-1.el7ev.src.rpm	SHA-256: 2d7f8d2b569e6d0864087896011c994693b9371c541cb443832252d863b4810c
redhat-release-virtualization-host-4.2-7.3.el7.src.rpm	SHA-256: 470b8eba77fe93cce6bbc5e149fff9fae49999f6fd3f55bec654e92f4ada058c
x86_64
imgbased-1.0.29-1.el7ev.noarch.rpm	SHA-256: 54708bacb20a36d3f65f424181695d6b028f6a534353becfc9240e4fa9c331d3
python-imgbased-1.0.29-1.el7ev.noarch.rpm	SHA-256: 2b4114b17c12cdf11970978fea4d5a6ed6402b2f87b71889779efd415f7f3bf7
redhat-release-virtualization-host-4.2-7.3.el7.x86_64.rpm	SHA-256: c8cb59b3663da646682dfe09fa44d92971bcb8bb237f72af3b2b0fd250e9b3e1
redhat-virtualization-host-image-update-placeholder-4.2-7.3.el7.noarch.rpm	SHA-256: c94125cf06484ea1ac58ddcbac9857dca6593d10836f6e0d71c6dcb97199df79

Red Hat Virtualization Host 4

SRPM
redhat-virtualization-host-4.2-20181026.0.el7_6.src.rpm	SHA-256: d8942531e54cbf54be924ec07d3f2a4e67fe0f40d1627c0430dc06c5bd704d5b
x86_64
redhat-virtualization-host-image-update-4.2-20181026.0.el7_6.noarch.rpm	SHA-256: f0101beaf442bba273da8463cc98ff733b3e500fd451087814c60a281febc101

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories