Red Hat Product Errata RHSA-2019:0458 - Security Advisory
Issued:
2019-03-05
Updated:
2019-03-05

RHSA-2019:0458 - Security Advisory

Synopsis

Moderate: vdsm security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.

The following packages have been upgraded to a later upstream version: vdsm (4.20.47). (BZ#1677458)

Security Fix(es):

  • vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • VDSM attempted to collect OpenStack related information, even on hosts that are not connected to OpenStack, and displayed a repeated error message in the system log. In this release, errors originating from OpenStack related information are not recorded in the system log. As a result, the system log is quieter. (BZ#1673765)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le

Fixes

  • BZ - 1673765 - Messages log spammed with ovs|00001|db_ctl_base|ERR|no key "odl_os_hostconfig_hostid"
  • BZ - 1677108 - CVE-2019-3831 vdsm: privilege escalation to root via systemd_run

Red Hat Virtualization 4 for RHEL 7

SRPM
vdsm-4.20.47-1.el7ev.src.rpm SHA-256: 9d72d659389b78cbee88fcf29439516814ad8519daa057aabbea8e047ca203d6
x86_64
vdsm-4.20.47-1.el7ev.x86_64.rpm SHA-256: 5a4963a73597c57d44ae8a1eb81feff327b8473f5974648eabcff8f2cb9de710
vdsm-api-4.20.47-1.el7ev.noarch.rpm SHA-256: 6976f745166570968e96571fa9c1c5f4b89ebaf319b0a20af5aa9a34d3937d71
vdsm-client-4.20.47-1.el7ev.noarch.rpm SHA-256: 605dec475df75b5b3eac419def88e8646a3c81f17b1b49416ee9dcca63df43b5
vdsm-common-4.20.47-1.el7ev.noarch.rpm SHA-256: 95f4879891173ec07c85fb8166ce97ac4ec3d567fc6a37e758d1c97e6d8c606a
vdsm-gluster-4.20.47-1.el7ev.x86_64.rpm SHA-256: 233d8fb60f15609ab7f20ca4e95332566b2969ad2081636d189bb818c862130f
vdsm-hook-checkips-4.20.47-1.el7ev.x86_64.rpm SHA-256: b4656e03cbbc30dd038a2fb966e0e193776c8667e786b9c6423ccfdcdb8cb8ea
vdsm-hook-cpuflags-4.20.47-1.el7ev.noarch.rpm SHA-256: 5ac4b9a21b5e36537abf4ccfae7b4fa1992af1c769770f2c031cd879f47c0cec
vdsm-hook-ethtool-options-4.20.47-1.el7ev.noarch.rpm SHA-256: 3433c8ed2cdbd7c275d4eb69b7615d4a600c82bfa269deba9f11e481573899b7
vdsm-hook-extra-ipv4-addrs-4.20.47-1.el7ev.x86_64.rpm SHA-256: 138de64ee5d6e6b8b6aca8441f5c9aedb4d11a88a51af0fa11ebf9c8757dab12
vdsm-hook-fcoe-4.20.47-1.el7ev.noarch.rpm SHA-256: cf6ea94ac99c0254417b2493c94a215620728a33b41c9521de73207f63ed21d4
vdsm-hook-localdisk-4.20.47-1.el7ev.noarch.rpm SHA-256: 847c0bd699c5436c3b1f21818c527f86c6580ec8423a501cc9f1b24767743300
vdsm-hook-macspoof-4.20.47-1.el7ev.noarch.rpm SHA-256: 341cd3fe3554bf6108f74fe83b91ad7736197b9c476670d1d533616ff807b906
vdsm-hook-nestedvt-4.20.47-1.el7ev.noarch.rpm SHA-256: a36b20199641a4ec9cfc117fba27d681bb2a6c61219a429bce3835560326dd11
vdsm-hook-openstacknet-4.20.47-1.el7ev.noarch.rpm SHA-256: 52f0c99c80bb7f72ee87a9b4a7e82032b2364a9dcdd33f0b99c0e38e3042567d
vdsm-hook-vhostmd-4.20.47-1.el7ev.noarch.rpm SHA-256: 61fe79a23ec48acfc7f21675015701a1f9da362e36477623d7ed1a0e8f0b90c2
vdsm-hook-vmfex-dev-4.20.47-1.el7ev.noarch.rpm SHA-256: 536a6e9e46a5371a90a29c51f2372c9670ad6b5a7a74e339988c57ed8eefcf36
vdsm-http-4.20.47-1.el7ev.noarch.rpm SHA-256: 26f6b659b0f4e75890456ffcd53ddf1241977a62061229853f7285febdb684db
vdsm-jsonrpc-4.20.47-1.el7ev.noarch.rpm SHA-256: fb4cd17b3009cc3354db160d9e03add4edf2b35d91721a7dbf273032fdf8084d
vdsm-network-4.20.47-1.el7ev.x86_64.rpm SHA-256: 6cea26a60df2c7bb1d74a745ef2c519aac66114608e403f2e7b09b677dbbbd05
vdsm-python-4.20.47-1.el7ev.noarch.rpm SHA-256: f8e68fa51f9221e79f412a56ab4a8faa943fb738b00f1345e093c37380267d9b
vdsm-yajsonrpc-4.20.47-1.el7ev.noarch.rpm SHA-256: 5f3b179422d9730c76cac7708284966b6bf72a01cc7633065f737a53bd2ba969

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
vdsm-4.20.47-1.el7ev.src.rpm SHA-256: 9d72d659389b78cbee88fcf29439516814ad8519daa057aabbea8e047ca203d6
ppc64le
vdsm-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 6c2b252ca3ff6c4fa2b081001e7b87f61cfce9001601cb5b1812d0d819463da5
vdsm-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 6c2b252ca3ff6c4fa2b081001e7b87f61cfce9001601cb5b1812d0d819463da5
vdsm-api-4.20.47-1.el7ev.noarch.rpm SHA-256: 6976f745166570968e96571fa9c1c5f4b89ebaf319b0a20af5aa9a34d3937d71
vdsm-api-4.20.47-1.el7ev.noarch.rpm SHA-256: 6976f745166570968e96571fa9c1c5f4b89ebaf319b0a20af5aa9a34d3937d71
vdsm-client-4.20.47-1.el7ev.noarch.rpm SHA-256: 605dec475df75b5b3eac419def88e8646a3c81f17b1b49416ee9dcca63df43b5
vdsm-client-4.20.47-1.el7ev.noarch.rpm SHA-256: 605dec475df75b5b3eac419def88e8646a3c81f17b1b49416ee9dcca63df43b5
vdsm-common-4.20.47-1.el7ev.noarch.rpm SHA-256: 95f4879891173ec07c85fb8166ce97ac4ec3d567fc6a37e758d1c97e6d8c606a
vdsm-common-4.20.47-1.el7ev.noarch.rpm SHA-256: 95f4879891173ec07c85fb8166ce97ac4ec3d567fc6a37e758d1c97e6d8c606a
vdsm-gluster-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 2368bb3fd2b0ea0fa19094420c664708a03de23ced8511b772afa579042d9ed7
vdsm-gluster-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 2368bb3fd2b0ea0fa19094420c664708a03de23ced8511b772afa579042d9ed7
vdsm-hook-checkips-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 91e593ac4e03574ddb4c4046e0a2374bbd7504eef8c2ff7d25f51d9de57bbe0d
vdsm-hook-checkips-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 91e593ac4e03574ddb4c4046e0a2374bbd7504eef8c2ff7d25f51d9de57bbe0d
vdsm-hook-cpuflags-4.20.47-1.el7ev.noarch.rpm SHA-256: 5ac4b9a21b5e36537abf4ccfae7b4fa1992af1c769770f2c031cd879f47c0cec
vdsm-hook-cpuflags-4.20.47-1.el7ev.noarch.rpm SHA-256: 5ac4b9a21b5e36537abf4ccfae7b4fa1992af1c769770f2c031cd879f47c0cec
vdsm-hook-ethtool-options-4.20.47-1.el7ev.noarch.rpm SHA-256: 3433c8ed2cdbd7c275d4eb69b7615d4a600c82bfa269deba9f11e481573899b7
vdsm-hook-ethtool-options-4.20.47-1.el7ev.noarch.rpm SHA-256: 3433c8ed2cdbd7c275d4eb69b7615d4a600c82bfa269deba9f11e481573899b7
vdsm-hook-extra-ipv4-addrs-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 806b6bd2adc5105eaed6958f2ade1bb27270d9fe458d4ff21f6a8b928a33ec01
vdsm-hook-extra-ipv4-addrs-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 806b6bd2adc5105eaed6958f2ade1bb27270d9fe458d4ff21f6a8b928a33ec01
vdsm-hook-fcoe-4.20.47-1.el7ev.noarch.rpm SHA-256: cf6ea94ac99c0254417b2493c94a215620728a33b41c9521de73207f63ed21d4
vdsm-hook-fcoe-4.20.47-1.el7ev.noarch.rpm SHA-256: cf6ea94ac99c0254417b2493c94a215620728a33b41c9521de73207f63ed21d4
vdsm-hook-localdisk-4.20.47-1.el7ev.noarch.rpm SHA-256: 847c0bd699c5436c3b1f21818c527f86c6580ec8423a501cc9f1b24767743300
vdsm-hook-localdisk-4.20.47-1.el7ev.noarch.rpm SHA-256: 847c0bd699c5436c3b1f21818c527f86c6580ec8423a501cc9f1b24767743300
vdsm-hook-macspoof-4.20.47-1.el7ev.noarch.rpm SHA-256: 341cd3fe3554bf6108f74fe83b91ad7736197b9c476670d1d533616ff807b906
vdsm-hook-macspoof-4.20.47-1.el7ev.noarch.rpm SHA-256: 341cd3fe3554bf6108f74fe83b91ad7736197b9c476670d1d533616ff807b906
vdsm-hook-nestedvt-4.20.47-1.el7ev.noarch.rpm SHA-256: a36b20199641a4ec9cfc117fba27d681bb2a6c61219a429bce3835560326dd11
vdsm-hook-nestedvt-4.20.47-1.el7ev.noarch.rpm SHA-256: a36b20199641a4ec9cfc117fba27d681bb2a6c61219a429bce3835560326dd11
vdsm-hook-openstacknet-4.20.47-1.el7ev.noarch.rpm SHA-256: 52f0c99c80bb7f72ee87a9b4a7e82032b2364a9dcdd33f0b99c0e38e3042567d
vdsm-hook-openstacknet-4.20.47-1.el7ev.noarch.rpm SHA-256: 52f0c99c80bb7f72ee87a9b4a7e82032b2364a9dcdd33f0b99c0e38e3042567d
vdsm-hook-vhostmd-4.20.47-1.el7ev.noarch.rpm SHA-256: 61fe79a23ec48acfc7f21675015701a1f9da362e36477623d7ed1a0e8f0b90c2
vdsm-hook-vhostmd-4.20.47-1.el7ev.noarch.rpm SHA-256: 61fe79a23ec48acfc7f21675015701a1f9da362e36477623d7ed1a0e8f0b90c2
vdsm-hook-vmfex-dev-4.20.47-1.el7ev.noarch.rpm SHA-256: 536a6e9e46a5371a90a29c51f2372c9670ad6b5a7a74e339988c57ed8eefcf36
vdsm-hook-vmfex-dev-4.20.47-1.el7ev.noarch.rpm SHA-256: 536a6e9e46a5371a90a29c51f2372c9670ad6b5a7a74e339988c57ed8eefcf36
vdsm-http-4.20.47-1.el7ev.noarch.rpm SHA-256: 26f6b659b0f4e75890456ffcd53ddf1241977a62061229853f7285febdb684db
vdsm-http-4.20.47-1.el7ev.noarch.rpm SHA-256: 26f6b659b0f4e75890456ffcd53ddf1241977a62061229853f7285febdb684db
vdsm-jsonrpc-4.20.47-1.el7ev.noarch.rpm SHA-256: fb4cd17b3009cc3354db160d9e03add4edf2b35d91721a7dbf273032fdf8084d
vdsm-jsonrpc-4.20.47-1.el7ev.noarch.rpm SHA-256: fb4cd17b3009cc3354db160d9e03add4edf2b35d91721a7dbf273032fdf8084d
vdsm-network-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 83ea05049ee53687ff508a1f9006d808e31ef815ed24444b2a067822a450425c
vdsm-network-4.20.47-1.el7ev.ppc64le.rpm SHA-256: 83ea05049ee53687ff508a1f9006d808e31ef815ed24444b2a067822a450425c
vdsm-python-4.20.47-1.el7ev.noarch.rpm SHA-256: f8e68fa51f9221e79f412a56ab4a8faa943fb738b00f1345e093c37380267d9b
vdsm-python-4.20.47-1.el7ev.noarch.rpm SHA-256: f8e68fa51f9221e79f412a56ab4a8faa943fb738b00f1345e093c37380267d9b
vdsm-yajsonrpc-4.20.47-1.el7ev.noarch.rpm SHA-256: 5f3b179422d9730c76cac7708284966b6bf72a01cc7633065f737a53bd2ba969
vdsm-yajsonrpc-4.20.47-1.el7ev.noarch.rpm SHA-256: 5f3b179422d9730c76cac7708284966b6bf72a01cc7633065f737a53bd2ba969

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.