From bugzilla at redhat.com Mon Jun 3 17:45:52 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Jun 2013 17:45:52 +0000 Subject: [RHSA-2013:0791-01] Moderate: qemu-kvm-rhev security and bug fix update Message-ID: <201306031745.r53Hjq5G028030@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security and bug fix update Advisory ID: RHSA-2013:0791-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0791.html Issue date: 2013-06-03 CVE Names: CVE-2013-2007 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV Agents (vdsm) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. It was found that QEMU Guest Agent (the "qemu-ga" service) created certain files with world-writable permissions when run in daemon mode (the default mode). An unprivileged guest user could use this flaw to consume all free space on the partition containing the qemu-ga log file, or modify the contents of the log. When a UNIX domain socket transport was explicitly configured to be used (not the default), an unprivileged guest user could potentially use this flaw to escalate their privileges in the guest. This update requires manual action. Refer below for details. (CVE-2013-2007) This update does not change the permissions of the existing log file or the UNIX domain socket. For these to be changed, stop the qemu-ga service, and then manually remove all "group" and "other" permissions on the affected files, or remove the files. Note that after installing this update, files created by the guest-file-open QEMU Monitor Protocol (QMP) command will still continue to be created with world-writable permissions for backwards compatibility. This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bugs: * Previously, due to integer overflow in code calculations, the qemu-kvm utility was reporting incorrect memory size on QMP events when using the virtio balloon driver with more than 4 GB of memory. This update fixes the overflow in the code and qemu-kvm works as expected in the described scenario. (BZ#958750) * When the set_link flag is set to "off" to change the status of a network card, the status is changed to "down" on the respective guest. Previously, with certain network cards, when such a guest was restarted, the status of the network card was unexpectedly reset to "up", even though the network was unavailable. A patch has been provided to address this bug and the link status change is now preserved across restarts for all network cards. (BZ#927591) All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 956082 - CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode 6. Package List: RHEV Agents (vdsm): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/qemu-kvm-rhev-0.12.1.2-2.355.el6_4.5.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2007.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRrNYjXlSAg2UNWIIRAmraAJ40A55n7eMvI+KL/uMuUzVfLQ3jpwCeO2Ic VxaN7/HBxxHnZeRfeF1bgNY= =fJEd -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 10 21:01:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Jun 2013 21:01:12 +0000 Subject: [RHSA-2013:0886-01] Moderate: rhev 3.2 - vdsm security and bug fix update Message-ID: <201306102101.r5AL1DIE009864@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rhev 3.2 - vdsm security and bug fix update Advisory ID: RHSA-2013:0886-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0886.html Issue date: 2013-06-10 CVE Names: CVE-2013-0167 ===================================================================== 1. Summary: Updated vdsm packages that fix one security issue and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV Agents (vdsm) - noarch, x86_64 RHEV-M 3.2 - noarch, x86_64 3. Description: VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts. A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167) The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team. This update also fixes various bugs. Refer to the Technical Notes for information about these changes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html All users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues. These updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 834041 - 3.1 - [vdsm] vdsm losses its connection to libvirt socket on certain case 852956 - 3.2 - prepareForShutdown is not called when connection to libvirt is broken with event: libvirtError: internal error client socket is closed 861701 - 3.2 - need to sync networks between vdsm and libvirt. 871616 - Guest agent information is missing after few VM's migrations 873145 - 3.2 - vdsm [Storage Live Migration]: vm changes state to pause for a few seconds during storage live migration 875487 - 3.2 Failed to break BOND and attach custom MTU networks while VM is running 875775 - 3.2.0 - [Storage] Unable to extend storage domain if PV is in use. 878064 - engine: Error while executing action SetVmTicket: Unexpected exception 879253 - 3.2 - [vdsm] ConnectStoragePool fail with 2 hosts in NFS due to stale cache 880961 - 3.2 - [Upgrade] vdsm daemon not responding after upgrading from vdsm-4.9-113.4.el6_3 to vdsm-4.9.6-44.0.el6_3 881947 - 3.2 [vdsm] getDeviceList is failing with vdsm 4.10.2-1 882276 - 3.2 - [vdsm] Failure upgrading a storage domain to V3 - No space left on device 882667 - vdsm: master domain is partially inaccessible when umount fails for iso/export domain (only on posix master domain over nfs) 883327 - 3.2 - vdsm: Unexpected exception when upgrading local/NFS domain from 3.0 to 3.1 883390 - Attach Storage Domain is failing on FC storage if Create Storage Domain was initiated from Non-Spm host 885418 - vdsm: error log throws exception in forceIscsiScan when vdsm config minimal or maximal timeout parameters are illegel 890572 - If RHEV-H host registered from RHEV-M and later re-registered from RHEV-H, the 'Management Server Port' value cannot be changed. 890983 - vdsm: dumpStorageTable.py exits on KeyError for buildVolumesChain 893193 - 'vdsm.log' does not report the correct vdsm release for RHEV 3.1 versions. 893332 - CVE-2013-0167 vdsm: unfiltered guestInfo dictionary DoS 895912 - Rhevh failed downloading RHEV-M certificate when Register it to RHEV-M via port 80 905930 - Screen is locked immediately after an user auto-logs into guest via SSO from User Portal 910445 - Storage Live Migration of thick disk results in corrupted disk 911209 - vdsm: vm's sent with wipe after delete in NFS storage will not be removed from domain 911417 - After upgrading to RHEL6.3 NFS images permissions are 440 and qemu user cannot start 2.2 vms 912308 - vdsm.log ownership is root:root when log rotate run at the same time as supervdsm writes to the same log file 915068 - vdsm: 'ValueError: field and value cannot include = character' when removing disks 917363 - vdsm: can't remove/export a vm with exception on getAllVolumes 918541 - The VM Channels Listener thread appears to stall , blocking all communication between VDSM and the hosted guest agents. 918666 - Don't fail when a non-existing bond is requested via setupNetworks. 919201 - Warning when migration is delayed/get stuck due to high guest memory writes. 919356 - [RHEVM] [vdsm] unexpected exception on VNIC hot unplug with MAC change 920532 - [scale] Attaching a big number of NFS Storage Domain fails. (fails on too many open files on VDSM side) 920614 - decrease libvirtd log level 920671 - [rhevh upgrade] Reporting a 'Failed to upgrade' to engine, while it really succeeded 920688 - VDSM attribute error exception when trying to write to vdsm log. 922515 - vdsm: vdsm fails to recover after restart with 'AttributeError: 'list' object has no attribute 'split'' error 923773 - vmHotplugDisk failed with "VolumeError: Bad volume specification" 923964 - vdsm: within few seconds after a live snapshot the volume extension requests might be too large 925967 - Debug messages show on TUI just after register to rhevm 925981 - default migration bandwidth capping is not honored anymore 927143 - [vdsm] ShutdownVM fails after plugging shared disk to 2 vms at once due to 'Bad File Descriptor' in vdsm 928217 - Vdsm logs are filling filesystem up - logrotation of vdsm logs doesn't work correctly 928861 - VDSM will fail to start if rsyslogd's configuration is invalid. 947014 - Vdsm fails to decode application list if an application name containing Non-ASCII character is present on guest 948346 - vdsm [UPGRADE]: upgrade to v3 fails when the domain links are missing 948940 - [vdsm] concurrent live storage migration of multiple disks might result in a saveState exception 949192 - [vdsm] [scale] After libvirt failure vdsm restarts and starts responding to XML-RPC after a big delay 951057 - vdsm should report the storage domain version in the statistics 955593 - vdsm errors/Tracebacks when migrating a VM, migration itself is successful 956683 - The default migration_max_bandwidth (32MiBps) & default max_outgoing_migrations (5) will saturate a 1Gbps link. 962549 - VM no longer bootable after snapshot removal 6. Package List: RHEV Agents (vdsm): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/vdsm-4.10.2-22.0.el6ev.src.rpm noarch: vdsm-cli-4.10.2-22.0.el6ev.noarch.rpm vdsm-hook-vhostmd-4.10.2-22.0.el6ev.noarch.rpm vdsm-reg-4.10.2-22.0.el6ev.noarch.rpm vdsm-xmlrpc-4.10.2-22.0.el6ev.noarch.rpm x86_64: vdsm-4.10.2-22.0.el6ev.x86_64.rpm vdsm-debuginfo-4.10.2-22.0.el6ev.x86_64.rpm vdsm-python-4.10.2-22.0.el6ev.x86_64.rpm RHEV-M 3.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/vdsm-4.10.2-22.0.el6ev.src.rpm noarch: vdsm-bootstrap-4.10.2-22.0.el6ev.noarch.rpm x86_64: vdsm-debuginfo-4.10.2-22.0.el6ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0167.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtj6KXlSAg2UNWIIRAv4xAJoD+HZL3kpjwQjO5nsqg5VhethCngCgqx8o aUu6zn0LxAYIhaOi5xeMRIk= =V1fc -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 10 21:02:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Jun 2013 21:02:14 +0000 Subject: [RHSA-2013:0888-01] Moderate: Red Hat Enterprise Virtualization Manager 3.2 update Message-ID: <201306102102.r5AL2FEN006684@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise Virtualization Manager 3.2 update Advisory ID: RHSA-2013:0888-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0888.html Issue date: 2013-06-10 CVE Names: CVE-2013-2144 ===================================================================== 1. Summary: Red Hat Enterprise Virtualization Manager 3.2 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV-M 3.2 - noarch 3. Description: Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that permission checks were not performed on the target storage domain when cloning a virtual machine from a snapshot. An attacker could use this flaw to perform a denial of service attack, exhausting free disk space on the target storage domain. (CVE-2013-2144) The CVE-2013-2144 issue was discovered by Daniel Erez of Red Hat. This update also fixes various bugs. Refer to the Technical Notes for information about these changes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829625 - RESTAPI: API should expose hypervisor version 837907 - PRD32 - RFE: Add support for iLO2 and iLO4 as a fencing (Power Management) options [TEXT] 838457 - PRD32 - webadmin: the default of the tree should be expanded with DCs, at least 838469 - PRD32 - [RFE] Support cpu -host (passthrough) for virtual machines 838470 - PRD32 - [RFE] Allow e1000 to be selected as nic type for Windows VM 839205 - ovirt-engine-restapi : [RFE] There is no way to know which hooks are installed on a host 843058 - Can't run large amount of VMs simultaneously. Getting error Cant find VDS to run the VM. 843410 - PRD32 - Allow non plugin automatic invocation of console session (basic - no cd, disconnect reason, etc.) 845022 - ovirt-engine-backend [Quota]: superuser cannot add or run a vm when quota policy is changed to enforce when there is no quota defined 848398 - remove special restrictions on Windows templates names 854489 - PRD32 - webadmin: Add a new Disks tab under the Storage tab in the UI 854535 - PRD32 - bootstrap: support longer bootstrap duration 854540 - PRD32 - pki: use PKCS#12 format to store keys 854964 - [Storage] There is a scenario when VM might have several bootable disks which is wrong. 855630 - [RFE] Add tool tip for configuration a Quota feature 858742 - PRD32 - Networks Main Tab 859762 - ovirt-engine-backend : search engine does not complete values for disks:bootable and disks:sharable 861098 - RESTAPI: Mapping of empty name in user object 861576 - PRD32 - packaging: use yum API 862797 - Rhev-m admin GUI logs actions done by in the Events tab 866123 - PRD32 - RFE: Allow plugins to add events into the engine's event log 866889 - PRD32 - vdsm-bootstrap rewrite 867543 - PRD32 - RFE: collect host bios information 868626 - RESTAPI: api should allow detailed resource listing via header/matrix parameter 870159 - 3.2 - storage: set block schedule elevator using udev 870352 - [ja_JP] Test case failure: Check the message for Alert/Events/Tasks: The Date part of the message contains minutes in the month-section. 871371 - PRD32 - RFE: allow to define termination protection per vm (block delete without a config change) 871802 - [engine-core] Null Pointer Exception when during ?preview mode? action, service ovirt-engine restart (TryBackToAllSnapshotsOfVm threw an exception: java.lang.NullPointerException), and all disks VM enter to Locked state 872506 - Importing a VM from an OVF without the diskAlias property with copyCollapse=false will not auto-generate disk aliases 873581 - PCI addresses are deleted when VM Template is imported 874019 - ovirt-engine-backend: Non-operational Hosts that been switched to 'Maintenance' returns to non-operational status when disconnectStoragePool fails. 874080 - PRD32 - [RFE] engine [Live Storage Migration]: cannot concurrently live migrate several disks of the same VM 875527 - PRD32 - bootstrap: do not get unique id at canDoAction 875528 - PRD32 - bootstrap rewrite (engine) 875814 - Use appropriate caching policy for GWT application resources 876109 - Ovirt-engine-backend: AuditLog throws exception when attempting to Add Direct-Lun to VM. 876235 - PRD32 - Do not force fencing proxy to be in UP status 877818 - [RFE] Need indication that GWT app is loading 878064 - engine: Error while executing action SetVmTicket: Unexpected exception 878509 - Power User Portal (a.k.a User Portal "Extended" tab): Improve performace on IE8 / Windows XP 878778 - engine [RACE]: cancel migration will fail because domain no longer exists in src by the time cancel is sent 879291 - left-pane tree: "expand all" should fully-expand only the selected tree-node (and not the entire tree, unless "System" is selected) 879308 - Tree title should be changed 879930 - ovirt-engine-backend [Scalability]: The queries getstorage_domains_by_storagepoolid && getdisksvmguid caused postmaster processes to consume constantly 100%cpu. 880969 - ovirt-engine-backend [Scalability]:Problematic query 'getallfromvms' causes user portal to become stuck after user login. 881024 - PRD32 - [RFE] Adding the ability to remove a VM without removing its disks 882651 - PRD32 - CDROM payload should not interfere with devices of the same type 882807 - PRD32-GLUSTER - Forced removal of a host 882812 - PRD32-GLUSTER - Configuration sync with Gluster CLI 882813 - PRD32-GLUSTER - Import of existing gluster clusters 882824 - PRD32-GLUSTER - search support for gluster volumes 882837 - PRD32 - engine - if connect storage pool fails on version mismatch, do reconstruct master 882847 - upgrade 3.0 to 3.1: event notification is not sent. 883871 - [RESTAPI] Disk move action missing. 885391 - PRD32 - webadmin: support ui-plugins 886133 - PRD32 - [RFE] Add the ability to scan/import existing disk images in a storage domain using REST-API 886709 - PRD32 - bootstrap: fetch logs to engine 886824 - 'Configure Local Disk' does not work properly in Japanese environment 887230 - Units for statistics of host NICs are wrong: BYTES_PER_SECOND should be MEGABYTES_PER_SECOND. 887741 - ISO uploader: on upgrade, change the default port for 'rhevm' in /etc/ovirt-engine/isouploader.conf to localhost:8443 (and not the default 443) 888689 - [User Portal] An user with UserRole assigned to a pool does not see pool's VMs 889795 - engine: we use gzip -9 to zip files in engine instead of xz (vdsm already uses xz) 889985 - [ovirt-engine] auto-recovery for storage server should change to "True", auto-recovery for hosts should be True by default on engine as in DB. 891279 - [RFE] Backend: 'migration complete' event should include the destination VDS, not the source [TEXT] 891280 - [RFE] [Admin Portal] - Add a Console button in Hosts -->VMs tab. 892532 - [ovirt-engine-backend] DB upgrade from 3.0 to 3.1 fails 892724 - engine: java.lang.IndexOutOfB oundsException for undo/commit of preview on snapshot with no disks 894020 - PRD32 - [RFE] spice seamless migration support in win client 894288 - RHEVM GUI: Failure to language selection in specific case 894345 - PRD32 - [RFE] Spice arbitrary resolution 894396 - PRD32 - [RFE] Spice native usb live migration support in win client 894681 - RFE: Engine should support having configurable entries for ldap servers per domain 895049 - Reports should be able to be installed from scratch on an upgraded system 895103 - Provide native dialog for showDialog() UI plugin API instead of browser window 903287 - When creating a network the default network doesn't get chosen. 905446 - Lexicographic sorting by IP when searching for VMs 905564 - [Upgrade] [Live Storage Migration] Auto generated snapshot for Live Storage migration can not be deleted. 907232 - Custom Materialized Views should be treated differently from regular product Materialized Views 907240 - [SetupNetworks] Slaves data sent by the user is being overridden with engine's data 908745 - RFE: change VdsRefreshTimeout to 3 seconds 912449 - [rhevh] can't upgrade to newer version due to 'ovirt ISOs directory not found' 912697 - When importing a VM with collapseSnapshots=false not all images are actually imported 915036 - REST-API : server replies in yaml instead of xml on GET: /api/vms/xxx/reporteddevices 915675 - Gluster volume is stopped, but brick status on the UI is still 'UP' 915950 - Resizable columns in sub-tabs 916582 - REST API - Omit of prefer header doesn't turn off session based authentication 916728 - [ovirt-engine-backend] Upgrade from 3.1 to 3.2 fails 917522 - [RHEVM] [backend] VNIC plug/unplug is incorrectly reported in logs 917698 - [User Portal] VM action buttons are now missing static IDs (needed for automated testing) 917719 - engine: CreateAllSnapshotsFromVm threw an exception during vdsm restart 919672 - [webadmin] After import vm/template values in subtab general of vm/template stuck. 921201 - rhevm-upgrade is failing between si26.4 to si27.4 (3.1.3) in async task cleanup 923443 - Gateway is not defined after bonding the RHEVM interface. 923614 - procedures are owned by postgres instead of engine user 923992 - engine: engine deletes live storage migration destination copy after finish the copy (storage live migration doesn't work) 924605 - Spice proxy setting in console configuration popup dialog 948282 - Transaction errror during CreateSnapshotFromTemplate (child of AddVmCommand) 950073 - import reported as successful too early 953690 - VM taken by a user from a prestarted pool does not show as "Up" until page refreshed 956378 - please add tool-tips for grid column-headers 957051 - Add spice console invocation method switching to console dialog 957611 - Add the 'mount ISO from SPICE client' functionality back into RHEV 971058 - CVE-2013-2144 rhevm: insufficient target domain permission check when cloning a VM from a snapshot 6. Package List: RHEV-M 3.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-3.2.0-11.30.el6ev.src.rpm noarch: rhevm-3.2.0-11.30.el6ev.noarch.rpm rhevm-backend-3.2.0-11.30.el6ev.noarch.rpm rhevm-config-3.2.0-11.30.el6ev.noarch.rpm rhevm-dbscripts-3.2.0-11.30.el6ev.noarch.rpm rhevm-genericapi-3.2.0-11.30.el6ev.noarch.rpm rhevm-notification-service-3.2.0-11.30.el6ev.noarch.rpm rhevm-restapi-3.2.0-11.30.el6ev.noarch.rpm rhevm-setup-3.2.0-11.30.el6ev.noarch.rpm rhevm-setup-plugin-allinone-3.2.0-11.30.el6ev.noarch.rpm rhevm-tools-common-3.2.0-11.30.el6ev.noarch.rpm rhevm-userportal-3.2.0-11.30.el6ev.noarch.rpm rhevm-webadmin-portal-3.2.0-11.30.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2144.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtj7IXlSAg2UNWIIRAiesAJsF2IsIlB29gV2HXx7ogjyjimQ9ugCgo9/K V5npRp2hAYsl6OKBWL59dJ8= =fTDx -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 10 21:03:34 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Jun 2013 21:03:34 +0000 Subject: [RHSA-2013:0907-01] Important: rhev-hypervisor6 security and bug fix update Message-ID: <201306102103.r5AL3YJv018912@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-hypervisor6 security and bug fix update Advisory ID: RHSA-2013:0907-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0907.html Issue date: 2013-06-10 CVE Names: CVE-2013-0167 CVE-2013-1935 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes two security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935) A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167) Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue. The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers: CVE-2013-1962 (libvirt issue) CVE-2013-2017 and CVE-2013-1943 (kernel issues) CVE-2012-6137 (subscription-manager issue) This update also contains the fixes from the following errata: * vdsm: RHSA-2013:0886, which adds support for Red Hat Enterprise Virtualization 3.2 clusters. * ovirt-node: RHBA-2013:0908 Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html 5. Bugs fixed (http://bugzilla.redhat.com/): 893332 - CVE-2013-0167 vdsm: unfiltered guestInfo dictionary DoS 949981 - CVE-2013-1935 kernel: kvm: pv_eoi guest updates with interrupts disabled 964278 - rhev-hypervisor 6.4 Update 3 release 6. Package List: RHEV Hypervisor for RHEL-6: noarch: rhev-hypervisor6-6.4-20130528.0.el6_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0167.html https://www.redhat.com/security/data/cve/CVE-2013-1935.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html https://rhn.redhat.com/errata/RHSA-2013-0886.html https://rhn.redhat.com/errata/RHBA-2013-0908.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtj8PXlSAg2UNWIIRAgnVAJ97LhdizEbzFWWNOE+/M3QKkFUxqgCfd9XQ ezLgtN8tAhFlOd0fpSDinJw= =Q9oo -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 10 21:10:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Jun 2013 21:10:11 +0000 Subject: [RHSA-2013:0924-01] Important: spice-vdagent-win security and bug fix update Message-ID: <201306102110.r5ALABnZ010544@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: spice-vdagent-win security and bug fix update Advisory ID: RHSA-2013:0924-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0924.html Issue date: 2013-06-10 CVE Names: CVE-2013-2152 ===================================================================== 1. Summary: An update for spice-vdagent-win that fixes one security issue and several bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: spice-vdagent-win provides a service and an agent that can be installed and run on Windows guests. An unquoted search path flaw was found in the way the SPICE service was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. (CVE-2013-2152) This update also fixes the following bugs: * Previously, due to issues with some Windows guest applications, RHEV SPICE agent stopped getting clipboard changes. Now, the agent uses a new API that keeps track of clipboard changes, without the need to "trust" the behavior of other applications registered to the clipboard. (BZ#919451) * Previously, copying a .jpg or .png image file from specific applications, such as Mozilla Firefox, on a Windows guest, then pasting into a Linux client, resulted in an empty or black and white image due to incorrect pallete encoding in the guest vdagent. Now, the encoding has been fixed and copying and pasting works as expected. (BZ#919150) * Previously, when using a Windows virtual machine, enabling extra monitors with arbitrary configuration could fail. Now the agent enables the monitors before updating it to an arbitrary resolution to solve this issue. (BZ#922394) * Previously, if SPICE was disconnected in the middle of copying and pasting data from the client to the guest, copy and paste would stop working after SPICE was reconnected. Now, the clipboard timeout has been adjusted so that if SPICE is unexpectedly disconnected, the immediate copy and paste action will fail, but subsequent attempts will be successful. (BZ#833835) * Previously, when attempting to connect multiple displays using a Windows 7 guest, remote-viewer would only show one display available, even when all settings in the manager and on the SPICE client itself were correctly configured. This was caused by a regression issue relating to changes to custom resolution commands. Now, connecting and displaying multiple monitors functions correctly. (BZ#922283) * Previously, due to a regression caused by another patch, copying a .png image from specific applications, such as Firefox, on a Linux client, failed pasting into a Windows guest application, such as Paint, due to incorrect pallete encoding in the guest vdagent. Now, the encoding has been fixed and copying and pasting works as expected. (BZ#921980) * Previously, when a second user logged into a Windows guest, the RHEV SPICE Agent service terminated the previous vdagent instance, but mistakenly also the newly created vdagent on the current active session. Now, the vdagent termination event is reset after previous agent termination, so each new agent is no longer terminated. (BZ#868254) * Previously, if "RHEV SPICE agent" was stopped after copying data from a Windows guest, the client was not correctly notified, and assumed it could still paste the data. Now, agent termination has been fixed so that the client is notified to release the clipboard. (BZ#903379) 3. Solution: Red Hat Enterprise Virtualization users that are using SPICE to connect to their virtual machines are advised to install this update. 4. Bugs fixed (http://bugzilla.redhat.com/): 833835 - copy-paste stops working after client disconnection during a copy-paste 868254 - vdagent-win exits if two users are logged in simultaneously 903379 - Stop the spice-vdagent on a Windows VM and the client right-click menu still shows you can paste with an empty clipboard. 922283 - win-vdagent: does not enable extra displays 922394 - --full-screen=auto-conf doesn't turn on disabled guest monitors 971172 - CVE-2013-2152 rhevm: spice service unquoted search path 5. References: https://www.redhat.com/security/data/cve/CVE-2013-2152.html https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtkCiXlSAg2UNWIIRAjFhAKCPt2Okx8fSwurWw+n6ko7GVkUbXwCgsLGQ FOdSFAsMBtuFTl8VBa7gW1w= =AMZc -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 10 21:11:06 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Jun 2013 21:11:06 +0000 Subject: [RHSA-2013:0925-01] Important: rhev-guest-tools-iso security and bug fix update Message-ID: <201306102111.r5ALB6di023412@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-guest-tools-iso security and bug fix update Advisory ID: RHSA-2013:0925-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0925.html Issue date: 2013-06-10 CVE Names: CVE-2013-2151 CVE-2013-2152 ===================================================================== 1. Summary: An updated rhev-guest-tools-iso package that fixes two security issues and two bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV-M 3.2 - noarch 3. Description: The rhev-guest-tools-iso package contains tools and drivers. These tools and drivers are required by supported Windows guest operating systems when installed as guests on Red Hat Enterprise Virtualization. An unquoted search path flaw was found in the way the Red Hat Enterprise Virtualization agent was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. (CVE-2013-2151) An unquoted search path flaw was found in the way the SPICE service was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. (CVE-2013-2152) This update also fixes the following bugs: * Previously, when trying to uninstall rhev-guest-tools in Windows Server 2003 (both 32-bit and 64-bit), an error event was created in the event viewer saying "The BalloonService service hung on starting", even though the package was uninstalled correctly. Now, the balloon service executable is no longer registered meaning the service is no longer running by default and rhev-guest-tools can be uninstalled without any error messages. (BZ#860225, BZ#880278) All Red Hat Enterprise Virtualization users are advised to upgrade to this updated rhev-guest-tools-iso package, which resolves these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Follow the upgrade procedure in the Red Hat Enterprise Virtualization Installation Guide to install these updated packages: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Installation_Guide/chap-Upgrading_to_Red_Hat_Enterprise_Virtualization_3.2.html To install the updated guest tools on individual guests using the image provided by the rhev-guest-tools-iso package refer to: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Administration_Guide/sect-Guest_Drivers_and_Agents.html 5. Bugs fixed (http://bugzilla.redhat.com/): 860225 - Uninstalling RHEV-Tools in Windows 2003-64bit version creates error event 962667 - [Windows Guest Tools] TypeError: encode() argument 1 must be string, not Non - 3.2.7 Guest Agent does not report data 971171 - CVE-2013-2151 rhevm: rhev agent service unquoted search path 971172 - CVE-2013-2152 rhevm: spice service unquoted search path 6. Package List: RHEV-M 3.2: noarch: rhev-guest-tools-iso-3.2-8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2151.html https://www.redhat.com/security/data/cve/CVE-2013-2152.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Installation_Guide/chap-Upgrading_to_Red_Hat_Enterprise_Virtualization_3.2.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Administration_Guide/sect-Guest_Drivers_and_Agents.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtkDeXlSAg2UNWIIRAkwCAKC9AHKenN2WjkXWK3C9b5rpVCLeWwCggnvz kMZ6rTp1TEgKxLC+HDHq59U= =+dy2 -----END PGP SIGNATURE-----