From bugzilla at redhat.com Wed Feb 4 18:02:59 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Feb 2015 18:02:59 +0000 Subject: [RHSA-2015:0126-01] Critical: rhev-hypervisor6 security update Message-ID: <201502041802.t14I2xcS013629@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rhev-hypervisor6 security update Advisory ID: RHSA-2015:0126-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0126.html Issue date: 2015-02-04 CVE Names: CVE-2014-3511 CVE-2014-3567 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2015-0235 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes multiple security issues is now available for Red Hat Enterprise Virtualization 3. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646) Red Hat would like to thank Qualys for reporting the CVE-2015-0235 issue, Lars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced Threat Research team at Intel Security for reporting the CVE-2014-3645 and CVE-2014-3646 issues. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht ml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente rprise_Virtualization_Hypervisors.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack 1144825 - CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled 1144835 - CVE-2014-3645 kernel: kvm: vmx: invept vm exit not handled 1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition 1152563 - Tracker: RHEV-H 6.6 for RHEV 3.4.z build 1152961 - CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash 1180044 - Incorrect glusterfs package in to RHEVH 6.6 for 3.4.4 and 3.5 build [rhev-3.4.z] 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 1185720 - Incorrect rhn-virtualization-host and rhn-virtualization-common packages in RHEVH 6.6 for rhev 3.4.5 6. Package List: RHEV Hypervisor for RHEL-6: noarch: rhev-hypervisor6-6.6-20150123.1.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3511 https://access.redhat.com/security/cve/CVE-2014-3567 https://access.redhat.com/security/cve/CVE-2014-3611 https://access.redhat.com/security/cve/CVE-2014-3645 https://access.redhat.com/security/cve/CVE-2014-3646 https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU0l7LXlSAg2UNWIIRAvEdAJ4wGHkcIyH+VhN8Me+wQpBWbHgMiQCdH58Q EXI2+hZZswncCxMn6NgpQ6g= =wy8T -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 11 18:21:55 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Feb 2015 18:21:55 +0000 Subject: [RHSA-2015:0158-01] Important: Red Hat Enterprise Virtualization Manager 3.5.0 Message-ID: <201502111821.t1BILtcT031639@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Virtualization Manager 3.5.0 Advisory ID: RHSA-2015:0158-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0158.html Issue date: 2014-07-13 Updated on: 2015-02-11 CVE Names: CVE-2012-6153 CVE-2014-0151 CVE-2014-0154 CVE-2014-3577 ===================================================================== 1. Summary: Red Hat Enterprise Virtualization Manager 3.5.0 is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV-M 3.5 - noarch 3. Description: Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API). It was discovered that the HttpClient incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577) A Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST API. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid REST API session, would allow the attacker to trigger calls to the oVirt REST API. (CVE-2014-0151) It was found that the oVirt web admin interface did not include the HttpOnly flag when setting session IDs with the Set-Cookie header. This flaw could make it is easier for a remote attacker to hijack an oVirt web admin session by leveraging a cross-site scripting (XSS) vulnerability. (CVE-2014-0154) The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security. These updated Red Hat Enterprise Virtualization Manager packages also include numerous bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Virtualization 3.5 Manager Release Notes document, linked to in the References, for information on the most significant of these changes. All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 570191 - PRD35 - [RFE] [AAA] support Kerberos authentication (for REST API) 716511 - PRD35 - [RFE] support discovery of existing virtual machines on RHEV storage 723211 - PRD35 - [RFE] clone vm - support copy/duplicate virtual machines (without having to create a template) 800155 - PRD35 - [RFE] configure SPICE disable-copy-paste in GUIs 804530 - PRD35 - [RFE] Change the "Slot" field to "Service Profile" when cisco_ucs is selected as the fencing type 817180 - PRD35 - [RFE] sysprep needs ability to specify Active Directory OU for VMs to join 828591 - PRD35 - [RFE] ability to "rebalance" cluster load with a single button 832167 - PRD35 - [RFE] NUMA information(memory and cpu) in guest - RHEV-M support 859024 - PRD35 - [RFE] Provide confirmation prompt while deactivating a NIC 874328 - PRD35 - [RFE] Add Instance Types (hardware profiles/flavors) 878662 - PRD35 - [RFE] Mechanism for adding additional fence agents to mgr 879077 - PRD35 - [RFE] left-hand pane in the AdminPortal (the tree) should auto-refresh 884653 - [RFE][AAA] support single sign-on to user and admin portals 890517 - PRD35 - [RFE] add gluster profile support 894027 - PRD35 - [RFE] [restapi] Display the current logged in user in API 894084 - PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled 895222 - PRD35 - [RFE] Unable to sort on columns in WebAdmin for RHEV 902298 - PRD35 - [RFE] Change Time Zone after the initial-run 906243 - PRD35 - [RFE] provide separate netbios name VM property for Windows sysprep, and relax the VM name limitations 906938 - PRD35 - [RFE] Support blkio SLA features 912057 - PRD35 - [RFE] webadmin [TEXT]: unclear warning that template of linked vm does not exist in export domain 918138 - PRD35 - [RFE] Allow guest serial number to be configurable 920708 - [RESTAPI] Create Data Storage Domain request on non-empty mount results in attempt to import existing domain 922377 - PRD35 - [RFE] Allow to edit VM properties that need VM to be down to apply, just mark it as such and apply on VM shutdown 928727 - [RFE] [engine-webadmin-portal] Resizable columns in add virtual disk window 947965 - RHEVM Backend : VM can be removed while in other state than down, like migrating and powering off 955235 - PRD35 - [RFE] support BIOS boot device menu 961753 - PRD35 - [RFE] Improve fencing robustness by retrying failed attempts 962220 - PRD35 - [RFE] allow to set locale, language and keyboard settings for sysprep operation per vm 962880 - PRD35 - [RFE] when viewing a grid that contains only one item, *automatically* select that item 967466 - PRD35 - [RFE] Show live migration progress in the UI 977079 - [RFE] Add virtio-rng support [EL 6.6 only] 977306 - Password validity time related information is missing in "console.vv" for rhevm 3.2. 985945 - PRD35 - [RFE] rhevm-websocket-proxy - using as standalone service - automatic configuration 987295 - PRD35 - [RFE] Add periodic power management health check to detect/warn about link-down detection of power management LAN 987299 - PRD35 - [RFE] Display of NIC Slave/Bond fault on RHEV-M Event Log and UI 988392 - PRD35 - [RFE] Ability to dismiss alerts from web-admin portal 988422 - PRD35 - [RFE] Neutron Integration: Providing a Neutron appliance 989546 - PRD35 - [RFE] Re-work engine ovirt-node host-deploy sequence 996512 - PRD35 - [RFE] Need API to 'unlock' a running VM when connecting to it through the REST API 999975 - PRD35 - [RFE] Accept vlan devices identified by any name 1001419 - [User Portal] Right hand pane in user portal takes too much space 1003785 - [RFE] cannot edit/create network on DC via left hand panel tree on DC which was recreated 1007133 - PRD35 - [RFE][host-deploy] support more ciphers for ssh - upgrade apache-sshd to 0.11.0 1008512 - [RFE] QoS support is missing from CLI, SDK and REST API 1013670 - New Template: comment is not saved when creating new template 1014326 - Adding a new VM and choosing the OS of any linux, prevents you from changing the time zone. 1015186 - PRD35 - [RFE] Give notification to Admin User, when RHEV Storage Domain approaches the limit of 350 LVs 1016916 - PRD35 - [RFE] Search VMs based on MAC address from RHEVM web-admin portal 1022795 - PRD35 - [RFE] Disk alias recycling in web-admin portal 1025376 - PRD35 - [RFE] [rhevm] Webadmin - RFE - Run Once from CD should Show ISO name 1025831 - PRD35 - [RFE] add administrator password and OrgName properties to Initial Run of Run Once of VMs of Windows OS type 1028387 - virtio-serial and balloon should be managed devices 1029934 - No error message displayed when trying to add an already existing (but unattached) SD in a DC 1032686 - PRD35 - [RFE] Save "domain related" OVFs on any data domain 1034309 - PRD35 - [RFE] add a warning when adding display network 1034885 - PRD35 - [RFE] Snapshot overview in webadmin portal 1038632 - PRD35 - [RFE] [spice-html5] spice-html5 js client is dumb: no error about network connection issue 1040952 - Job and step tables not cleaned after the failure or completion of some tasks. 1043430 - Add Firefox 31 to supported browsers (replacing FF17) 1043808 - For an interface with multiple VLAN interfaces, rhev Host assigns highest mtu of a vlan interface to all vlan interface under the parent interface . 1044033 - PRD35 - [RFE] Support ethtool_opts functionality within RHEV 1044042 - PRD35 - [RFE] Support bridging_opts functionality within RHEV 1048019 - PRD35 - [RFE] [slow RHEV-M portal] optimize queries invocation for left-pane tree data retrieval 1052348 - PRD35 - [RFE] Include iotop package in RHEV-H images 1053884 - Guest fails to migrate while paused 1058022 - PRD35 - [RFE] Decommission the Storage Pool Metadata 1059435 - PRD35 - [RFE] RHEVM Self Hosted Engine on RHEV-H 1061156 - PRD35 - [RFE] Description field in Virtual machines tab 1062435 - PRD35 - [RFE] have rhevm-shell and API provide same functionality that the UI does for ovirt-scheduler-proxy 1064273 - Cannot create a new VM in a local SD 1064544 - PRD35 - [RFE] new engine GUI look and feel (LAF) - phase 1 1065753 - PRD35 - [RFE] Maintenance operations on a VM would ask for an optional reason 1067162 - PRD35 - [RFE] Hosted Engine on iSCSI data centers 1070348 - PRD35 - [RFE] RHEVM GUI - Add host uptime information to the "General" tab 1070823 - PRD35 - [RFE] Wipe after Delete flag modification while VM is Up 1071217 - Misleading error message when user with ClusterAdmin role on cluster tries to add a disk to a VM without permissions on any storage domain 1076705 - RHEV 3.3 rhevm-shell can't change cluster policy to a custom policy 1077284 - [RFE] Allow big ranges in MacPoolManager 1079583 - When RHEV reports a problem with a storage domain, it should report **which** storage domain 1080144 - USB Support select box always shows "Disabled" choice. 1081533 - SPICE ActiveX download fails if user performs upgrade from 3.3.0 to 3.3.1 1081849 - CVE-2014-0151 ovirt-engine: cross-site request forgery (CSRF) 1081896 - CVE-2014-0154 ovirt-engine-webadmin: HttpOnly flag is not included when the session ID is set 1082110 - Event ID 1200 (VM rename) does not record the initating User id 1082681 - RHEV-M displays and uses the same values for hypervisor cores regardless of cluster setting for "Count Threads as Cores" 1083760 - PRD35 - [RFE] Prevent host fencing while kdumping 1083763 - PRD35 - [RFE] replace XML-RPC communication (engine-vdsm) with json-rpc based on bidirectional transport 1083766 - console.vv file does not display name of VM for VNC consoles 1083769 - PRD35 - [RFE] - introduction of Command-Coordination infrastructure 1083926 - The hosts max_scheduling_memory should be updated when a live migration starts. 1083998 - PRD35 - [RFE] using foreman provider to provision bare-metal hosts 1084120 - PRD35 - [RFE] Please add host count and guest count columns to "Clusters" tab in webadmin 1084611 - [RFE] RHEV-M networking went down, 90% of hosts were fenced causing a massive outage 1085136 - PRD35 - [RFE] webadmin : Allow online vDisk description editing. 1085380 - Dialog is not highlighted if VM cannot be created before clicking to "Show Advanced Options" 1087745 - Recommended size of memory is too low for RHEL6 64bit systems 1087917 - [GUI/General sub-tab] Windows-based Template & Pool: Time Zone is blank when set to the global default 1091692 - [Network labels] Removal of labelled network from DC inconsistent with removal from cluster 1092609 - Searching for objects that _do not_ have a tag in the search bar is not possible 1092884 - [RFE] Please improve RHEVM Webadmin portal vm migration displayed only into min:sec format. 1093393 - [engine-backend] [iSCSI multipath] Required cluster network shouldn't be allowed to be added to an iSCSI multipath bond 1093742 - System is not power on after a fencing operation (ILO3). 1093784 - The Expect header is ignored 1093786 - Negative values for "Shared Memory" 1095240 - PRD35 - [RFE] Support logging of commands parameters 1096662 - [RFE] Long strings in dialogs adversely affect GUI 1096971 - Importing an Export/ISO storage domain automatically activates the domain 1097256 - 10 minute delay on migrating VMs out after requesting maintenance mode 1097622 - Inconsistent VirtIO direct lun disk attachment behaviour. 1098591 - [TEXT] Tool tips for weights on Cluster Policy module in Configuration Dialogue are incorrect 1098638 - smartcard entries are duplicated every time a template is saved, resulting in unbootable VMs 1098791 - Reduce blocking operations as part of hosts & VMs monitoring cycles 1100194 - Unable to scroll down template list using IE9 1100810 - Edit button for Setup Host Networks window should always be displayed 1101018 - PRD35 - [RFE][RHEV] Support single disk snapshot on preview snapshot action in REST-API 1101565 - Cannot approve hosts using REST API 1102018 - PRD35 - [RFE] Drop Linux bridge plugin support from neutron integration 1103490 - [REST API]: Missing VM statistics field. 1103676 - ovirt-engine should not store long term files in "/var/tmp/ovirt-engine/": tmpwatch will remove that directory after 30 days 1103707 - application list database limit is too small (4000 chars) 1103976 - rhevm-engine-setup: weak default passwords for PostgreSQL database users 1104030 - Failed VM migrations do not release VM resource lock properly leading to failures in subsequent migration attempts 1104195 - "Domain not found: no domain with matching uuid" error logged to audit_log after live migration fails due to timeout exceeded 1104233 - VM Pools do not properly inherit admin roles in the admin portal 1109326 - 3.4 upgrade does not set correct iptables rules when serving ISO domain from RHEV-M host 1109721 - storage domain ownership of LUN not displayed 1110172 - [RFE]API to check if a host has renew its lease 1110636 - [RFE] Enable PPC Support in RHEV 1111551 - [rhevm] unable to create template from Windows 2012 guest with SPICE videocard in RHEV 3.4 1112359 - Failed to remove host xxxxxxxx 1113499 - [RHEVM] Special character handling on VM Description is not correct 1113937 - [RFE][AAA] Single sign-on into web applications 1114041 - Cannot add AD group to a new VM from the user portal 1114241 - PRD35 - [RFE] Set 'save network configuration' default to 'true' on setup networks dialog 1114244 - [RFE] Admin GUI: Sort by 'IP address' (in VM tab) should not treat the IP address as a string 1114253 - PRD35 - [RFE] Allow to perform fence operations from a host in another DC 1114260 - [RFE] Public extension API for ovirt-engine 1114554 - [RFE] Expose bookmarks through REST API 1115845 - Enable sync of LUNs after storage domain activation for FC - duplicate LUNs 1115966 - Update storage domain from rhevm-shell fails with java.lang.NullPointerException 1116486 - When importing a VM in RHEVM 3.4 all its disks turn from thin provision to preallocated 1118191 - unlock_entity.sh fails with "psql: fe_sendauth: no password supplied" 1118818 - Luns either missing from or having no 'volume_group_id' in the luns table in the RHEV database. 1118847 - ovirt-engine currently sets the disk device to "lun" for all virtio-scsi direct LUN connections and disables read-only for these devices 1118879 - [RFE] Provide configuration screen for "Fencing Policy" within the "Edit Cluster" dialog 1119922 - [RFE]embed the check ("if a host has renew its lease on any SD") into the fencing flow - according to cluster level policy 1120197 - The Balloon driver on VM ... on host ... is requested but unavailable. 1120829 - [RFE] Do not fence hosts when more than X% of hosts are in a Non-Responding or Connecting state 1120858 - [RFE] Option to disable fencing for a cluster 1121454 - In RHEV, admin UI rejects FQDNs ending in a digit when creating NFS storage domains 1123396 - Admin Portal: Unresponsive script leading to Virtual Machines not being displayed any more 1123754 - Direct FC lun disk details aren't validated 1125834 - [engine-setup] "badly formed hexadecimal UUID string" error when ISO domain path contains a directory 1126839 - "There is no over-utilized host in cluster " repeated every minute 1128949 - OvfUpdateIntervalInMinutes/OvfItemsCountPerUpdate fields should be exposed to engine-config tool 1129012 - Unable to add description for "Affinity Group" with space character. 1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix 1129634 - Cannot export VM. Disk configuration (COW Preallocated) is incompatible with the storage domain type. 1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix 1130076 - engine.log is flooded with messages as "Executing a command: java.util.concurrent.FutureTask , but note that there are 1 tasks in the queue." 1131693 - Error connecting to VM using RDP if NLA is enabled 1132078 - RESTAPI: RSDL does not document all available parameters 1132191 - [Windows sysprep] Run Once: Special characters are not encoded in XML sysprep files for Windows 7, 8, 2008, 2012 1133938 - SD inactive after 2nd extension (with already added LUN) 1134009 - [Network label] RHEV does not allow adding label for a network being used by VMs 1136087 - engine-manage-domains always searches for KDC servers over DNS, even when --resolve-kdc is not set 1139866 - PRD35 - [RFE] Test RHEV 3.5 on RHEL 6.6 1140098 - [RHEV-M] System is not power on after a fencing operation in power management (agent: ipmilan) 1140430 - Failure to Attach ISO domain causes SPM failover 1141693 - VM Importer Screen does not update disk tab if more than one machine are selected for import 1142233 - Description of affinity group not loaded to edit affinity group tab 1148379 - In case of using new template version (sealed with sysprep) for a pool, VMs get stuck in minisetup 1148623 - Windows 7 guests reports incorrect time after a cold restart. 1149135 - Prestarted VMs dissapear from UI after failure to restore snapshot once VM turns from Unknown status to Down 1149235 - [Admin Portal][ppc64][Power mgmt] ipmi doesn't work - Authentication type NONE not supported/Unable to obtain correct plug status or plug is not available 1153544 - Failed VM migrations do not release VM resource lock properly 1154607 - GetAllFromVms stored function is inefficient 1154630 - [PPC]-Can't Hotplug/unplug VM nic while vm is running and has OS installed 1156577 - [AAA] Adding an LDAP domain against ldap installed on rhel 6.6 fails 1157211 - Engine does not free pending_vmem_size and pending_vcpus_count on migrate host, in case of VM migration failure. 1160889 - Live Storage Migration "completes" but the engine sequence does not, leaving an unfinished job. 6. Package List: RHEV-M 3.5: Source: rhevm-3.5.0-0.29.el6ev.src.rpm noarch: rhevm-3.5.0-0.29.el6ev.noarch.rpm rhevm-backend-3.5.0-0.29.el6ev.noarch.rpm rhevm-dbscripts-3.5.0-0.29.el6ev.noarch.rpm rhevm-extensions-api-impl-3.5.0-0.29.el6ev.noarch.rpm rhevm-extensions-api-impl-javadoc-3.5.0-0.29.el6ev.noarch.rpm rhevm-lib-3.5.0-0.29.el6ev.noarch.rpm rhevm-restapi-3.5.0-0.29.el6ev.noarch.rpm rhevm-setup-3.5.0-0.29.el6ev.noarch.rpm rhevm-setup-base-3.5.0-0.29.el6ev.noarch.rpm rhevm-setup-plugin-allinone-3.5.0-0.29.el6ev.noarch.rpm rhevm-setup-plugin-ovirt-engine-3.5.0-0.29.el6ev.noarch.rpm rhevm-setup-plugin-ovirt-engine-common-3.5.0-0.29.el6ev.noarch.rpm rhevm-setup-plugin-websocket-proxy-3.5.0-0.29.el6ev.noarch.rpm rhevm-tools-3.5.0-0.29.el6ev.noarch.rpm rhevm-userportal-3.5.0-0.29.el6ev.noarch.rpm rhevm-webadmin-portal-3.5.0-0.29.el6ev.noarch.rpm rhevm-websocket-proxy-3.5.0-0.29.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2012-6153 https://access.redhat.com/security/cve/CVE-2014-0151 https://access.redhat.com/security/cve/CVE-2014-0154 https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Manager_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2521XlSAg2UNWIIRAlpBAJ4qJ09kkqJQZliit+6/Qt/+UCdSQwCeJaJR nC4RORf/00dOzvZXzMPNDL0= =mB9a -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 11 18:22:17 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Feb 2015 18:22:17 +0000 Subject: [RHSA-2015:0197-01] Moderate: rhevm-spice-client security and bug fix update Message-ID: <201502111822.t1BIMIOs020902@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rhevm-spice-client security and bug fix update Advisory ID: RHSA-2015:0197-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0197.html Issue date: 2014-07-25 Updated on: 2015-02-11 CVE Names: CVE-2014-3509 CVE-2014-3511 ===================================================================== 1. Summary: Updated rhevm-spice-client packages that fix two security issues and several bugs are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV-M 3.5 - noarch 3. Description: Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509) A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511) This update also fixes the following bugs: * Previously, various clipboard managers, operating on the client or on the guest, would occasionally lose synchronization, which resulted in clipboard data loss and the SPICE console freezing. Now, spice-gtk have been patched, such that clipboard synchronization does not freeze the SPICE console anymore. (BZ#1083489) * Prior to this update, when a SPICE console was launched from the Red Hat Enterprise Virtualization User Portal with the 'Native Client' invocation method and 'Open in Full Screen' selected, the displays of the guest virtual machine were not always configured to match the client displays. After this update, the SPICE console will show a full-screen guest display for each client monitor. (BZ#1076243) * A difference in behavior between Linux and Windows clients caused an extra nul character to be sent when pasting text in a guest machine from a Windows client. This invisible character was visible in some Java applications. With this update, the extra nul character is removed from text strings and no more extraneous character would appear. (BZ#1090122) * Previously, If the clipboard is of type image/bmp, and the data is of 0 size, GTK+ will crash. With this update, the data size is checked first, and GTK+ no longer crashes when clipboard is of type image/bmp, and the data is of 0 size. (BZ#1090433) * Modifier-only key combinations cannot be registered by users as hotkeys so if a user tries to set a modifier-only key sequence (for example, 'ctrl+alt') as the hotkey for releasing the cursor, it will fail, and the user will be able to release the cursor from the window. With this update, when a modifier-only hotkey is attempted to be registered, it will fall back to the default cursor-release sequence (which happens to be 'ctrl+alt'). (BZ#985319) * Display configuration sometimes used outdated information about the position of the remote-viewer windows in order to align and configure the guest displays. Occasionally, this caused the guest displays to became unexpectedly swapped when a window is resized. With this update, remote-viewer will always use the current window locations to align displays, rather than using a possibly outdated cached location information. (BZ#1018182) All rhevm-spice-client users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1018145 - --full-screen=auto-conf sometimes (but frequently) doesn't work correctly 1018182 - primary monitor is switched if some screen gets bigger then current primary screen 1076243 - [BUG] RHEV SPICE console not opening in full screen or detecting resolution by default 1083489 - [SPICE][BUG] Spice session freezes randomly 1090122 - Pasting into java apps inserts unprintable character 1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash 1103366 - Rebase virt-viewer to 0.6.0 1105650 - Fix windows productversion to fit -z releases 1115445 - in About dialog, hyphen version-build dividing hyphen is missing 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack 6. Package List: RHEV-M 3.5: Source: rhevm-spice-client-3.5-2.el6.src.rpm noarch: rhevm-spice-client-x64-cab-3.5-2.el6.noarch.rpm rhevm-spice-client-x64-msi-3.5-2.el6.noarch.rpm rhevm-spice-client-x86-cab-3.5-2.el6.noarch.rpm rhevm-spice-client-x86-msi-3.5-2.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3509 https://access.redhat.com/security/cve/CVE-2014-3511 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU253LXlSAg2UNWIIRAjJEAKCrqGkFJHhLN3Iqt069y96etuCAxgCcCTWW 1SViofNGiqbiufMWwY7okg4= =cjiU -----END PGP SIGNATURE-----