Home / mailings [RHSA-2012:0748-05] Low: libvirt security, bug fix,
Posted on 20 June 2012
RedHat-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: libvirt security, bug fix, and enhancement update
Advisory ID: RHSA-2012:0748-05
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0748.html
Issue date: 2012-06-20
CVE Names: CVE-2012-2693
=====================================================================
1. Summary:
Updated libvirt packages that fix one security issue, multiple bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.
Bus and device IDs were ignored when attempting to attach multiple USB
devices with identical vendor or product IDs to a guest. This could result
in the wrong device being attached to a guest, giving that guest root
access to the device. (CVE-2012-2693)
These updated libvirt packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for
information on the most significant of these changes.
All users of libvirt are advised to upgrade to these updated packages,
which fix these issues and add these enhancements. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
515293 - RFE: Support formatting of new (ext3/4) filesystems for fs storage pool type
589849 - [LXC] Changing shutoff guest max memory can effect current memory
605953 - RFE: Add a command to quickly setup a Bridge Networking for KVM
611823 - Storage driver should prohibit pools with duplicate underlying storage
611824 - RFE: Expose 'virDomainMemoryPeek' and 'virDomainBlockPeek' in python bindings
613537 - [LXC] Fail to start vm that have multi network interfaces.
619846 - virsh dump gives very cryptic error messages
624447 - [vdsm] [libvirt] permission error on run vm task when using NFS storage (libvirt log!)
625115 - cannot run virt-manager as regular user in a VNC session
625362 - libvirt-guests should start and shut down guests in parallel
628823 - DOCS: Document that the bootable disk must be first in the XML
638633 - [RHEL6-Beta] 'virsh attach-interface' succeeds even if a nonexistent script file is specified to the option --script.
639599 - "virt-xml-validate" failed to validate guest domain configuration file if the domain name got a "#" in it .
643373 - RFE: Add ability to control link up/down state of guest NICs via XML & on the fly.
648594 - Support online resizing of block devices
673499 - Some virsh vol-* commands require the pool option, but don't indicate this when they fail
673811 - [RFE] VIRSH : Add ability to specify max migration bandwidth
680880 - The defined NFS pool can not be started
685083 - virt-xml-validate fails if xml is generated from running domain
689768 - libvirt should report better error than: cannot send monitor command '{"execute":"qmp_capabilities"}'
693758 - libvirt-guests init script saves but doesn't restore non-persistent domains
697808 - Improve error message when passing XML doc with wrong root element to define/create APIs.
698521 - virsh freecell command help and man pages should be more clear
700272 - RFE add support for "host cpu" in Libvirt
700523 - clearing caps before running ssh breaks prevents ssh-askpass from launching from 'sudo virt-manager'
702260 - Libvirt can't remove logical volume because it doesn't deactivate it first
708735 - [RFE] Show column and line on XML parsing error
709265 - empty vg storage pool can break GetVolumeByPath for all pools
712266 - Hotplug virtio disk fails with error message "Duplicate ID 'drive-virtio-disk2' for drive"
713932 - RFE: implement insert-media and eject-media virsh commands
715019 - (libvirt) Report disk latency (read and write) for each storage device
715590 - Add support for USB 2.0 (EHCI) to libvirt
725269 - generated qemu -smp string is ambiguous, gives unexpected results
725373 - [libvirt] when using domabortjob to abort stuck migration , the migration command still hangs.
726174 - Impossible libvirt remote administration via qemu+ssh
726771 - libvirt does not specify problem file if persistent xml is invalid
729694 - bootindex added after install completes. causes boot failure in KVM with mixed virtio/ide disks
731151 - RFE: allow capabilities/guest XML to be used with virsh cpu-compare
731645 - cpu-baseline should support the complete <capabilities> elements
731656 - virsh: the results of domblkstat is unreadable for user
733587 - Reattach a pci device to host which is using by guest sometimes outputs wrong info
735950 - The network xml with mutiple dhcp sections can be defined and started successfully although there is prompt error
738933 - Improving virsh manual for virsh memtune command
741510 - Aligning issue with snapshot XML description
743671 - USB device can be reassigned to another VM without error
744237 - Corner cases of migration with --dname and dxml
746111 - libvirtd fails to start due to mDNS requirement
747619 - Host PCI device's original states are not honored anymore after deamon is restarted
748248 - libvirt should use vgchange -aly/-aln instead of vgchange -ay/-an for clustered volume groups
748354 - [lxc]setmem will get wrong error message when cgroup is unmounted.
748405 - PCI device will be driver reprobing without honoring the original states
748742 - Expose 'virNodeGetMemoryStats' and 'virNodeGetCPUStats' APIs in python binding
750683 - vol-info get the wrong "Type" for a directory
751631 - Default block cache mode for migration
751725 - virsh detach-device does not change owner and selinux label of USB device if device managed
752255 - libvirt fails to initialize nwfilter when /tmp is mounted with noexec option
753169 - QEMU driver mistakenly passes a plain file FD to QEMU for migration
754128 - Shutting Down VM changes its state to "Pause" for 10sec
758231 - Add support for ESXi 5
758590 - domblklist will returen non zero value when everything is ok
760149 - general error return on migrate after calling abortjob()
760436 - virsh connect fails with remote machine which has different libvirt version
760883 - Failed to install a guest with pxe method
761005 - libvirt [RFE] Add support for new sandy bridge cpu
761344 - memory leak on cmdBlkdeviotune sucessful path
761345 - memory leak on cmdDomIfGetLink sucessful path
761347 - Return value error on the function cmdDomIfGetLink
761402 - memory leak on cmdDomblklist function
761453 - memory leak on remoteDomainScreenshot function
765698 - Improve virsh nodesuspend output information
766308 - libvirtd does not close all fds opened by virt-install
766553 - Expose 'virDomainSnapshotListChildrenNames' API in python binding
767104 - Libvirt shouldn't check the presence of the live snapshot file
767333 - enhance reboot API to use guest agent when available
767364 - RFE [libvirt] add support for AMD Bulldozer cpu
767488 - [libvirt]memleak when "run virsh console guest".
768268 - Libvirt fail to detach PF/VF device when the address of pci device described as decimalism
768450 - libvirt should have mapping for cpu64-rhel cputype
768860 - memory leak on libvirt_virConnectOpenAuth
768870 - Guest can not be started with <iotune> setting in xml
769224 - memory leak when run 'virsh domxml-to-native'
769251 - blockresize lack of "free lock" after given wrong parameter
769506 - Need to improve virsh domxml-*-native command docs
769752 - Fail to start LXC guest
770031 - the guest's mac will change after attach a vnet with the option persistent and then restart it.
770458 - Request for backporting to move 'send-key' and 'echo' descriptions into other more appropriate sections in virsh man page
770520 - blkiotune set weight on total and virtio device together will cause libvirtd hang
770683 - blockIoTune did not work right with parameters
770919 - Sometimes virsh command screenshot may hang
770940 - memory leaks on libvirt_virDomainGetSchedulerParameters
770941 - memory leaks on libvirt_virDomainGetMemoryParameters
770942 - memory leaks on libvirt_virDomainBlockStatsFlags
770943 - memory leaks on libvirt_virNodeGetCPUStats
770944 - memory leaks on libvirt_virNodeGetMemoryStats
770971 - Expose 'virDomain{Get,Set}InterfaceParameters' APIs in python binding
771016 - virsh destroy a guest . guest status will hang with in shutdown
771021 - Coverity scan revealed defects
771562 - Change numa parameters with 'nodeset' option will crash libvirtd
771570 - Restart libvirtd will get error and fail to reconnect domains on nfs storage
771591 - Expose 'virDomain{G, S}etNumaParameters' APIs in python binding
772697 - libvirt-devel grew a dependency on systemtap, preventing installs on ppc
773208 - Migration with non-existent xml does not report error
773667 - virsh attach-device fails with 'Unable to reset PCI device' for Broadcom NetExtreme II
781562 - [RFE] Support for qemu PCI romfile option
781985 - When detach PCI device from guest, unknown error occurs.
782716 - Change interface parameters with '{in,out}bound' option will crash libvirtd
783184 - storage cloning ignores "sparse" and creates non-sparse disk images
783921 - libvirt cannot disable kvmclock
785164 - libvirt needs ipv6 support for ssh uris
785269 - Make avahi failure on startup non-fatal
786534 - Add vm-pid to VIRT_CONTROL audit events
786674 - Plug memory leak on cmdUndefine
786770 - Unwanted messages when installing libvirt-client
787761 - undefined symbol: libvirt_event_poll_purge_timeout_semaphore
788338 - Resource leaks on virsh desc command
789220 - memory leak on client programming failure path
790436 - libvirt runs qemu with tls options even when certs/keys are not set
790744 - Delete snapshot parent will crash libvirtd
790745 - [Regression]libvirtd dead when create a guest with "--channel pty,target_type=virtio" by virt-install.
790789 - virsh console fails when executed via remote ssh
795093 - [libvirt] missing 'source file' attribute when passing 'optional' param in xml
795127 - pre-migration hook needed at destination
795656 - destroyFlags should raise exception with proper error code
795978 - polkit authorization broken in libvirt 0.9.10
796526 - Improve memory usage readability in guest XML configuration
797066 - Output message error when create a bridge base on an existing network device
798220 - [libvirt]can't start guest with spice
798497 - Plug memory leak on migration
798938 - Snapshot-revert will report error with startupPolicy='requisite' when floppy/cdrom disk is missing
799478 - libvirt emits inappropriate error when using domabortjob to abort stuck migration
800366 - libvirt does not report the system and user cpu usage separately for vms.
801160 - managedsave+restart of <cpu mode='host-model'> VM crashes libvirtd
801443 - Libvirt shouldn't fail on tlsPort setting if none set
801970 - libvirt with QEmu does not support disk filenames with comma
802644 - segfault when attempting to detach non-existent network device
802851 - memory leaks/dangling pointers caused by virDomainDetachDeviceConfig (virsh detach-*)
802854 - memory leak when performing persistent network device update (e.g. virsh domif-setlink --persistent)
802856 - Missing support for persistent hotplug attach/detach of <hostdev> devices
803591 - virsh segfault when attempting to detach disk from non-existent domain
804028 - Cannot roundtrip blkio parameters due to broken deviceWeight handling
806098 - Support qemu 1.0
807147 - virsh snapshot-create --disk-only failed
807555 - Plug memory leak on cmdSnapshotList with failure path
807751 - [libvirt] Failed to set vm niceness with latest libvirt
808371 - libvirtd crashed with SIGSEGV in __strcmp_ssse3()
808459 - USB 2.0 pass-through won't boot guest VM a SECOND time.
808522 - regression in parsing libvirt-generated xml memory limits
808527 - Check for guest agent presence when issuing command
808979 - memory leak in virDomainGetVcpus / virsh vcpuinfo
810100 - occasional segfault while running networkxml2argvtest
810157 - numad: Pre-set memory policy and convert nodeset from numad to CPUs list before affinity setting
810241 - Save the guest to pre-created file on root_squashing export nfs with dynamic_ownership=1 Permission denied
810559 - FTBFS: libvirt has parallel make race that can stop build
811227 - RFE: Ability to specify custom BIOS for QEMU/KVM using <loader> XML (for WHQL testing)
811497 - Deadlock in qemu driver on forced console connection
811683 - deal with change from RHEL 6.2 sync block_job_cancel to RHEL 6.3 async block-job-cancel
813972 - libvirt should reject invalid memory values in xml
814021 - [Doc]There is one typo "virsh list --note" in virsh list manual
814080 - Syscall param rt_sigaction(act->sa_flags) points to uninitialised byte(s)
815270 - [Regression]Libvirtd will die if start a guest with macvtap nic.
815791 - deal with qemu block-job-set-speed race fix
816465 - libvirtd may die after restart the service
816662 - Improve virsh blockpull error message for a offline domain
817078 - libvirtd crashing on rhel 6.3 beta vm
817234 - libvirtd crash when start a net with special MAC address
819014 - blockIoTune modifies live xml even on failure
819498 - libvirt: missing spice channel 'usbredir'
819499 - libvirt: missing spice channel 'default'
819636 - virsh heap corruption due to bad memmove
820461 - numad support is lost in the 6.3 build.
820869 - Fix automatic PCI address assignment for USB2 companion controllers
831164 - CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
i386:
libvirt-0.9.10-21.el6.i686.rpm
libvirt-client-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-python-0.9.10-21.el6.i686.rpm
x86_64:
libvirt-0.9.10-21.el6.x86_64.rpm
libvirt-client-0.9.10-21.el6.i686.rpm
libvirt-client-0.9.10-21.el6.x86_64.rpm
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-python-0.9.10-21.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
i386:
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-devel-0.9.10-21.el6.i686.rpm
libvirt-lock-sanlock-0.9.10-21.el6.i686.rpm
x86_64:
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-devel-0.9.10-21.el6.i686.rpm
libvirt-devel-0.9.10-21.el6.x86_64.rpm
libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
x86_64:
libvirt-0.9.10-21.el6.x86_64.rpm
libvirt-client-0.9.10-21.el6.i686.rpm
libvirt-client-0.9.10-21.el6.x86_64.rpm
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-python-0.9.10-21.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
x86_64:
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-devel-0.9.10-21.el6.i686.rpm
libvirt-devel-0.9.10-21.el6.x86_64.rpm
libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
i386:
libvirt-0.9.10-21.el6.i686.rpm
libvirt-client-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-devel-0.9.10-21.el6.i686.rpm
libvirt-python-0.9.10-21.el6.i686.rpm
ppc64:
libvirt-0.9.10-21.el6.ppc64.rpm
libvirt-client-0.9.10-21.el6.ppc.rpm
libvirt-client-0.9.10-21.el6.ppc64.rpm
libvirt-debuginfo-0.9.10-21.el6.ppc.rpm
libvirt-debuginfo-0.9.10-21.el6.ppc64.rpm
libvirt-devel-0.9.10-21.el6.ppc.rpm
libvirt-devel-0.9.10-21.el6.ppc64.rpm
libvirt-python-0.9.10-21.el6.ppc64.rpm
s390x:
libvirt-0.9.10-21.el6.s390x.rpm
libvirt-client-0.9.10-21.el6.s390.rpm
libvirt-client-0.9.10-21.el6.s390x.rpm
libvirt-debuginfo-0.9.10-21.el6.s390.rpm
libvirt-debuginfo-0.9.10-21.el6.s390x.rpm
libvirt-devel-0.9.10-21.el6.s390.rpm
libvirt-devel-0.9.10-21.el6.s390x.rpm
libvirt-python-0.9.10-21.el6.s390x.rpm
x86_64:
libvirt-0.9.10-21.el6.x86_64.rpm
libvirt-client-0.9.10-21.el6.i686.rpm
libvirt-client-0.9.10-21.el6.x86_64.rpm
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-devel-0.9.10-21.el6.i686.rpm
libvirt-devel-0.9.10-21.el6.x86_64.rpm
libvirt-python-0.9.10-21.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
i386:
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-lock-sanlock-0.9.10-21.el6.i686.rpm
x86_64:
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
i386:
libvirt-0.9.10-21.el6.i686.rpm
libvirt-client-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-devel-0.9.10-21.el6.i686.rpm
libvirt-python-0.9.10-21.el6.i686.rpm
x86_64:
libvirt-0.9.10-21.el6.x86_64.rpm
libvirt-client-0.9.10-21.el6.i686.rpm
libvirt-client-0.9.10-21.el6.x86_64.rpm
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-devel-0.9.10-21.el6.i686.rpm
libvirt-devel-0.9.10-21.el6.x86_64.rpm
libvirt-python-0.9.10-21.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm
i386:
libvirt-debuginfo-0.9.10-21.el6.i686.rpm
libvirt-lock-sanlock-0.9.10-21.el6.i686.rpm
x86_64:
libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm
libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2693.html
https://access.redhat.com/security/updates/classification/#low
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/libvirt.html#RHSA-2012-0748
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.