Executive Summary
Summary | |
---|---|
Title | libvirt security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2015:0323 | First vendor Publication | 2015-03-05 |
Vendor | RedHat | Last vendor Modification | 2015-03-05 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 3.5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated libvirt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service. (CVE-2014-8136) It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. (CVE-2015-0236) The CVE-2015-0236 issue was found by Luyao Huang of Red Hat. Bug fixes: * The libvirtd daemon previously attempted to search for SELinux contexts even when SELinux was disabled on the host. Consequently, libvirtd logged "Unable to lookup SELinux process context" error messages every time a client connected to libvirtd and SELinux was disabled. libvirtd now verifies whether SELinux is enabled before searching for SELinux contexts, and no longer logs the error messages on a host with SELinux disabled. (BZ#1135155) * The libvirt utility passed incomplete PCI addresses to QEMU. Consequently, assigning a PCI device that had a PCI address with a non-zero domain to a guest failed. Now, libvirt properly passes PCI domain to QEMU when assigning PCI devices, which prevents the described problem. (BZ#1127080) * Because the virDomainSetMaxMemory API did not allow changing the current memory in the LXC driver, the "virsh setmaxmem" command failed when attempting to set the maximum memory to be lower than the current memory. Now, "virsh setmaxmem" sets the current memory to the intended value of the maximum memory, which avoids the mentioned problem. (BZ#1091132) * Attempting to start a non-existent domain caused network filters to stay locked for read-only access. Because of this, subsequent attempts to gain read-write access to network filters triggered a deadlock. Network filters are now properly unlocked in the described scenario, and the deadlock no longer occurs. (BZ#1088864) * If a guest configuration had an active nwfilter using the DHCP snooping feature and an attempt was made to terminate libvirtd before the associated nwfilter rule snooped the guest IP address from DHCP packets, libvirtd became unresponsive. This problem has been fixed by setting a longer wait time for snooping the guest IP address. (BZ#1075543) Enhancements: * A new "migrate_host" option is now available in /etc/libvirt/qemu.conf, which allows users to set a custom IP address to be used for incoming migrations. (BZ#1087671) * With this update, libvirt is able to create a compressed memory-only crash dump of a QEMU domain. This type of crash dump is directly readable by the GNU Debugger and requires significantly less hard disk space than the standard crash dump. (BZ#1035158) * Support for reporting the NUMA node distance of the host has been added to libvirt. This enhances the current libvirt capabilities for reporting NUMA topology of the host, and allows for easier optimization of new domains. (BZ#1086331) * The XML file of guest and host capabilities generated by the "virsh capabilities" command has been enhanced to list the following information, where relevant: the interface speed and link status of the host, the PCI Express (PCIe) details, the host's hardware support for I/O virtualization, and a report on the huge memory pages. (BZ#1076960, BZ#1076957, BZ#1076959, BZ#1076962) These packages also include a number of other bug fixes and enhancements. For additional details, see the "Bugs Fixed" section below. 4. Solution: All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing the updated packages, libvirtd will be restarted automatically. Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 706887 - [TestOnly] qemu truncates JSON numbers >= 0x8000_0000_0000_0000 765733 - Error reporting when qemu terminates unexpectedly is inconsistent and sometimes unhelpful 823535 - Libvirt is sensitive to the order in which the video devices are passed 872628 - List available LXC consoles using container_ttys env variable 874418 - clear the error message when dump a guest with pass-through device 876829 - create external checkpoint snapshot will change the guest pmsuspended state and guest hang forever 877244 - Virsh command will delay a long time if restart libvirtd with many virtual networks running 878394 - virsh iface-dumpxml or virt-manager reports "bond interface misses the bond element" for inactive bond interfaces 880483 - Guest can use inactive macvtap-passthrough network 921094 - Missing auditing for serial, parallel, channel, console and smartcard devices 924853 - blockcopy to cifs fails 956506 - virsh snapshot-delete --children-only bypasses safety check for deleting disk-only children 957293 - support libiscsi for SCSI passthrough devices 963817 - Stable SCSI host addressing 964177 - virConnectDomainEventRTCChangeCallback returns wrong offset 967493 - Lockfailure action Ignore will lead to sanlock rem_lockspace stuck 967494 - Lockfailure action Restart can shutdown the guest but fail to start it 972964 - WWN option for Hot Attaching SCSI Disks 983350 - The running Guest was paused while cancel the migration on the third machine 985782 - Some flag values of method are missing in libvirt-python bindings 985980 - virsh vcpuinfo output is difficult to read with large cpu counts 990418 - Provide option to enable/disable 64-bit PCI hole 991290 - Fail to modify the name attribute of ipv6 dhcp host via virsh net-update 992980 - Separate limits for anonymous and authenticated users 994731 - Documentation for virDomainLookupBy* should mention caller's responsibility to free virDomainPtr 995377 - Domain without autostart can't be resumed by the libvirt-guests script after rebooting the host 997802 - domdisplay should show all URI if config both vnc and spice in guest 999926 - Policy denies libvirtd the permission to relabel unix domain sockets 1006700 - need add "interface" to virt-xml-validate manual page 1007698 - The cpu_shares value of domain xml should be consistent with return value of schedinfo. 1007759 - libvirt should forbid to attach a device with boot order for the first time if the os/boot element exists 1021703 - [RFE] Support for qemu-kvm's "-boot splash_time" parameter 1022874 - In man page of virsh, a typo 'COMMMANDS' displays three times 1023366 - [virsh cmd] Error message is not clear for commands blkiotune and schedinfo 1025407 - autoport='yes' doesn't skip over ports in use with IPv6 1027076 - Fail to start lxc with disabled selinux due to the existed empty /selinux 1029266 - Error message is not clear for command nwfilter-define under non-root user. 1029732 - Libvirt can not update/modify queues value of interface element using update-device command 1032363 - document need to pass image name for block backed disks with --disk-only 1033398 - Nodedev-destroy commands both doc and error message when destroy HBA are not clear 1033704 - domain xml: libvirt should take defaultMode value into account when discarding |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2015-0323.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Os | 4 | |
Os | 1 | |
Os | 2 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0304-1.nasl - Type : ACT_GATHER_INFO |
2016-01-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2867-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-070.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-115.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_libvirt_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-03-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0323.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0323.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0323.nasl - Type : ACT_GATHER_INFO |
2015-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2015-1883.nasl - Type : ACT_GATHER_INFO |
2015-02-16 | Name : The remote Fedora host is missing a security update. File : fedora_2015-1892.nasl - Type : ACT_GATHER_INFO |
2015-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-035.nasl - Type : ACT_GATHER_INFO |
2015-02-09 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-112.nasl - Type : ACT_GATHER_INFO |
2015-01-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-023.nasl - Type : ACT_GATHER_INFO |
2015-01-05 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-2.nasl - Type : ACT_GATHER_INFO |
2015-01-05 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-3.nasl - Type : ACT_GATHER_INFO |
2014-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-36.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-12-05 13:27:49 |
|
2015-03-19 13:28:27 |
|
2015-03-06 13:26:03 |
|
2015-03-05 21:22:37 |
|