-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise Virtualization Manager 3.2 update Advisory ID: RHSA-2013:0888-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0888.html Issue date: 2013-06-10 CVE Names: CVE-2013-2144 ===================================================================== 1. Summary: Red Hat Enterprise Virtualization Manager 3.2 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV-M 3.2 - noarch 3. Description: Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that permission checks were not performed on the target storage domain when cloning a virtual machine from a snapshot. An attacker could use this flaw to perform a denial of service attack, exhausting free disk space on the target storage domain. (CVE-2013-2144) The CVE-2013-2144 issue was discovered by Daniel Erez of Red Hat. This update also fixes various bugs. Refer to the Technical Notes for information about these changes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829625 - RESTAPI: API should expose hypervisor version 837907 - PRD32 - RFE: Add support for iLO2 and iLO4 as a fencing (Power Management) options [TEXT] 838457 - PRD32 - webadmin: the default of the tree should be expanded with DCs, at least 838469 - PRD32 - [RFE] Support cpu -host (passthrough) for virtual machines 838470 - PRD32 - [RFE] Allow e1000 to be selected as nic type for Windows VM 839205 - ovirt-engine-restapi : [RFE] There is no way to know which hooks are installed on a host 843058 - Can't run large amount of VMs simultaneously. Getting error Cant find VDS to run the VM. 843410 - PRD32 - Allow non plugin automatic invocation of console session (basic - no cd, disconnect reason, etc.) 845022 - ovirt-engine-backend [Quota]: superuser cannot add or run a vm when quota policy is changed to enforce when there is no quota defined 848398 - remove special restrictions on Windows templates names 854489 - PRD32 - webadmin: Add a new Disks tab under the Storage tab in the UI 854535 - PRD32 - bootstrap: support longer bootstrap duration 854540 - PRD32 - pki: use PKCS#12 format to store keys 854964 - [Storage] There is a scenario when VM might have several bootable disks which is wrong. 855630 - [RFE] Add tool tip for configuration a Quota feature 858742 - PRD32 - Networks Main Tab 859762 - ovirt-engine-backend : search engine does not complete values for disks:bootable and disks:sharable 861098 - RESTAPI: Mapping of empty name in user object 861576 - PRD32 - packaging: use yum API 862797 - Rhev-m admin GUI logs actions done by in the Events tab 866123 - PRD32 - RFE: Allow plugins to add events into the engine's event log 866889 - PRD32 - vdsm-bootstrap rewrite 867543 - PRD32 - RFE: collect host bios information 868626 - RESTAPI: api should allow detailed resource listing via header/matrix parameter 870159 - 3.2 - storage: set block schedule elevator using udev 870352 - [ja_JP] Test case failure: Check the message for Alert/Events/Tasks: The Date part of the message contains minutes in the month-section. 871371 - PRD32 - RFE: allow to define termination protection per vm (block delete without a config change) 871802 - [engine-core] Null Pointer Exception when during “preview mode” action, service ovirt-engine restart (TryBackToAllSnapshotsOfVm threw an exception: java.lang.NullPointerException), and all disks VM enter to Locked state 872506 - Importing a VM from an OVF without the diskAlias property with copyCollapse=false will not auto-generate disk aliases 873581 - PCI addresses are deleted when VM Template is imported 874019 - ovirt-engine-backend: Non-operational Hosts that been switched to 'Maintenance' returns to non-operational status when disconnectStoragePool fails. 874080 - PRD32 - [RFE] engine [Live Storage Migration]: cannot concurrently live migrate several disks of the same VM 875527 - PRD32 - bootstrap: do not get unique id at canDoAction 875528 - PRD32 - bootstrap rewrite (engine) 875814 - Use appropriate caching policy for GWT application resources 876109 - Ovirt-engine-backend: AuditLog throws exception when attempting to Add Direct-Lun to VM. 876235 - PRD32 - Do not force fencing proxy to be in UP status 877818 - [RFE] Need indication that GWT app is loading 878064 - engine: Error while executing action SetVmTicket: Unexpected exception 878509 - Power User Portal (a.k.a User Portal "Extended" tab): Improve performace on IE8 / Windows XP 878778 - engine [RACE]: cancel migration will fail because domain no longer exists in src by the time cancel is sent 879291 - left-pane tree: "expand all" should fully-expand only the selected tree-node (and not the entire tree, unless "System" is selected) 879308 - Tree title should be changed 879930 - ovirt-engine-backend [Scalability]: The queries getstorage_domains_by_storagepoolid && getdisksvmguid caused postmaster processes to consume constantly 100%cpu. 880969 - ovirt-engine-backend [Scalability]:Problematic query 'getallfromvms' causes user portal to become stuck after user login. 881024 - PRD32 - [RFE] Adding the ability to remove a VM without removing its disks 882651 - PRD32 - CDROM payload should not interfere with devices of the same type 882807 - PRD32-GLUSTER - Forced removal of a host 882812 - PRD32-GLUSTER - Configuration sync with Gluster CLI 882813 - PRD32-GLUSTER - Import of existing gluster clusters 882824 - PRD32-GLUSTER - search support for gluster volumes 882837 - PRD32 - engine - if connect storage pool fails on version mismatch, do reconstruct master 882847 - upgrade 3.0 to 3.1: event notification is not sent. 883871 - [RESTAPI] Disk move action missing. 885391 - PRD32 - webadmin: support ui-plugins 886133 - PRD32 - [RFE] Add the ability to scan/import existing disk images in a storage domain using REST-API 886709 - PRD32 - bootstrap: fetch logs to engine 886824 - 'Configure Local Disk' does not work properly in Japanese environment 887230 - Units for statistics of host NICs are wrong: BYTES_PER_SECOND should be MEGABYTES_PER_SECOND. 887741 - ISO uploader: on upgrade, change the default port for 'rhevm' in /etc/ovirt-engine/isouploader.conf to localhost:8443 (and not the default 443) 888689 - [User Portal] An user with UserRole assigned to a pool does not see pool's VMs 889795 - engine: we use gzip -9 to zip files in engine instead of xz (vdsm already uses xz) 889985 - [ovirt-engine] auto-recovery for storage server should change to "True", auto-recovery for hosts should be True by default on engine as in DB. 891279 - [RFE] Backend: 'migration complete' event should include the destination VDS, not the source [TEXT] 891280 - [RFE] [Admin Portal] - Add a Console button in Hosts -->VMs tab. 892532 - [ovirt-engine-backend] DB upgrade from 3.0 to 3.1 fails 892724 - engine: java.lang.IndexOutOfB oundsException for undo/commit of preview on snapshot with no disks 894020 - PRD32 - [RFE] spice seamless migration support in win client 894288 - RHEVM GUI: Failure to language selection in specific case 894345 - PRD32 - [RFE] Spice arbitrary resolution 894396 - PRD32 - [RFE] Spice native usb live migration support in win client 894681 - RFE: Engine should support having configurable entries for ldap servers per domain 895049 - Reports should be able to be installed from scratch on an upgraded system 895103 - Provide native dialog for showDialog() UI plugin API instead of browser window 903287 - When creating a network the default network doesn't get chosen. 905446 - Lexicographic sorting by IP when searching for VMs 905564 - [Upgrade] [Live Storage Migration] Auto generated snapshot for Live Storage migration can not be deleted. 907232 - Custom Materialized Views should be treated differently from regular product Materialized Views 907240 - [SetupNetworks] Slaves data sent by the user is being overridden with engine's data 908745 - RFE: change VdsRefreshTimeout to 3 seconds 912449 - [rhevh] can't upgrade to newer version due to 'ovirt ISOs directory not found' 912697 - When importing a VM with collapseSnapshots=false not all images are actually imported 915036 - REST-API : server replies in yaml instead of xml on GET: /api/vms/xxx/reporteddevices 915675 - Gluster volume is stopped, but brick status on the UI is still 'UP' 915950 - Resizable columns in sub-tabs 916582 - REST API - Omit of prefer header doesn't turn off session based authentication 916728 - [ovirt-engine-backend] Upgrade from 3.1 to 3.2 fails 917522 - [RHEVM] [backend] VNIC plug/unplug is incorrectly reported in logs 917698 - [User Portal] VM action buttons are now missing static IDs (needed for automated testing) 917719 - engine: CreateAllSnapshotsFromVm threw an exception during vdsm restart 919672 - [webadmin] After import vm/template values in subtab general of vm/template stuck. 921201 - rhevm-upgrade is failing between si26.4 to si27.4 (3.1.3) in async task cleanup 923443 - Gateway is not defined after bonding the RHEVM interface. 923614 - procedures are owned by postgres instead of engine user 923992 - engine: engine deletes live storage migration destination copy after finish the copy (storage live migration doesn't work) 924605 - Spice proxy setting in console configuration popup dialog 948282 - Transaction errror during CreateSnapshotFromTemplate (child of AddVmCommand) 950073 - import reported as successful too early 953690 - VM taken by a user from a prestarted pool does not show as "Up" until page refreshed 956378 - please add tool-tips for grid column-headers 957051 - Add spice console invocation method switching to console dialog 957611 - Add the 'mount ISO from SPICE client' functionality back into RHEV 971058 - CVE-2013-2144 rhevm: insufficient target domain permission check when cloning a VM from a snapshot 6. Package List: RHEV-M 3.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-3.2.0-11.30.el6ev.src.rpm noarch: rhevm-3.2.0-11.30.el6ev.noarch.rpm rhevm-backend-3.2.0-11.30.el6ev.noarch.rpm rhevm-config-3.2.0-11.30.el6ev.noarch.rpm rhevm-dbscripts-3.2.0-11.30.el6ev.noarch.rpm rhevm-genericapi-3.2.0-11.30.el6ev.noarch.rpm rhevm-notification-service-3.2.0-11.30.el6ev.noarch.rpm rhevm-restapi-3.2.0-11.30.el6ev.noarch.rpm rhevm-setup-3.2.0-11.30.el6ev.noarch.rpm rhevm-setup-plugin-allinone-3.2.0-11.30.el6ev.noarch.rpm rhevm-tools-common-3.2.0-11.30.el6ev.noarch.rpm rhevm-userportal-3.2.0-11.30.el6ev.noarch.rpm rhevm-webadmin-portal-3.2.0-11.30.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2144.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0888.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtj7IXlSAg2UNWIIRAiesAJsF2IsIlB29gV2HXx7ogjyjimQ9ugCgo9/K V5npRp2hAYsl6OKBWL59dJ8= =fTDx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce