-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2016:2577-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2577.html Issue date: 2016-11-03 CVE Names: CVE-2015-5160 CVE-2015-5313 CVE-2016-5008 ===================================================================== 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es): * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 846810 - Automagically iptables rules added by libvirt can't be avoided/disabled 868771 - The virtual size of the vol should not be reduced after wiped 921135 - qemu: could not load kernel ... Permission denied 986365 - using polkit with virsh for non-root access does not work via ssh or locally 997561 - RFE: virsh: provide easy pci-passthrough netdev attach command 1002423 - Libvirt should forbid or remove the duplicate /
subelements in element of virtual network 1004593 - libvirt should provide a more useful error message when a PCI controller is configured to plug into itself (bus = index) 1004602 - error message need be improved for q35 guest with wrong controller 1025230 - libvirt activate pool with invalid source. 1026136 - Volume download speed is slow 1038888 - [Doc] 3 problems in nwfilter doc 1046833 - Warn users against setting memory hard limit too high when used for mlock or rdma-pin-all 1051350 - Support the readonly attribute for SCSI passthrough devices 1055331 - virDevicePCIAddressParseXML check failed for PCI device 0000:00:00.0 1077068 - Wrong allocation size when create/resize volumes in NFS pool 1097930 - [RFE] Hot Un-Plug CPU - Support dynamic virtual CPU deallocation - libvirt 1103314 - RFE: configure guest NUMA node locality for guest PCI devices 1103845 - glusterfs backend does not support discard (libvirt) 1120053 - Option shareable does not take effect after injecting a cdrom to guest by attach-disk 1134878 - libvirt reports json "backing file" is missing 1139766 - need a non-event way to determine qemu's current offset from utc 1151723 - migration will hang after use migrate with --graphicsuri and guest status will be locked 1159219 - [RFE] Update-device support update startupPolicy option to domain XML 1163091 - pool allocation value too large after volume creation 1166452 - Report better error message for reordered companion controllers 1168453 - Disk should be removed while using no-exist 'file' type volume with startupPolicy='optional' 1180092 - When set/update graphics password to empty, log in guest with spice and vnc show different behaviour 1180486 - [Power KVM] Floppy disk couldn't be detected on PPC64 guest 1195176 - [RFE] add virtio-gpu and virtio-vga support 1196711 - block job status is missing when zero-length copy job is in mirroring phase 1197592 - blockcopy always failed when with option "--pivot" 1209802 - Blockcopy for lun device changes disk type=block to file, however, it's unsupported configuration 1210587 - When libvirt automatically fill up SCSI virtual disk's target address, it doesn't check existing hostdev SCSI device's target address, and this will cause conflict. 1215968 - Libvirt does not generate guest USB addresses 1216281 - Guest show blackscreen after resume the guest which paused by watchdog 1220702 - wrong display of current memory after memory hot-plug 1227880 - update floppy command line options for QEMU's pc-q35-rhel7.2.0+ machine types 1231114 - [RFE] add virtio-input support 1233003 - Manually created LVM is deleted by virsh vol-create-as if it is having the same name 1233115 - Blockcopy always fail when use options "granularity" 1235180 - guest will have broken settings if we cold-unplug a vcpu which included in some domain vcpu sched 1235581 - RFE: Enable the intel-iommu device in QEMU 1240439 - Add multiqueue support for 'direct' interface types. 1243684 - Virsh client doesn't print error message when the connection is reset by server on some ocassion. 1244128 - Setvcpu should inherit the cputune value in cgroups was set before via schedinfo 1244567 - Guest agent should report proper error while guest agent was unreachable and restart libvirtd service 1245476 - error not right when set memtune but get failed 1245525 - libvirt should reject metadata elements not belonging to any namespace 1245647 - CVE-2015-5160 libvirt: Ceph id/key leaked in the process list 1247521 - RFE: libvirt: support multiple volume hosts for gluster volumes 1247987 - volume info has incorrect allocation value for extended partition. 1248277 - no error output when pass a negative number to setvcpus 1249441 - cpu-stats returns error messages with --start (number >=32) 1249981 - iothreadpin will pin one of libvirtd thread with qemu 1.5 1250287 - domfsinfo do not have output in quiet mode 1250331 - Change-media cannot insert if disk source element with startupPolicy 1251461 - libvirt produced ambiguous error message when create disk pool with a block device which has no disk label 1253107 - blkiotune cannot live update value into domain xml via --weight 1254152 - error should be improved when use some virsh command get failure 1256999 - libvirt shouldn't add extra "auth type" into domain xml when using iscsi volume disk with secret setting. 1257486 - libvirt could have a check to host node during use numatune 1260576 - guest which use big maxmemory will lose track after restart libvirtd 1260749 - RFE: support QXL vram64 parameter 1261432 - net-dhcp-leases should return error when parse invalid mac 1263574 - vpx: Include dcpath output in libvirt XML 1264008 - libvirt take too much time to redefine a guest when set a big iothreads 1265049 - Offline migration failed with memory device when guest is shutoff. 1265114 - Wrong error when call allocPages and specify a 0 page size 1266078 - Audit log entries for hot(un)plugged memory devices are sometimes incorrect 1266982 - libvirt should emit warning/error if vhostuser network device is used, but shared memory is not configured 1267256 - do not crash if a machine config in /etc/libvirt is missing a machine type 1269575 - Guest state "crashed" does not get updated after "virsh reset" 1269715 - Can't start VM with memory modules if memory placement is auto 1270427 - libvirt should escape possible invalid characters. 1270709 - Volume's allocation should be updated automatically while doing virsh vol-wipe 1270715 - Wrong display of numatune result if guest use numad advise 1271069 - Change media fail with virtio scsi cdrom when tray is open 1271107 - The vaule of Used memory in 'virsh dominfo' is 0 when the guest is shut off 1272301 - virsh client crash when pass an empty string to dump option format 1273480 - ppc64le: VFIO doesn't work for small guests (1 GiB) 1273491 - VM with attached VFIO device is powered off when trying to hotplug increase memory of VM. 1273686 - libvirt do not check the if the serial type is changed during migrate/save 1275039 - internal error: Invalid or not yet handled value 'emptyBackingString' for VMX entry 'ide1:0.fileName' for device type 'cdrom-image' 1276198 - Fail to create pool with a virtual HBA in NPIV 1277121 - CVE-2015-5313 libvirt: filesystem storage volume names path traversal flaw 1277781 - Libvirtd segment fault when create and destroy a fc_host pool with a short pause 1278068 - cannot start virtual machine after renaming it 1278404 - error "unsupported migration cookie feature memory-hotplug" is reported despite migration working 1278421 - Cannot PXE boot using VF devices 1278727 - "virsh domjobinfo" hangs on destination host during migration. 1281706 - virsh domcontrol will show different result to a inactive guest 1281707 - some virsh cmd get failure without set error message 1281710 - It's better support to delete snapshots for rbd volume 1282288 - Unable to set permission when a volume is created in root squash netfs pool 1282744 - Actual downtime - Sometimes libvirt doesn't report 'downtime_net' in jobStats while migrating VM/s 1282846 - libvirt can not start a VM with non-ACSII or long names: Invalid machine name (from systemd) 1283085 - Creating external disk snapshot for a guest which has two disks with the same prefix namei1/4the disks become the same name in xml 1285665 - Fail to valid the guest's xml while set the graphical listen as ipv6 address which end with "::" on rhel7 1286679 - Rebase libvirt to current upstream release 1288000 - Virsh lacks support for the scale (MiB/s OR Bytes/s) for block job bandwidth 1288690 - Error message misleads users when 2 or more IDE controllers are configured 1289288 - Live Migration dynamic cpu throttling for auto-convergence (libvirt) 1289363 - 59-character name-length limitation when creating VMs 1289391 - Libvirt incorrectly unplug the backend when host device frontent hotplug fails 1290324 - libvirt should forbid set current cpu is 0 in xml 1293241 - libvirt should forbid set 0,^0 in cpuset instead of generate a xml which have broken settings 1293804 - libvirt fails to unlink the image disks after creating VMs using virt-install: cannot unlink file 'FOO': Success 1293899 - Libvirt mishandle the internal snapshot with AHCI device 1294617 - Migration fails with -dname option when guest agent is specified 1297020 - ppc64 guests default to legacy -usb option instead of -device pci-ohci 1297690 - XML-RPC error : Cannot write data: Transport endpoint is not connected 1298065 - The size of raw image is incorect after clone without --nonsparse 1299696 - Set spice graphic port to '-1', the port allocated to the guest can't be used again after the guest is managedsaved or shutoff. 1301021 - RFE: add support for LUKS disk encryption format driver w/ RBD, iSCSI, and qcow2 1302373 - libvirt_driver_qemu.so references libvirt_driver_storage.so 1305922 - Set cgroup device ACLs to allow block device for NVRAM backing store 1306556 - [RFE] Allow specifying cpu pinning for inactive vcpus 1308317 - libvirt check the wrong cpu placement status when change the emulator/iothreadpin configuration 1312188 - virtlogd failed to open guest log file while doing migration 1313264 - direct interface with multiqueue enabled donesn't support hotplugging 1313314 - libvirt will not override a target name with prefix of 'vif' in guest's xml interface part, which do not conform to the description in libvirt.org 1313627 - Fail to restore vm with usb keyboard config on ppc64le 1314594 - Libvirt should reject to rename a domain in saved status. 1315059 - improve the error when undefine transient network 1316371 - libvirt auto remove the vcpupin config when cold-unplug vcpu 1316384 - libvirt report wrong error when parse vcpupin info 1316420 - libvirtd crashed if set vcpusched vcpus over maxvcpu 1316433 - cmd domstats cause libvirtd memleak 1316465 - active virtual network based on linux bridge will becase inactive after libvirtd restart 1317531 - libvirt does not report PCI_HEADER_TYPE in node device XML 1318569 - Eject cdrom fails since tray is locked but next try succeeds 1318993 - vol-create-from failed for logical pool 1319044 - log error when requested on a 1320447 - [RFE] Report memory hotunplug failure 1320470 - Migrating guest with default guest agent socket path from 1.3.x to 1.2.17 failed 1320500 - migration from RHEL6.8 to RHEL7.3 host failed with error "Unsupported migration cookie feature persistent" 1320836 - when vol-create-as a volume with invalid name in a disk pool, libvirt produced error, but parted still created a partition and multipathd didn't generate symbolic link in /dev/mapper 1320893 - libvirt-python: rename a domain with empty string will make it disappear 1321546 - libvirt fails to create a macvtap deivce if an attempted name was already created by some process other than libvirt 1322210 - Fail to hotplug guest agent with libvirt-1.3.2-1.el7 1323085 - generate bootindex even when is specified 1324551 - Hotplug of memory/rng device fails after unplugging device of the same type that is not last 1324757 - libvirtd crashed if destroy then start a guest which have redirdev device 1325043 - libvirt forget free priv->machineName when clear guest resource 1325072 - "virtlogd --verbose" doesn't output verbose messages 1325075 - The old logging way(file) is used when no qemu.conf file exists 1325080 - Virtlogd doesn't release client resource after guest restore from a saved file. 1325757 - virsh create fails if