Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: libvirt security, bug fix, and enhancement update

Related Vulnerabilities: CVE-2012-3411   CVE-2012-3411  

Source

Synopsis

Moderate: libvirt security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

Updated libvirt packages that fix one security issue, multiple bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

It was discovered that libvirt made certain invalid assumptions about
dnsmasq's command line options when setting up DNS masquerading for virtual
machines, resulting in dnsmasq incorrectly processing network packets from
network interfaces that were intended to be prohibited. This update
includes the changes necessary to call dnsmasq with a new command line
option, which was introduced to dnsmasq via RHSA-2013:0277. (CVE-2012-3411)

In order for libvirt to be able to make use of the new command line option
(--bind-dynamic), updated dnsmasq packages need to be installed. Refer to
RHSA-2013:0277 for additional information.

These updated libvirt packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked
to in the References, for information on the most significant of these
changes.

All users of libvirt are advised to upgrade to these updated packages,
which fix these issues and add these enhancements. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

  • BZ - 695394 - default migration speed is too low for guests with heavy IO
  • BZ - 713922 - virsh man page refers to unspecified "documentation"
  • BZ - 724893 - RFE: better message when start the guest which CPU comprises flags that host doesn't support
  • BZ - 770285 - cpu-compare fails inside virtualized hosts
  • BZ - 770795 - blkioParameters doesn't work
  • BZ - 770830 - --config doesn't work correctly for blkiotune option --device-weight
  • BZ - 771424 - RFE: Resident Set Size (RSS) limits on qemu guests
  • BZ - 772290 - RFE: Configurable VNC start port or ability to exclude use of specific ports
  • BZ - 787906 - [python binding] migrateGetMaxSpeed did not work right with parameters
  • BZ - 789327 - [RFE] Resume VM from s3 as a response for monitor/keyboard/mouse action
  • BZ - 798467 - libvirt doesn't validate a manually specified MAC address for a KVM guest
  • BZ - 799986 - libvirtd should explicitly check for existance of configured sanlock directory before trying to register lockspace
  • BZ - 801772 - RFE: Use scsi-hd, scsi-cd instead of scsi-disk
  • BZ - 803577 - virsh attach-disk should detect disk source file type when sourcetype is not specified
  • BZ - 804601 - Controllers do not support virsh attach/detach-device --persistent
  • BZ - 805071 - RFE : Dynamically change the host network/bridge that is attached to a vNIC
  • BZ - 805243 - [RFE] add some mechanism to pre-populate credentials for libvirt connections
  • BZ - 805361 - RFE: privnet should work well with lxc
  • BZ - 807545 - the programming continue to run when executing virsh snapshot-list with --roots and --from mutually exclusive options
  • BZ - 807907 - Tunnelled migration sometimes report error when do scalability test
  • BZ - 807996 - libvirtd may hang during tunneled migration
  • BZ - 810799 - virsh list and "--managed-save " flag can't list the domains with managed save state
  • BZ - 813191 - virt-xml-validate fail for pool, nodedev and capabilities
  • BZ - 813735 - Non detection of qemu TCG mode support within a RHEL VM
  • BZ - 813819 - Unable to disable sending keep-alive messages
  • BZ - 815644 - There is no executable permission on default pool.
  • BZ - 816448 - inaccurate display for status of stopped libvirt-guests service
  • BZ - 816503 - [RFE] Ability to configure sound pass-through to appear as MIC as opposed to line-in
  • BZ - 816609 - [libvirt] python bindings have inconsistent handling of float->int conversion
  • BZ - 817219 - Don't allow to define multiple pools with the same target
  • BZ - 817239 - dominfo outputs incorrectly for memory unit
  • BZ - 817244 - Issues about virsh -h usage
  • BZ - 818467 - Improve libvirt debug capability
  • BZ - 818996 - [rfe] allow to disable usb & vga altogether
  • BZ - 819401 - [LXC] virsh dominfo can't get a correct VCPU number
  • BZ - 820173 - Libvirtd fails to initialize sanlock driver
  • BZ - 821665 - unclear error message: qemu should report 'lsi' is not supported
  • BZ - 822068 - libvirtd will crash when hotplug attah-disk to guest
  • BZ - 822340 - There are some typos when virsh connect source guest server with ssh PermitRootLogin disabled
  • BZ - 822373 - libvirtd will crash when tight loop of hotplug/unplug PCI device to guest without managed=yes
  • BZ - 823362 - vol-create-as should fail when allocate a malformed size image
  • BZ - 823765 - libvirt should raise an error when set network with special/invalid MAC address
  • BZ - 823850 - find-storage-pool-sources/ find-storage-pool-sources-as can't return XML describing of netfs/iscsi pool
  • BZ - 823857 - guest can't start with unable to set security context error if guests are unconfined
  • BZ - 824253 - manpage: document limitations on identifying domains with numeric names
  • BZ - 825068 - Start a guest with assigned usb device which is used by another guest will reset the label
  • BZ - 825108 - unexpected result from virt-pki-validate
  • BZ - 825600 - spice client could not disconnect after update graphics with connected='disconnect'
  • BZ - 825699 - Can't start pool with uuid and other commands with uuid issue
  • BZ - 825820 - Libvirt is missing important hooks
  • BZ - 827234 - potential to deadlock libvirt on EPIPE
  • BZ - 827380 - Minimum value for nodesuspend time duration need be given in virsh manual or help
  • BZ - 827519 - "Unable to determine device index for network device" when attaching new network device to a guest that already has a netdev of type='hostdev'
  • BZ - 828023 - [libvirt] Setting numa parameters causes guest xml error
  • BZ - 828640 - valgrind defects some use-after-free errors - virsh console
  • BZ - 828676 - virt-xml-validate validate fails when xml contains kernel/initrd/cmdline elements
  • BZ - 828729 - CPU topology parsing bug on special NUMA platform
  • BZ - 829107 - valgrind defects some use-after-free errors - virsh change-media
  • BZ - 829246 - virsh detach-disk will be failed with special image name
  • BZ - 829562 - virsh attach-disk --cache does not work
  • BZ - 830051 - [Doc] virsh doc has error/omission on device commands and nodedev commands
  • BZ - 830057 - man doc of vol-create-as format is lack of qed and vmdk
  • BZ - 831044 - #libvirtd error messages should be fixed
  • BZ - 831049 - Update libvirtd manpage to describe how --timeout works & its usage limitations
  • BZ - 831099 - add the ability to set a wwn for SCSI disks
  • BZ - 831149 - virt-manager causes iowait, due to rewriting XML files repeatable
  • BZ - 832004 - vncdisplay can't output default ip address for the vnc display
  • BZ - 832081 - Fix keepalive issues in libvirt
  • BZ - 832156 - RFE: Support customizable actions when sanlock leases are lost
  • BZ - 832302 - libvirt shouldn't delete an existing unregistered volume in vol-create
  • BZ - 832309 - [Doc]Problems about manual and help of virsh desc command
  • BZ - 832329 - [Doc]Problems about help of virsh domiftune command
  • BZ - 832372 - [Doc]Problems about manual and help of virsh dompmsuspend command
  • BZ - 833327 - [Doc]The abbreviation of domain name-id-uuid arguments are inconsistent in manual
  • BZ - 833674 - Deactivate memory balloon with type of none get wrong error info
  • BZ - 834365 - Improve error message when trying to change VM's processor count to 0
  • BZ - 834927 - virConnectDomainEventRegisterAny won't register the same callback for the same event but for different domains
  • BZ - 835782 - when create the netfs pool, virsh pool-create-as do not remount the target dir which is mounted for another device firstly.
  • BZ - 836135 - spice migration: prevent race with libvirt
  • BZ - 837466 - virsh report error when quit virsh connection
  • BZ - 837470 - libvirtd crash when virsh find-storage-pool-sources
  • BZ - 837485 - can not start vdsmd service after update the libvirt packages
  • BZ - 837542 - [regression]can't undefine guest after guest saved.
  • BZ - 837544 - snapshot-list return core dumped
  • BZ - 837761 - [Doc] Inaccurate description about force option in change-media help
  • BZ - 837884 - per-machine-type CPU models for safe migration
  • BZ - 839537 - Error occurs when given hard_limit in memtune more than current swap_hard_limit
  • BZ - 839557 - [Doc]Need to explain in manual that the output memory of memtune command may be rounded
  • BZ - 839661 - libvirt: support QMP event for S4
  • BZ - 839930 - There is no message if debug level number is out of scope when run a virsh command with -d option
  • BZ - 842208 - "Segmentation fault" when use virsh command with vdsm installed
  • BZ - 842272 - include-passwd option can't worked when using domdisplay.
  • BZ - 842557 - libvirt doesn't check ABI compatibility of watchdog and channel fully
  • BZ - 842966 - [snapshot] snapshot-info report unknow procedure error even snapshot-info works well
  • BZ - 842979 - [Regression] lxc domain fail to start due to not exist cgroup dir
  • BZ - 843324 - snapshot-edit will report error message but return 0 when do not update xml
  • BZ - 843372 - disk-only snapshot create external file even if snapshot command failed
  • BZ - 843560 - Add live migration support for USB
  • BZ - 843716 - The libvirtd deamon was killed abnormally when i destroy a domain which was in creating process
  • BZ - 844266 - Fail to modify the domain xml with saved file
  • BZ - 844408 - after failed hotplug qemu keeps the file descriptor open
  • BZ - 845448 - [blockcopy]sometimes Ctrl+C can't terminate blockcopy when use --wait with other options
  • BZ - 845460 - exit console will crash libvirtd
  • BZ - 845468 - snapshot-list --descendants --from will core dumped
  • BZ - 845521 - Plug memory leak after escaping sequence for console
  • BZ - 845523 - Use after free when escaping sequence for console
  • BZ - 845635 - Return a specific error when qemu-ga is missing or unusable during a live snapshot (quiesce)
  • BZ - 845893 - Double close of FD when failing to connect to a remote hypervisor
  • BZ - 845958 - libvirt domain event handler can not catch domain pmsuspend and get error when pmwakeup
  • BZ - 845966 - libvirt pmsuspend to disk will crash libvirtd
  • BZ - 845968 - numatune command can't handle nodeset with '^' for excluding a node
  • BZ - 846265 - virsh blkdeviotune fail
  • BZ - 846629 - Failed to run cpu-stats when cpuacct.usage_percpu is too large
  • BZ - 846639 - Should forbid suspend&resume operate when guest in pmsuspend status.
  • BZ - 848648 - [Doc] Add annotation about how to enable stack traces in log messages
  • BZ - 851391 - Throw out "DBus support" error in libvirtd.log when restart libvirtd
  • BZ - 851395 - xml parse error occur after upgrade to the newest package
  • BZ - 851397 - can not start guest in rhevm
  • BZ - 851423 - virsh segmentation fault when using find-storage-pool-sources
  • BZ - 851452 - unexpected result of virsh save when stop libvirtd
  • BZ - 851491 - Libvirtd crash when set "security_default_confined = 0" in qemu.conf
  • BZ - 851959 - cpuset can be set in two places.
  • BZ - 851963 - Guest will be undefined if remove channel content
  • BZ - 851981 - The migration with macvtap network was denied by the target when i set "setenforce 1" in the target
  • BZ - 852260 - AFFECT_CURRENT flag does not work well in set_scheduler_parameters when domain is shutoff
  • BZ - 852383 - libvirtd dead when start a domain with openvswitch interface
  • BZ - 852592 - libvirtd will be crashed when run vcpupin more than once
  • BZ - 852668 - libvirt got security label parse error with xml
  • BZ - 852675 - [Graphical framebuffer] update device with connected parameter "fail", guest's xml changed
  • BZ - 852984 - virsh start command will be hung with openvswitch network interface
  • BZ - 853002 - [qemu-ga]shutdown guest by qemu-guest-agent will successful but report error
  • BZ - 853043 - guest can't start with unable to set security context error if guests are unconfined
  • BZ - 853342 - [doc]There are some typos in CPU Tuning part of the formatdomain.html
  • BZ - 853567 - Request for taking fix for PF shutdown in 802.1Qbh
  • BZ - 853821 - virsh reboot with 'agent' shutdown mode will hang
  • BZ - 853925 - [configuration][doc] set security_driver in qemu.conf
  • BZ - 853930 - It is failed to start guest when the number of vcpu is different between <vcpu> and <cputune/>
  • BZ - 854133 - libvirt should check the range of emulator_period and emulator_quota when set them with --config
  • BZ - 854135 - The libvirt domain event handler can't catch the disconnecting information when disconnected the guest
  • BZ - 855218 - Problems on CPU tuning
  • BZ - 855237 - [libvirt] Add a new boot parameter to set the delay time before rebooting
  • BZ - 855783 - improve error message for secret-get-value
  • BZ - 856247 - full RHEL 6.4 block-copy support
  • BZ - 856489 - Modify target type of channel element from 'virtio' to 'guestfwd' will cause libvirtd crash
  • BZ - 856528 - List option --state-shutoff should filter guest properly
  • BZ - 856864 - Do live migration from rhel6.1.z release version to rhel6.4 newest version and back will get "error Unknown controller type 'usb'"
  • BZ - 856950 - Deadlock on libvirt when playing with hotplug and add/remove vm
  • BZ - 856951 - The value of label is wrong with static dac model in xml
  • BZ - 857013 - Failed to run cpu-stats after vcpu hotplug
  • BZ - 857341 - fail to start lxc domain
  • BZ - 857367 - destroy default virtual network throw error in libvirtd.log
  • BZ - 858204 - The libvirt augeas lens can't parse a libvirtd.conf file where host_uuid is present
  • BZ - 859320 - libvirt auth.conf make virsh cmd Segmentation fault (core dumped)
  • BZ - 859331 - Create new guest fail with usermode
  • BZ - 859712 - [libvirt] Deadlock in libvirt after storage is blocked
  • BZ - 860519 - security: support for names on DAC labels
  • BZ - 860907 - It reported an error when checked the schedinfo of the lxc guest
  • BZ - 860971 - There should be a comma between "kvmclock" and "kvm_pv_eoi" in qemu-kvm cmd generated by libvirt
  • BZ - 861564 - fail to start lxc os container
  • BZ - 863059 - Unable to migrate guest: internal error missing hostuuid element in migration data
  • BZ - 863115 - libvirt calls 'qemu-kvm -help' too often
  • BZ - 864097 - Cannot start domains with custom CPU model
  • BZ - 864122 - virtualport parameter profileid in a <network> or <portgroup> causes failure to initialize guest interface
  • BZ - 864336 - [LXC] destroy domain will hang after restart libvirtd
  • BZ - 864384 - virsh list get error msg when connect ESXi5.0 server
  • BZ - 865670 - Warning messages "Found untested VI API major/minor version 5.1" show when connect to esx5.1 server
  • BZ - 866288 - libvirtd crashes when both <boot dev='...'/> and <boot order='...'/> are used in one domain XML
  • BZ - 866364 - libvirtd crash when edit a net with some operation
  • BZ - 866369 - libvirt: terminating vm on signal 15 when hibernate fails on ENOSPACE
  • BZ - 866388 - libvirt: no event is sent to vdsm in case vm is terminated on signal 15 after hibernate failure
  • BZ - 866508 - Fail to import libvirt python module due to 'undefined symbol: libssh4_agent_free'
  • BZ - 866524 - use-after-free on virsh node-memory-tune
  • BZ - 866999 - CPU topology is missing in capabilities XML when libvirt fails to detect host CPU model
  • BZ - 867246 - [LXC] A running guest will be stopped after restarting libvirtd service
  • BZ - 867372 - Can not change affinity of domain process with "cpuset "of <vcpu> element.
  • BZ - 867412 - libvirt fails to clear async job when p2p migration fails early
  • BZ - 867724 - Libvirt sometimes fails to wait on spice to migrate
  • BZ - 867764 - default machine type is detected incorrectly
  • BZ - 868389 - virsh net-update to do a live add of a static host to a network that previously had no static hosts, reports success, but doesn't take effect until network is restarted.
  • BZ - 868483 - multiple default portgroups erroneously allowed in network definitions
  • BZ - 868692 - Libvirt: Double dash in VM causes it to disappear - bad parsing of XML
  • BZ - 869096 - Vcpuinfo don't return numa's CPU Affinity properly on mutiple numa node's machine
  • BZ - 869100 - poor error message for virsh snapshot-list --roots --current
  • BZ - 869508 - the option --flags of virsh nodesuspend command should be removed
  • BZ - 869557 - Can't add more than 256 logical networks
  • BZ - 870099 - virsh emulatorpin still can work when vcpu placement is "auto".
  • BZ - 870273 - coding errors in virsh man page
  • BZ - 871055 - libvirt should support both upstream and RHEL drive-mirror
  • BZ - 871201 - If libvirt is restarted after updating dnsmasq or radvd packages, a subsequent "virsh net-destroy" will fail to kill the dnsmasq/radvd processes
  • BZ - 871312 - emulatorpin affinity isn't the same as Cpus_allowed_list of emulator ' thread when cpuset is specified
  • BZ - 872104 - wrong description of net-update option(config, live and current)
  • BZ - 872656 - virNodeGetMemoryParameters is broken on older kernels
  • BZ - 873134 - setting current memory equal to max will end with domain start as current > max
  • BZ - 873537 - virsh save will crash libvirtd sometimes
  • BZ - 873538 - [Regression] Define domain failed in ESX5.1
  • BZ - 873792 - libvirt: cancel migration is sent but migration continues
  • BZ - 873934 - Failed to run Coverity on libvirt RHEL source rpm
  • BZ - 874050 - virsh nodeinfo can't get the right info on AMD Bulldozer cpu
  • BZ - 874171 - virsh should make external checkpoint creation easy
  • BZ - 874330 - First autostarted guest has always id 1
  • BZ - 874549 - libvirt_lxc segfaults when staring lxc through openstack
  • BZ - 874702 - CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy
  • BZ - 874860 - libvirt fails to start if storage pool contains image with missing backing file
  • BZ - 876415 - virDomainGetVcpuPinInfo might fail to show right CPU affinity setting
  • BZ - 876816 - libvirt should allow disk-only (external) snapshots of offline VMs
  • BZ - 876817 - virsh should make it easier to filter snapshots by type
  • BZ - 876828 - the qcow2 disk's major:minor number still exists in guest's devices.list after hot-unplug
  • BZ - 876868 - virsh save guest with an no-exist xml should show error msg
  • BZ - 877095 - libvirt doesn't clean up open files for device assignment
  • BZ - 877303 - virsh snapshot-edit prints garbage with wrong parameters
  • BZ - 878376 - Coverity scan founds some resource leaks and USE_AFTER_FREE
  • BZ - 878400 - virsh pool-destroy should fail with error info when pool is in using
  • BZ - 878779 - domdisplay with --include-password can't display VNC passwor
  • BZ - 878862 - NULL pointer usage when starting guest with broken image chain
  • BZ - 879130 - there is not error message when create external checkpoint with --memspec= (NULL)
  • BZ - 879132 - create external checkpoint sometimes will crash libvirtd
  • BZ - 879360 - Libvirt leaks libvirt_lxc processes on container shutdown
  • BZ - 879473 - net-update may cause libvirtd crash when modify portgroup
  • BZ - 879780 - vol-clone failed to clone LVM volumes
  • BZ - 880064 - [LXC] libvirt_lxc segfaults when staring lxc guest
  • BZ - 880919 - Libvirtd crashed while saving the guest to a nonexistent directory
  • BZ - 881480 - virDomainUpdateDeviceFlags fails when interface type is 'network'
  • BZ - 882915 - virsh doesn't report error if updated data argument for command "schedinfo" is invalid
  • BZ - 883832 - Cannot start VMs after upgrade from 6.3 to libvirt-0.10.2-10
  • BZ - 884650 - Add support for qemu-kvm's BALLOON_CHANGE event to avoid using monitor in virDomainGetXMLDesc
  • BZ - 885081 - Invalid job handling while restarting CPUs when creating external snapshot
  • BZ - 885727 - Libvirt won't parse dnsmasq capabilities when debug logs are enabled
  • BZ - 885838 - improper errors logged when changing the bridge device used by a domain <interface type='bridge'>
  • BZ - 886821 - libvirt-launched dnsmasq listens on localhost when it shouldn't
  • BZ - 886933 - High disk usage when both libvirt and virt-manager are opened
  • BZ - 887187 - [Doc] There are some typos in libvirt manual and formatdomain.html
  • BZ - 888426 - block-copy pivot fails complaining that job is not active
  • BZ - 889319 - support for IFLA_EXT_MASK and RTEXT_FILTER_VF needs to be added to lib
  • BZ - 889407 - snapshot --redefine disk snapshot may cause libvirtd crash
  • BZ - 891653 - Cgroups memory limit are causing the virt to be terminated unexpectedly
  • BZ - 894085 - libvirt: vm pauses after live storage migration
  • BZ - 896403 - delete snapshot which name contain '/' lead to libvirtd crash

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started