Synopsis
Moderate: libvirt security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for libvirt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.
Security Fix(es):
- libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, libvirtd will be restarted automatically.
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Virtualization 4 for RHEL 7 x86_64
-
Red Hat Gluster Storage Server for On-premise 3.1 for RHEL 7 x86_64
-
Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 1501450 - Race starting multiple libvirtd user sessions at the same time
- BZ - 1558558 - Enhance detection of host CPU model to avoid guesses based on fea.ture list length
- BZ - 1584663 - [RFE] Add functionality to virsh to mount nfs shares using commands like mountvers, nosuid, nodev.
- BZ - 1592737 - Cannot use a xml file with XML declaration as a input of cpu-compare
- BZ - 1594266 - virt-xml-validate validate fails for volume having backing file
- BZ - 1609454 - nwfilter-binding-create succeed on interface which does not exist
- BZ - 1609720 - Starting VM without source configured for pci-serial device caused libvirtd crash
- BZ - 1612943 - Wrong RESUME event after I/O error
- BZ - 1613737 - Allow the inputvol to be encrypted when creating a volume from another volume
- BZ - 1615680 - Improve --adapter-parent-wwnn,--adapter-parent-wwpn and --adapter-parent-fabric-wwn info for pool-define-as in man page
- BZ - 1628469 - libvirt uses incorrect method to detect that KVM is working
- BZ - 1628892 - Permission denied when start guest with egl-headless display
- BZ - 1631606 - Create luks vol failed when give the user access control for storage-vol API
- BZ - 1631622 - guest with an interface referred to nwfilter killed by libvirt when restart libvirtd with access driver enabled
- BZ - 1632711 - [RHEL] VMs on gluster storage domain can't be migrated
- BZ - 1632833 - scsi host device passthrough limits IO writes
- BZ - 1633077 - domxml-to-native should treat --xml as the default option
- BZ - 1633389 - libvirt creating qemu channels with the wrong permissions
- BZ - 1640465 - [RHHI] Hosted Engine migration fails in gluster storage domain
- BZ - 1641702 - check tsc scaling fea-ture of destination host on migration
- BZ - 1647365 - VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY is never used in postcopy migration
- BZ - 1652894 - when create vhba without indicating wwpn/wwnn, libvirt will generate duplicated ones
- BZ - 1656360 - when <shareable/> removed from scsi hostdev xml, related chardev's unpriv_sgio not set back to zero.
- BZ - 1657468 - different behaviors when create storage pool via NPIV in RHEL7.5 and RHEL7.6
- BZ - 1658198 - libvirt sends VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event too soon (before it has finished tearing down the device's resources and objects)
- BZ - 1658406 - mode="host-model" VMs include broken "arch-facilities" flag name [libvirt]
- BZ - 1658652 - Missing librbd1 dependecy for libvirt-daemon-driver-storage-rbd is causing problem with RHEL host upgrade
- BZ - 1660531 - Garbled output on memory locking failure
- BZ - 1663051 - libvirtd encountered sigsegv due to null pointer in virJSONValueObjectHasKey()
- BZ - 1665228 - CVE-2019-3840 libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function
- BZ - 1665474 - libvirt segfaults with vfio-pci hostdev device
- BZ - 1665553 - Unable to migrate VM's using ceph storage - Unsafe migration: Migration without shared storage is unsafe
- BZ - 1669581 - libvirtd crash when hotplug 'block' type 'lun' device disk without 'sgio' setting to guest
- BZ - 1669586 - Cannot passthrough a iscsi lun to vm as a hostdev device
- BZ - 1672957 - [RHEL 7.7] [libvirt] Backport 07c9d6601 ("qemu: use line breaks in command line args written to log")
- BZ - 1683175 - Don't emit a log error message if ovs-vsctl doesn't support a particular statistic type on a vif
- BZ - 1690122 - RFE: backport upstream patches for polling buffers/caches from balloon driver
- BZ - 1690703 - Fails to query domjobinfo when do snapshot
- BZ - 1691358 - Network filters are not honouring explicitly listed parameters for MAC
- BZ - 1692296 - Attaching a device with a taken address succeeds
- BZ - 1703661 - 'cannot set CPU affinity' error when starting guest
- BZ - 1716387 - internal error: Failed to parse bitmap '' when starting guest
- BZ - 1718172 - NULL pointer access in qemuProcessInitCpuAffinity()
CVEs
References
Vulmon