Synopsis
Low: virt-manager security, bug fix, and enhancement update
Type/Severity
Security Advisory: Low
Topic
An update for virt-manager is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Machine Manager (virt-manager) is a graphical tool for administering virtual machines for KVM, Xen, and Linux Containers (LXC). The virt-manager utility uses the libvirt API and can start, stop, add or remove virtualized devices, connect to a graphical or serial console, and view resource usage statistics for existing virtualized guests on local or remote machines.
The following packages have been upgraded to a later upstream version: virt-manager (2.2.1). (BZ#1727881)
Security Fix(es):
- virt-install: unattended option leaks password via command line argument (CVE-2019-10183)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 1599139 - RFE: Support genid in virt-manager
- BZ - 1659354 - video devices should be removeable when vm has more than one video devices
- BZ - 1660123 - No spice channel is added for Windows guests
- BZ - 1660467 - Can create a new vm with the MAC address in use on rhel8.0
- BZ - 1661867 - Cannot add a new virtual network: SR-IOV VF pool on rhel8
- BZ - 1666597 - Cannot enable or disable system tray icon
- BZ - 1667025 - Cannot modify guest's name on uefi firmware when creating new vm on rhel 8
- BZ - 1671599 - 'Allocation' under Storage volume quota for qcow2 format volume is redundant
- BZ - 1679018 - RuntimeError: Path does not exist: /var/lib/libvirt/qemu/nvram/test_VARS.fd
- BZ - 1683609 - [RFE] virt-install should add input devices when graphics are enabled
- BZ - 1690685 - Fail to force clone an empty cdrom device
- BZ - 1690687 - Fail to update graphic listen type by virt-xml
- BZ - 1692489 - virt-install fails with "Storage pool not found: no storage pool with matching name 'default'"
- BZ - 1700354 - warn if use of secboot UEFI will overwrite machine to q35
- BZ - 1707379 - virt-install with --sysinfo type=random-string silently defaults to smbios
- BZ - 1709857 - RFE - Ability to add IBPB feature policy to mitigate Spectre v2 for VM guests
- BZ - 1714304 - virt-install --os-variant rhel7 causes stack trace
- BZ - 1718065 - Drop virt-convert from rhel8
- BZ - 1722820 - missing gtksourceview3 dependency
- BZ - 1724287 - Using --wait 0 option in virt-install will return with exit code 1
- BZ - 1726232 - CVE-2019-10183 virt-install: unattended option leaks password via command line argument
- BZ - 1727811 - WARNING Changing machine type from '%s' to 'q35' which is required for UEFI secure boot
- BZ - 1727881 - Rebase virt-manager to current upstream release
- BZ - 1741846 - virt-install man page typo issue for "--launchSecurity" option
CVEs
References
Vulmon