[Date Prev][Date Next] [Thread Prev][Thread Next]
[RHSA-2016:2577-02] Moderate: libvirt security, bug fix, and enhancement update
- From: bugzilla redhat com
- To: rhsa-announce redhat com, enterprise-watch-list redhat com
- Subject: [RHSA-2016:2577-02] Moderate: libvirt security, bug fix, and enhancement update
- Date: Thu, 3 Nov 2016 08:52:15 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Red Hat Security Advisory
Synopsis: Moderate: libvirt security, bug fix, and enhancement update
Advisory ID: RHSA-2016:2577-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2577.html
Issue date: 2016-11-03
CVE Names: CVE-2015-5160 CVE-2015-5313 CVE-2016-5008
An update for libvirt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
The following packages have been upgraded to a newer upstream version:
libvirt (2.0.0). (BZ#830971, BZ#1286679)
* It was found that the libvirt daemon, when using RBD (RADOS Block
Device), leaked private credentials to the process list. A local attacker
could use this flaw to perform certain privileged operations within the
* A path-traversal flaw was found in the way the libvirt daemon handled
filesystem names for storage volumes. A libvirt user with privileges to
create storage volumes and without privileges to create and modify domains
could possibly use this flaw to escalate their privileges. (CVE-2015-5313)
* It was found that setting a VNC password to an empty string in libvirt
did not disable all access to the VNC server as documented, instead it
allowed access with no authentication required. An attacker could use this
flaw to access a VNC server with an empty VNC password without any
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
After installing the updated packages, libvirtd will be restarted
5. Bugs fixed (https://bugzilla.redhat.com/):
846810 - Automagically iptables rules added by libvirt can't be avoided/disabled
868771 - The virtual size of the vol should not be reduced after wiped
921135 - qemu: could not load kernel ... Permission denied
986365 - using polkit with virsh for non-root access does not work via ssh or locally
997561 - RFE: virsh: provide easy pci-passthrough netdev attach command
1002423 - Libvirt should forbid or remove the duplicate <interface>/<address> subelements in <forward> element of virtual network
1004593 - libvirt should provide a more useful error message when a PCI controller is configured to plug into itself (bus = index)
1004602 - error message need be improved for q35 guest with wrong controller
1025230 - libvirt activate pool with invalid source.
1026136 - Volume download speed is slow
1038888 - [Doc] 3 problems in nwfilter doc
1046833 - Warn users against setting memory hard limit too high when used for mlock or rdma-pin-all
1051350 - Support the readonly attribute for SCSI passthrough devices
1055331 - virDevicePCIAddressParseXML check failed for PCI device 0000:00:00.0
1077068 - Wrong allocation size when create/resize volumes in NFS pool
1097930 - [RFE] Hot Un-Plug CPU - Support dynamic virtual CPU deallocation - libvirt
1103314 - RFE: configure guest NUMA node locality for guest PCI devices
1103845 - glusterfs backend does not support discard (libvirt)
1120053 - Option shareable does not take effect after injecting a cdrom to guest by attach-disk
1134878 - libvirt reports json "backing file" is missing
1139766 - need a non-event way to determine qemu's current offset from utc
1151723 - migration will hang after use migrate with --graphicsuri and guest status will be locked
1159219 - [RFE] Update-device support update startupPolicy option to domain XML
1163091 - pool allocation value too large after volume creation
1166452 - Report better error message for reordered companion controllers
1168453 - Disk should be removed while using no-exist 'file' type volume with startupPolicy='optional'
1180092 - When set/update graphics password to empty, log in guest with spice and vnc show different behaviour
1180486 - [Power KVM] Floppy disk couldn't be detected on PPC64 guest
1195176 - [RFE] add virtio-gpu and virtio-vga support
1196711 - block job status is missing when zero-length copy job is in mirroring phase
1197592 - blockcopy always failed when with option "--pivot"
1209802 - Blockcopy for lun device changes disk type=block to file, however, it's unsupported configuration
1210587 - When libvirt automatically fill up SCSI virtual disk's target address, it doesn't check existing hostdev SCSI device's target address, and this will cause conflict.
1215968 - Libvirt does not generate guest USB addresses
1216281 - Guest show blackscreen after resume the guest which paused by watchdog
1220702 - wrong display of current memory after memory hot-plug
1227880 - update floppy command line options for QEMU's pc-q35-rhel7.2.0+ machine types
1231114 - [RFE] add virtio-input support
1233003 - Manually created LVM is deleted by virsh vol-create-as if it is having the same name
1233115 - Blockcopy always fail when use options "granularity"
1235180 - guest will have broken settings if we cold-unplug a vcpu which included in some domain vcpu sched
1235581 - RFE: Enable the intel-iommu device in QEMU
1240439 - Add multiqueue support for 'direct' interface types.
1243684 - Virsh client doesn't print error message when the connection is reset by server on some ocassion.
1244128 - Setvcpu should inherit the cputune value in cgroups was set before via schedinfo
1244567 - Guest agent should report proper error while guest agent was unreachable and restart libvirtd service
1245476 - error not right when set memtune but get failed
1245525 - libvirt should reject metadata elements not belonging to any namespace
1245647 - CVE-2015-5160 libvirt: Ceph id/key leaked in the process list
1247521 - RFE: libvirt: support multiple volume hosts for gluster volumes
1247987 - volume info has incorrect allocation value for extended partition.
1248277 - no error output when pass a negative number to setvcpus
1249441 - cpu-stats returns error messages with --start <number> (number >=32)
1249981 - iothreadpin will pin one of libvirtd thread with qemu 1.5
1250287 - domfsinfo do not have output in quiet mode
1250331 - Change-media cannot insert if disk source element with startupPolicy
1251461 - libvirt produced ambiguous error message when create disk pool with a block device which has no disk label
1253107 - blkiotune cannot live update <weight> value into domain xml via --weight
1254152 - error should be improved when use some virsh command get failure
1256999 - libvirt shouldn't add extra "auth type" into domain xml when using iscsi volume disk with secret setting.
1257486 - libvirt could have a check to host node during use numatune
1260576 - guest which use big maxmemory will lose track after restart libvirtd
1260749 - RFE: support QXL vram64 parameter
1261432 - net-dhcp-leases should return error when parse invalid mac
1263574 - vpx: Include dcpath output in libvirt XML
1264008 - libvirt take too much time to redefine a guest when set a big iothreads
1265049 - Offline migration failed with memory device when guest is shutoff.
1265114 - Wrong error when call allocPages and specify a 0 page size
1266078 - Audit log entries for hot(un)plugged memory devices are sometimes incorrect
1266982 - libvirt should emit warning/error if vhostuser network device is used, but shared memory is not configured
1267256 - do not crash if a machine config in /etc/libvirt is missing a machine type
1269575 - Guest state "crashed" does not get updated after "virsh reset"
1269715 - Can't start VM with memory modules if memory placement is auto
1270427 - libvirt should escape possible invalid characters.
1270709 - Volume's allocation should be updated automatically while doing virsh vol-wipe
1270715 - Wrong display of numatune result if guest use numad advise
1271069 - Change media fail with virtio scsi cdrom when tray is open
1271107 - The vaule of Used memory in 'virsh dominfo' is 0 when the guest is shut off
1272301 - virsh client crash when pass an empty string to dump option format
1273480 - ppc64le: VFIO doesn't work for small guests (1 GiB)
1273491 - VM with attached VFIO device is powered off when trying to hotplug increase memory of VM.
1273686 - libvirt do not check the if the serial type is changed during migrate/save
1275039 - internal error: Invalid or not yet handled value 'emptyBackingString' for VMX entry 'ide1:0.fileName' for device type 'cdrom-image'
1276198 - Fail to create pool with a virtual HBA in NPIV
1277121 - CVE-2015-5313 libvirt: filesystem storage volume names path traversal flaw
1277781 - Libvirtd segment fault when create and destroy a fc_host pool with a short pause
1278068 - cannot start virtual machine after renaming it
1278404 - error "unsupported migration cookie feature memory-hotplug" is reported despite migration working
1278421 - Cannot PXE boot using VF devices
1278727 - "virsh domjobinfo" hangs on destination host during migration.
1281706 - virsh domcontrol will show different result to a inactive guest
1281707 - some virsh cmd get failure without set error message
1281710 - It's better support to delete snapshots for rbd volume
1282288 - Unable to set permission when a volume is created in root squash netfs pool
1282744 - Actual downtime - Sometimes libvirt doesn't report 'downtime_net' in jobStats while migrating VM/s
1282846 - libvirt can not start a VM with non-ACSII or long names: Invalid machine name (from systemd)
1283085 - Creating external disk snapshot for a guest which has two disks with the same prefix name，the disks become the same name in xml
1285665 - Fail to valid the guest's xml while set the graphical listen as ipv6 address which end with "::" on rhel7
1286679 - Rebase libvirt to current upstream release
1288000 - Virsh lacks support for the scale (MiB/s OR Bytes/s) for block job bandwidth
1288690 - Error message misleads users when 2 or more IDE controllers are configured
1289288 - Live Migration dynamic cpu throttling for auto-convergence (libvirt)
1289363 - 59-character name-length limitation when creating VMs
1289391 - Libvirt incorrectly unplug the backend when host device frontent hotplug fails
1290324 - libvirt should forbid set current cpu is 0 in xml
1293241 - libvirt should forbid set 0,^0 in cpuset instead of generate a xml which have broken settings
1293804 - libvirt fails to unlink the image disks after creating VMs using virt-install: cannot unlink file 'FOO': Success
1293899 - Libvirt mishandle the internal snapshot with AHCI device
1294617 - Migration fails with -dname option when guest agent is specified
1297020 - ppc64 guests default to legacy -usb option instead of -device pci-ohci
1297690 - XML-RPC error : Cannot write data: Transport endpoint is not connected
1298065 - The size of raw image is incorect after clone without --nonsparse
1299696 - Set spice graphic port to '-1', the port allocated to the guest can't be used again after the guest is managedsaved or shutoff.
1301021 - RFE: add support for LUKS disk encryption format driver w/ RBD, iSCSI, and qcow2
1302373 - libvirt_driver_qemu.so references libvirt_driver_storage.so
1305922 - Set cgroup device ACLs to allow block device for NVRAM backing store
1306556 - [RFE] Allow specifying cpu pinning for inactive vcpus
1308317 - libvirt check the wrong cpu placement status when change the emulator/iothreadpin configuration
1312188 - virtlogd failed to open guest log file while doing migration
1313264 - direct interface with multiqueue enabled donesn't support hotplugging
1313314 - libvirt will not override a target name with prefix of 'vif' in guest's xml interface part, which do not conform to the description in libvirt.org
1313627 - Fail to restore vm with usb keyboard config on ppc64le
1314594 - Libvirt should reject to rename a domain in saved status.
1315059 - improve the error when undefine transient network
1316371 - libvirt auto remove the vcpupin config when cold-unplug vcpu
1316384 - libvirt report wrong error when parse vcpupin info
1316420 - libvirtd crashed if set vcpusched vcpus over maxvcpu
1316433 - cmd domstats cause libvirtd memleak
1316465 - active virtual network based on linux bridge will becase inactive after libvirtd restart
1317531 - libvirt does not report PCI_HEADER_TYPE in node device XML
1318569 - Eject cdrom fails since tray is locked but next try succeeds
1318993 - vol-create-from failed for logical pool
1319044 - log error when <bandwidth> requested on a <interface type='hostdev'>
1320447 - [RFE] Report memory hotunplug failure
1320470 - Migrating guest with default guest agent socket path from 1.3.x to 1.2.17 failed
1320500 - migration from RHEL6.8 to RHEL7.3 host failed with error "Unsupported migration cookie feature persistent"
1320836 - when vol-create-as a volume with invalid name in a disk pool, libvirt produced error, but parted still created a partition and multipathd didn't generate symbolic link in /dev/mapper
1320893 - libvirt-python: rename a domain with empty string will make it disappear
1321546 - libvirt fails to create a macvtap deivce if an attempted name was already created by some process other than libvirt
1322210 - Fail to hotplug guest agent with libvirt-1.3.2-1.el7
1323085 - generate bootindex even when <bootmenu enable='yes'/> is specified
1324551 - Hotplug of memory/rng device fails after unplugging device of the same type that is not last
1324757 - libvirtd crashed if destroy then start a guest which have redirdev device
1325043 - libvirt forget free priv->machineName when clear guest resource
1325072 - "virtlogd --verbose" doesn't output verbose messages
1325075 - The old logging way(file) is used when no qemu.conf file exists
1325080 - Virtlogd doesn't release client resource after guest restore from a saved file.
1325757 - virsh create fails if <video> element is not set in XML
1325996 - new NSS module for host name translation of domains managed by libvirt
1326270 - Migration failed when setting vnc_auto_unix_socket = 1
1326660 - Update-device fail to update floppy with an unknown error
1327499 - guest have broken settings after use setvcpus --maximum to make vcpu number < vcpu number in numa
1327537 - RFE: support -acpitable
1328003 - disk source format is not properly set for disk type='volume'
1328301 - update floppy device with readonly element report cannot modify snapshot error
1328401 - watchdog's action moved to 'pause' automatically when start a guest with watchdog's action setting to 'dump'
1329041 - blkdeviotune should limit the maximum to some sensible number
1329045 - Guest got killed when restart libvirtd if guest has cmt event enabled but host doesn't support CMT
1329046 - "virsh perf $guest --enable '' " has memory leak.
1329819 - virsh nodecpumap --pretty shows wrong result on machine with many cores
1331228 - No error messages for cpu-stats with --start option.
1332446 - "virsh domdisplay" recognizes 0.0.0.0 as localhost
1332705 - libvirt is incompatible with qemu-rhev-2.6 with empty CDROM drive
1332854 - <vcpu max='...'/> in domacapabilities should take KVM limits into account
1333248 - Libvirt rejects object name starting with '.'
1333404 - libvirtd allows SSLv3 connections and poor ciphers
1334237 - Dump a guest with long domain name by watchdog failed
1335617 - print generic error to user if qemu fails without printing any error
1337073 - virDomainGetControlInfo hangs after random time with unresponsive storage
1337490 - Hot-plugs into root-port and downstream-port fail
1337869 - Libguestfs could not create appliance through libvirt on aarch64 because libvirt doesn't support dmi-to-pci-bridge (i82801b11-bridge) controller
1339900 - Tiny issue: PCI controller's index cannot be = bus
1340976 - Sometimes guest OS paused after managedsave&start.
1341415 - 'virsh event' can not capture disk-change events
1341460 - update dns settings in network by net-update will not take effect immediately
1342342 - RHEL Doc error about S3/S4 operations for guest
1342874 - Owner and SElinux context cannot be restored after hot-unplug USB Host device
1342962 - libvirt limits chassisNr for pci bridge to between 0 and 255, however, qemu does not support chassis_nr=0
1343442 - The default value of 'max_anonymous_clients' is not correct
1344892 - memory section in domxml stay unchanged after memory hot-unplug
1345743 - SASL authentication failed to create client context when connecting to libvirt daemon
1346723 - some bugs in function which used to parse perf event xml element
1346724 - cannot pool-define/create mpath pool
1346730 - libvirt will enable perf event which user want disable it
1347642 - Enable /dev/urandom as source of entropy for virtio-rng
1350688 - libvirtd crashes after qemu-attach in qemuDomainPerfRestart()
1350772 - Memory locking is not required for non-KVM ppc64 guests
1351057 - lxc: when undefine a vm first, cannot destroy it successfully.
1351473 - "virsh blkiotune" causes libvirtd crash
1351514 - CVE-2016-5008 libvirt: Setting empty VNC password allows access to unauthorized users
1354238 - auto_dump_path setting in the qemu.conf not work
1356436 - cannot pool-create iscsi pool because cannot successfully login iscsi target
1356461 - Failed "virsh connect" return 0.
1356858 - The default uri should be libvirtd:///session in non-root session
1356937 - libvit should support set IOthread quota into cgroup
1357346 - libvirtd memory leak when guest has hostdev element
1357363 - Some environment variables don't take effect for virt-admin
1357364 - The uri_aliases setting in libvirt-admin.conf doesn't take effect.
1357776 - Service is not re-enabled when increasing max_clients limit after it has been reached.
1357924 - Incorrect memory virtualization in lxc driver
1358712 - pci-expander-bus should only connect to pci-root, and pcie-expander-bus should only connect to pcie-root
1358728 - Migration failed when the secondary video devices have different ram/vram sizes.
1359071 - the result of change-media --eject is different from the result in guest
1361172 - Disallow to attach upstream port to pxb-pcie if root-port is not attached to pxb-pcie
1361948 - SASL info is missing in the output of "virt-admin client-info"
1362349 - Persistent fs pool is undefined after startup fails
1363627 - Provide proper error messages when hot-plugging devices into a not hot-pluggable pci controller
1363636 - Libvirtd crashes when using vol-create-from to create a raw vol and using a qcow2 vol as source
1363648 - Add support to attach dmi-to-pci-bridge (i82801b11-bridge) into pxb-pcie
1363773 - libvirtd crashed when use virt-install to create a lxc container
1365004 - Regenerate docs while building downstream package
1365500 - CPU feature cmt not found with 2.0.0-1
1365903 - virt-admin reports a message indicating success when it fails to connect
1366097 - some memory leak in qemuDomainAssignAddresses
1366119 - Screenshot does not work with qxl video model type.
1366484 - libvirt report unknown error when iothreadsched point to not exist iothread
1366611 - Core dumped when do secret-get-value
1366989 - Increase the queue size to the max allowed, 1024.
1367130 - USB address referencing a non-existent hub crashes libvirtd
1367259 - libvirt SIGSEGV when hot-plug a disk with luks encryption
1367260 - key mismatched in http protocol of json backing format
1367269 - The uri_default in libvirt-admin.conf doesn't take effect
1368774 - libvirt changes the guest xml on target host even if migration failed
1370066 - Use setvcpus to change maximum vcpu number will make guest have broken settings
1372251 - libvirt wrongly convert json to xml when attaching json glusterfs backing images
1374613 - Migration fails with "info migration reply was missing return status" when storage insufficient on target
1375783 - [ppc64] vm config with hotplugable vcpus gets broken after libvirtd restart
1377212 - libvirt: SCSI: hostdev / controller host-plug related fixes
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Red Hat Enterprise Linux Client Optional (v. 7):
Red Hat Enterprise Linux ComputeNode (v. 7):
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Red Hat Enterprise Linux Server (v. 7):
Red Hat Enterprise Linux Server Optional (v. 7):
Red Hat Enterprise Linux Workstation (v. 7):
Red Hat Enterprise Linux Workstation Optional (v. 7):
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
The Red Hat security contact is <secalert redhat com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]