Red Hat Local Security Checks : RedHat Update for libvirt RHSA-2015:0323-01

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.871325

Category: Red Hat Local Security Checks

Title: RedHat Update for libvirt RHSA-2015:0323-01

Summary: The remote host is missing an update for the 'libvirt'; package(s) announced via the referenced advisory.

Description: Summary:
The remote host is missing an update for the 'libvirt'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.

It was found that QEMU's qemuDomainMigratePerform() and
qemuDomainMigrateFinish2() functions did not correctly perform a domain
unlock on a failed ACL check. A remote attacker able to establish a
connection to libvirtd could use this flaw to lock a domain of a more
privileged user, causing a denial of service. (CVE-2014-8136)

It was discovered that the virDomainSnapshotGetXMLDesc() and
virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the
usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were
enabled. A remote attacker able to establish a connection to libvirtd could
use this flaw to obtain certain sensitive information from the domain XML
file. (CVE-2015-0236)

The CVE-2015-0236 issue was found by Luyao Huang of Red Hat.

Bug fixes:

* The libvirtd daemon previously attempted to search for SELinux contexts
even when SELinux was disabled on the host. Consequently, libvirtd logged
'Unable to lookup SELinux process context' error messages every time a
client connected to libvirtd and SELinux was disabled. libvirtd now
verifies whether SELinux is enabled before searching for SELinux contexts,
and no longer logs the error messages on a host with SELinux disabled.
(BZ#1135155)

* The libvirt utility passed incomplete PCI addresses to QEMU.
Consequently, assigning a PCI device that had a PCI address with a non-zero
domain to a guest failed. Now, libvirt properly passes PCI domain to QEMU
when assigning PCI devices, which prevents the described problem.
(BZ#1127080)

* Because the virDomainSetMaxMemory API did not allow changing the current
memory in the LXC driver, the 'virsh setmaxmem' command failed when
attempting to set the maximum memory to be lower than the current memory.
Now, 'virsh setmaxmem' sets the current memory to the intended value of the
maximum memory, which avoids the mentioned problem. (BZ#1091132)

* Attempting to start a non-existent domain caused network filters to stay
locked for read-only access. Because of this, subsequent attempts to gain
read-write access to network filters triggered a deadlock. Network filters
are now properly unlocked in the described scenario, and the deadlock no
longer occurs. (BZ#1088864)

* If a guest configuration had an active nwfilter using the DHCP snooping
feature and an attempt was made to terminate libvirtd before the associated
nwfilter rule snooped the guest IP address from DHCP packets, libvirtd
became unresponsive. This problem has been fixed by se ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
libvirt on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-8136
61111
http://secunia.com/advisories/61111
MDVSA-2015:023
http://www.mandriva.com/security/advisories?name=MDVSA-2015:023
MDVSA-2015:070
http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
RHSA-2015:0323
http://rhn.redhat.com/errata/RHSA-2015-0323.html
USN-2867-1
http://www.ubuntu.com/usn/USN-2867-1
http://advisories.mageia.org/MGASA-2015-0002.html
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d
openSUSE-SU-2015:0006
http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html
openSUSE-SU-2015:0008
http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0236
62766
http://secunia.com/advisories/62766
MDVSA-2015:035
http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
http://advisories.mageia.org/MGASA-2015-0046.html
http://security.libvirt.org/2015/0001.html
openSUSE-SU-2015:0225
http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.871325
Category:	Red Hat Local Security Checks
Title:	RedHat Update for libvirt RHSA-2015:0323-01
Summary:	The remote host is missing an update for the 'libvirt'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the referenced advisory. Vulnerability Insight: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service. (CVE-2014-8136) It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. (CVE-2015-0236) The CVE-2015-0236 issue was found by Luyao Huang of Red Hat. Bug fixes: * The libvirtd daemon previously attempted to search for SELinux contexts even when SELinux was disabled on the host. Consequently, libvirtd logged 'Unable to lookup SELinux process context' error messages every time a client connected to libvirtd and SELinux was disabled. libvirtd now verifies whether SELinux is enabled before searching for SELinux contexts, and no longer logs the error messages on a host with SELinux disabled. (BZ#1135155) * The libvirt utility passed incomplete PCI addresses to QEMU. Consequently, assigning a PCI device that had a PCI address with a non-zero domain to a guest failed. Now, libvirt properly passes PCI domain to QEMU when assigning PCI devices, which prevents the described problem. (BZ#1127080) * Because the virDomainSetMaxMemory API did not allow changing the current memory in the LXC driver, the 'virsh setmaxmem' command failed when attempting to set the maximum memory to be lower than the current memory. Now, 'virsh setmaxmem' sets the current memory to the intended value of the maximum memory, which avoids the mentioned problem. (BZ#1091132) * Attempting to start a non-existent domain caused network filters to stay locked for read-only access. Because of this, subsequent attempts to gain read-write access to network filters triggered a deadlock. Network filters are now properly unlocked in the described scenario, and the deadlock no longer occurs. (BZ#1088864) * If a guest configuration had an active nwfilter using the DHCP snooping feature and an attempt was made to terminate libvirtd before the associated nwfilter rule snooped the guest IP address from DHCP packets, libvirtd became unresponsive. This problem has been fixed by se ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: libvirt on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8136 61111 http://secunia.com/advisories/61111 MDVSA-2015:023 http://www.mandriva.com/security/advisories?name=MDVSA-2015:023 MDVSA-2015:070 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 RHSA-2015:0323 http://rhn.redhat.com/errata/RHSA-2015-0323.html USN-2867-1 http://www.ubuntu.com/usn/USN-2867-1 http://advisories.mageia.org/MGASA-2015-0002.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d openSUSE-SU-2015:0006 http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html openSUSE-SU-2015:0008 http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0236 62766 http://secunia.com/advisories/62766 MDVSA-2015:035 http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 http://advisories.mageia.org/MGASA-2015-0046.html http://security.libvirt.org/2015/0001.html openSUSE-SU-2015:0225 http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
Copyright	Copyright (C) 2015 Greenbone AG