libvirt security update

CentOS Errata and Security Advisory CESA-2015:0323

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.

It was found that QEMU’s qemuDomainMigratePerform() and
qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock
on a failed ACL check. A remote attacker able to establish a connection to
libvirtd could use this flaw to lock a domain of a more privileged user, causing
a denial of service. (CVE-2014-8136)

It was discovered that the virDomainSnapshotGetXMLDesc() and
virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of
the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote
attacker able to establish a connection to libvirtd could use this flaw to
obtain certain sensitive information from the domain XML file. (CVE-2015-0236)

The CVE-2015-0236 issue was found by Luyao Huang of Red Hat.

Bug fixes:

• The libvirtd daemon previously attempted to search for SELinux contexts even
  when SELinux was disabled on the host. Consequently, libvirtd logged “Unable to
  lookup SELinux process context” error messages every time a client connected to
  libvirtd and SELinux was disabled. libvirtd now verifies whether SELinux is
  enabled before searching for SELinux contexts, and no longer logs the error
  messages on a host with SELinux disabled. (BZ#1135155)

• The libvirt utility passed incomplete PCI addresses to QEMU. Consequently,
  assigning a PCI device that had a PCI address with a non-zero domain to a guest
  failed. Now, libvirt properly passes PCI domain to QEMU when assigning PCI
  devices, which prevents the described problem. (BZ#1127080)

• Because the virDomainSetMaxMemory API did not allow changing the current
  memory in the LXC driver, the “virsh setmaxmem” command failed when attempting
  to set the maximum memory to be lower than the current memory. Now, “virsh
  setmaxmem” sets the current memory to the intended value of the maximum memory,
  which avoids the mentioned problem. (BZ#1091132)

• Attempting to start a non-existent domain caused network filters to stay
  locked for read-only access. Because of this, subsequent attempts to gain
  read-write access to network filters triggered a deadlock. Network filters are
  now properly unlocked in the described scenario, and the deadlock no longer
  occurs. (BZ#1088864)

• If a guest configuration had an active nwfilter using the DHCP snooping
  feature and an attempt was made to terminate libvirtd before the associated
  nwfilter rule snooped the guest IP address from DHCP packets, libvirtd became
  unresponsive. This problem has been fixed by setting a longer wait time for
  snooping the guest IP address. (BZ#1075543)

Enhancements:

• A new “migrate_host” option is now available in /etc/libvirt/qemu.conf, which
  allows users to set a custom IP address to be used for incoming migrations.
  (BZ#1087671)

• With this update, libvirt is able to create a compressed memory-only crash
  dump of a QEMU domain. This type of crash dump is directly readable by the GNU
  Debugger and requires significantly less hard disk space than the standard crash
  dump. (BZ#1035158)

• Support for reporting the NUMA node distance of the host has been added to
  libvirt. This enhances the current libvirt capabilities for reporting NUMA
  topology of the host, and allows for easier optimization of new domains.
  (BZ#1086331)

• The XML file of guest and host capabilities generated by the “virsh
  capabilities” command has been enhanced to list the following information, where
  relevant: the interface speed and link status of the host, the PCI Express
  (PCIe) details, the host’s hardware support for I/O virtualization, and a report
  on the huge memory pages. (BZ#1076960, BZ#1076957, BZ#1076959, BZ#1076962)

These packages also include a number of other bug fixes and enhancements. For
additional details, see the “Bugs Fixed” section below.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027933.html

Affected packages:
libvirt
libvirt-client
libvirt-daemon
libvirt-daemon-config-network
libvirt-daemon-config-nwfilter
libvirt-daemon-driver-interface
libvirt-daemon-driver-lxc
libvirt-daemon-driver-network
libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-qemu
libvirt-daemon-driver-secret
libvirt-daemon-driver-storage
libvirt-daemon-kvm
libvirt-daemon-lxc
libvirt-devel
libvirt-docs
libvirt-lock-sanlock
libvirt-login-shell

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:0323