(RHSA-2013:1122) Important: rhev-guest-tools-iso security and bug fix update

The rhev-guest-tools-iso package contains tools and drivers. These tools
and drivers are required by supported Windows guest operating systems
when installed as guests on Red Hat Enterprise Virtualization.

An unquoted search path flaw was found in the way the Red Hat Enterprise
Virtualization Application Provisioning Tool (RHEV-APT) service was
installed on Windows. Depending on the permissions of the directories in
the unquoted search path, a local, unprivileged user could use this flaw to
have a binary of their choosing executed with SYSTEM privileges.
(CVE-2013-2176)

This issue was discovered by Jiri Belka of Red Hat.

This update also fixes the following bugs:

• In rare cases the format of the temporary directory location, as returned
  by the Windows operating system, did not match the format expected by the
  RHEV-Tools installer. Consequently, the install or upgrade failed with a
  warning “Upgrade of RHEV-Tools on the Guest should be performed only when
  running on RHEL 6 type Host (RHEV-H or RHEL). Upgrade aborted.” This update
  adds code to handle these exceptional cases, so RHEV-Tools can be
  successfully installed or updated on Windows virtual machines. (BZ#979108)

• This release includes an updated Virtio-Serial driver and SPICE Agent.
  (BZ#986904)

This rhev-guest-tools-iso package also contains a spice-vdagent-win bug fix
update (RHBA-2013:1107):
https://rhn.redhat.com/errata/RHBA-2013-1107.html

All Red Hat Enterprise Virtualization users are advised to upgrade to this
updated rhev-guest-tools-iso package, which resolves these issues.