(RHSA-2013:1155) Moderate: rhev 3.2.2 - vdsm security and bug fix update

ID RHSA-2013:1155
Type redhat
Reporter RedHat
Modified 2017-03-03T16:47:34


VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.

It was found that the fix for CVE-2013-0167 released via RHSA-2013:0886 was incomplete. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-4236)

This issue was found by David Gibson of Red Hat.

This update also fixes the following bugs:

  • Previously, failure to move a disk produced a 'truesize' exit message, which was not informative. Now, failure to move a disk produces a more helpful error message explaining that the volume is corrupted or missing. (BZ#985556)

  • The LVM filter has been updated to only access physical volumes by full /dev/mapper paths in order to improve performance. This replaces the previous behavior of scanning all devices including logical volumes on physical volumes. (BZ#983599)

  • The log collector now collects /var/log/sanlock.log from Hypervisors, to assist in debugging sanlock errors. (BZ#987042)

  • When the poollist parameter was not defined, dumpStorageTable crashed, causing SOS report generation to fail with the error 'IndexError: list index out of range'. VDSM now handles this exception, so the log collector can generate host SOS reports. (BZ#985069)

  • Previously, VDSM used the memAvailable parameter to report available memory on a host, which could return negative values if memory overcommitment was in use. Now, the new memFree parameter returns the actual amount of free memory on a host. (BZ#982639)

All users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.