Issued:

2013-06-10

Updated:

2013-06-10

RHSA-2013:0886 - Moderate: rhev 3.2 - vdsm security and bug fix update

Synopsis

Moderate: rhev 3.2 - vdsm security and bug fix update

Type/Severity

Security Advisory Moderate

Topic

Updated vdsm packages that fix one security issue and various bugs are now available.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Description

VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.

A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167)

The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.

This update also fixes various bugs. Refer to the Technical Notes for information about these changes:

This content is not included.https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html

All users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Affected Products

Updated Packages

• vdsm-python-4.10.2-22.0.el6ev.x86_64.rpm
• vdsm-xmlrpc-4.10.2-22.0.el6ev.noarch.rpm
• vdsm-hook-vhostmd-4.10.2-22.0.el6ev.noarch.rpm
• vdsm-cli-4.10.2-22.0.el6ev.noarch.rpm
• vdsm-reg-4.10.2-22.0.el6ev.noarch.rpm
• vdsm-4.10.2-22.0.el6ev.x86_64.rpm
• vdsm-4.10.2-22.0.el6ev.src.rpm
• vdsm-debuginfo-4.10.2-22.0.el6ev.x86_64.rpm

Fixes

• This content is not included.BZ - 834041
• This content is not included.BZ - 852956
• This content is not included.BZ - 861701
• This content is not included.BZ - 871616
• This content is not included.BZ - 873145
• This content is not included.BZ - 875487
• This content is not included.BZ - 875775
• This content is not included.BZ - 878064
• This content is not included.BZ - 879253
• This content is not included.BZ - 880961
• This content is not included.BZ - 881947
• This content is not included.BZ - 882276
• This content is not included.BZ - 882667
• This content is not included.BZ - 883327
• This content is not included.BZ - 883390
• This content is not included.BZ - 885418
• This content is not included.BZ - 890572
• This content is not included.BZ - 890983
• This content is not included.BZ - 893193
• This content is not included.BZ - 893332
• This content is not included.BZ - 895912
• This content is not included.BZ - 905930
• This content is not included.BZ - 910445
• This content is not included.BZ - 911209
• This content is not included.BZ - 911417
• This content is not included.BZ - 912308
• This content is not included.BZ - 915068
• This content is not included.BZ - 917363
• This content is not included.BZ - 918541
• This content is not included.BZ - 918666
• This content is not included.BZ - 919201
• This content is not included.BZ - 919356
• This content is not included.BZ - 920532
• This content is not included.BZ - 920614
• This content is not included.BZ - 920671
• This content is not included.BZ - 920688
• This content is not included.BZ - 922515
• This content is not included.BZ - 923773
• This content is not included.BZ - 923964
• This content is not included.BZ - 925967
• This content is not included.BZ - 925981
• This content is not included.BZ - 927143
• This content is not included.BZ - 928217
• This content is not included.BZ - 928861
• This content is not included.BZ - 947014
• This content is not included.BZ - 948346
• This content is not included.BZ - 948940
• This content is not included.BZ - 949192
• This content is not included.BZ - 951057
• This content is not included.BZ - 955593
• This content is not included.BZ - 956683
• This content is not included.BZ - 962549

CVEs

• CVE-2013-0167

References

• https://access.redhat.com/security/updates/classification/#moderate
• This content is not included.This content is not included.https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.