RHEL 6 : rhev 3.2.2 - vdsm (RHSA-2013:1155)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated vdsm packages that fix one security issue and various bugs are
now available.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

[Updated 21 August 2013] The packages list in this erratum has been
updated to include missing packages for the 'Red Hat Enterprise Virt
Management Agent (v 6 x86_64)' channel (also known as
'rhel-x86_64-rhev-mgmt-agent-6'). No changes have been made to the
original packages.

VDSM is a management module that serves as a Red Hat Enterprise
Virtualization Manager agent on Red Hat Enterprise Virtualization
Hypervisor or Red Hat Enterprise Linux hosts.

It was found that the fix for CVE-2013-0167 released via
RHSA-2013:0886 was incomplete. A privileged guest user could
potentially use this flaw to make the host the guest is running on
unavailable to the management server. (CVE-2013-4236)

This issue was found by David Gibson of Red Hat.

This update also fixes the following bugs :

* Previously, failure to move a disk produced a 'truesize' exit
message, which was not informative. Now, failure to move a disk
produces a more helpful error message explaining that the volume is
corrupted or missing. (BZ#985556)

* The LVM filter has been updated to only access physical volumes by
full /dev/mapper paths in order to improve performance. This replaces
the previous behavior of scanning all devices including logical
volumes on physical volumes. (BZ#983599)

* The log collector now collects /var/log/sanlock.log from
Hypervisors, to assist in debugging sanlock errors. (BZ#987042)

* When the poollist parameter was not defined, dumpStorageTable
crashed, causing SOS report generation to fail with the error
'IndexError: list index out of range'. VDSM now handles this
exception, so the log collector can generate host SOS reports.
(BZ#985069)

* Previously, VDSM used the memAvailable parameter to report available
memory on a host, which could return negative values if memory
overcommitment was in use. Now, the new memFree parameter returns the
actual amount of free memory on a host. (BZ#982639)

All users managing Red Hat Enterprise Linux Virtualization hosts using
Red Hat Enterprise Virtualization Manager are advised to install these
updated packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise
Virtualization Hypervisor in the next rhev-hypervisor6 errata package.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4236.html
https://rhn.redhat.com/errata/RHSA-2013-0886.html
http://rhn.redhat.com/errata/RHSA-2013-1155.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.7
(CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 78968 ()

Bugtraq ID:

CVE ID: CVE-2013-4236

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now