RHEL 6 : rhev 3.2.2 - vdsm (RHSA-2013:1155)

Low Nessus Plugin ID 78968


The remote Red Hat host is missing one or more security updates.


Updated vdsm packages that fix one security issue and various bugs are now available.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

[Updated 21 August 2013] The packages list in this erratum has been updated to include missing packages for the 'Red Hat Enterprise Virt Management Agent (v 6 x86_64)' channel (also known as 'rhel-x86_64-rhev-mgmt-agent-6'). No changes have been made to the original packages.

VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.

It was found that the fix for CVE-2013-0167 released via RHSA-2013:0886 was incomplete. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-4236)

This issue was found by David Gibson of Red Hat.

This update also fixes the following bugs :

* Previously, failure to move a disk produced a 'truesize' exit message, which was not informative. Now, failure to move a disk produces a more helpful error message explaining that the volume is corrupted or missing. (BZ#985556)

* The LVM filter has been updated to only access physical volumes by full /dev/mapper paths in order to improve performance. This replaces the previous behavior of scanning all devices including logical volumes on physical volumes. (BZ#983599)

* The log collector now collects /var/log/sanlock.log from Hypervisors, to assist in debugging sanlock errors. (BZ#987042)

* When the poollist parameter was not defined, dumpStorageTable crashed, causing SOS report generation to fail with the error 'IndexError: list index out of range'. VDSM now handles this exception, so the log collector can generate host SOS reports.

* Previously, VDSM used the memAvailable parameter to report available memory on a host, which could return negative values if memory overcommitment was in use. Now, the new memFree parameter returns the actual amount of free memory on a host. (BZ#982639)

All users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.


Update the affected packages.

See Also




Plugin Details

Severity: Low

ID: 78968

File Name: redhat-RHSA-2013-1155.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2014/11/08

Modified: 2017/01/05

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:vdsm, p-cpe:/a:redhat:enterprise_linux:vdsm-bootstrap, p-cpe:/a:redhat:enterprise_linux:vdsm-cli, p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo, p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd, p-cpe:/a:redhat:enterprise_linux:vdsm-python, p-cpe:/a:redhat:enterprise_linux:vdsm-reg, p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2013/08/21

Reference Information

CVE: CVE-2013-4236

RHSA: 2013:1155