libvirt (SL6)

Synopsis: Moderate: libvirt security and bug fix update
Advisory ID: SLSA-2014:1873-1
Issue Date: 2014-11-18
CVE Numbers: CVE-2014-3633
CVE-2014-3657
CVE-2014-7823

An out-of-bounds read flaw was found in the way libvirt’s
qemuDomainGetBlockIoTune() function looked up the disk index in a non-
persistent (live) disk configuration while a persistent disk configuration
was being indexed. A remote attacker able to establish a read-only
connection to libvirtd could use this flaw to crash libvirtd or,
potentially, leak memory from the libvirtd process. (CVE-2014-3633)

A denial of service flaw was found in the way libvirt’s
virConnectListAllDomains() function computed the number of used domains. A
remote attacker able to establish a read-only connection to libvirtd could
use this flaw to make any domain operations within libvirt unresponsive.
(CVE-2014-3657)

It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the
QEMU driver implementation of the virDomainGetXMLDesc() function could
bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote
attacker able to establish a read-only connection to libvirtd could use
this flaw to leak certain limited information from the domain XML data.
(CVE-2014-7823)

This update also fixes the following bug:

When dumping migratable XML configuration of a domain, libvirt removes
some automatically added devices for compatibility with older libvirt
releases. If such XML is passed to libvirt as a domain XML that should be
used during migration, libvirt checks this XML for compatibility with the
internally stored configuration of the domain. However, prior to this
update, these checks failed because of devices that were missing (the same
devices libvirt removed). As a consequence, migration with user-supplied
migratable XML failed. Since this feature is used by OpenStack, migrating
QEMU/KVM domains with OpenStack always failed. With this update, before
checking domain configurations for compatibility, libvirt transforms both
user-supplied and internal configuration into a migratable form
(automatically added devices are removed) and checks those instead. Thus,
no matter whether the user-supplied configuration was generated as
migratable or not, libvirt does not err about missing devices, and
migration succeeds as expected.

After installing the updated packages, libvirtd will be restarted
automatically.

SL6
x86_64
libvirt-0.10.2-46.el6_6.2.x86_64.rpm
libvirt-client-0.10.2-46.el6_6.2.i686.rpm
libvirt-client-0.10.2-46.el6_6.2.x86_64.rpm
libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm
libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm
libvirt-python-0.10.2-46.el6_6.2.x86_64.rpm
libvirt-devel-0.10.2-46.el6_6.2.i686.rpm
libvirt-devel-0.10.2-46.el6_6.2.x86_64.rpm
libvirt-lock-sanlock-0.10.2-46.el6_6.2.x86_64.rpm
i386
libvirt-0.10.2-46.el6_6.2.i686.rpm
libvirt-client-0.10.2-46.el6_6.2.i686.rpm
libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm
libvirt-python-0.10.2-46.el6_6.2.i686.rpm
libvirt-devel-0.10.2-46.el6_6.2.i686.rpm

– Scientific Linux Development Team