Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2013:1155
HistoryAug 13, 2013 - 12:00 a.m.

(RHSA-2013:1155) Moderate: rhev 3.2.2 - vdsm security and bug fix update

2013-08-1300:00:00
access.redhat.com
26

EPSS

0.001

Percentile

20.8%

JSON

VDSM is a management module that serves as a Red Hat Enterprise
Virtualization Manager agent on Red Hat Enterprise Virtualization
Hypervisor or Red Hat Enterprise Linux hosts.

It was found that the fix for CVE-2013-0167 released via RHSA-2013:0886
was incomplete. A privileged guest user could potentially use this flaw to
make the host the guest is running on unavailable to the management
server. (CVE-2013-4236)

This issue was found by David Gibson of Red Hat.

This update also fixes the following bugs:

  • Previously, failure to move a disk produced a ‘truesize’ exit message,
    which was not informative. Now, failure to move a disk produces a more
    helpful error message explaining that the volume is corrupted or missing.
    (BZ#985556)

  • The LVM filter has been updated to only access physical volumes by full
    /dev/mapper paths in order to improve performance. This replaces the
    previous behavior of scanning all devices including logical volumes on
    physical volumes. (BZ#983599)

  • The log collector now collects /var/log/sanlock.log from Hypervisors, to
    assist in debugging sanlock errors. (BZ#987042)

  • When the poollist parameter was not defined, dumpStorageTable crashed,
    causing SOS report generation to fail with the error ‘IndexError: list
    index out of range’. VDSM now handles this exception, so the log collector
    can generate host SOS reports. (BZ#985069)

  • Previously, VDSM used the memAvailable parameter to report available
    memory on a host, which could return negative values if memory
    overcommitment was in use. Now, the new memFree parameter returns the
    actual amount of free memory on a host. (BZ#982639)

All users managing Red Hat Enterprise Linux Virtualization hosts using Red
Hat Enterprise Virtualization Manager are advised to install these updated
packages, which fix these issues.

These updated packages will be provided to users of Red Hat Enterprise
Virtualization Hypervisor in the next rhev-hypervisor6 errata package.

Related

prion 2
nessus 4
nvd 2
cvelist 2
cve 2
redhat 3
prion
prion
Design/Logic Flaw
2013-08-19 23:55:00
Code injection
2013-08-19 23:55:00
nessus
nessus
RHEL 6 : rhev 3.2.2 - vdsm (RHSA-2013:1155)
2014-11-08 00:00:00
RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)
2014-11-08 00:00:00
RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)
2014-11-08 00:00:00
nvd
nvd
CVE-2013-4236
2013-08-19 23:55:08
CVE-2013-0167
2013-08-19 23:55:08
cvelist
cvelist
CVE-2013-4236
2013-08-19 23:00:00
CVE-2013-0167
2013-08-19 23:00:00
cve
cve
CVE-2013-4236
2013-08-19 23:55:08
CVE-2013-0167
2013-08-19 23:55:08
redhat
redhat
(RHSA-2013:0886) Moderate: rhev 3.2 - vdsm security and bug fix update
2013-06-10 00:00:00
(RHSA-2013:1181) Moderate: rhev-hypervisor6 security and bug fix update
2013-08-27 00:00:00
(RHSA-2013:0907) Important: rhev-hypervisor6 security and bug fix update
2013-06-10 00:00:00

EPSS

0.001

Percentile

20.8%

JSON
Related for RHSA-2013:1155
prion2nessus4nvd2cvelist2cve2redhat3