09 March 2015
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0529 Low: libvirt security, bug fix, and enhancement update 9 March 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libvirt Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-0236 CVE-2014-8136 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2015-0323.html Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running libvirt check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2015:0323-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0323.html Issue date: 2015-03-05 CVE Names: CVE-2014-8136 CVE-2015-0236 ===================================================================== 1. Summary: Updated libvirt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service. (CVE-2014-8136) It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. (CVE-2015-0236) The CVE-2015-0236 issue was found by Luyao Huang of Red Hat. Bug fixes: * The libvirtd daemon previously attempted to search for SELinux contexts even when SELinux was disabled on the host. Consequently, libvirtd logged "Unable to lookup SELinux process context" error messages every time a client connected to libvirtd and SELinux was disabled. libvirtd now verifies whether SELinux is enabled before searching for SELinux contexts, and no longer logs the error messages on a host with SELinux disabled. (BZ#1135155) * The libvirt utility passed incomplete PCI addresses to QEMU. Consequently, assigning a PCI device that had a PCI address with a non-zero domain to a guest failed. Now, libvirt properly passes PCI domain to QEMU when assigning PCI devices, which prevents the described problem. (BZ#1127080) * Because the virDomainSetMaxMemory API did not allow changing the current memory in the LXC driver, the "virsh setmaxmem" command failed when attempting to set the maximum memory to be lower than the current memory. Now, "virsh setmaxmem" sets the current memory to the intended value of the maximum memory, which avoids the mentioned problem. (BZ#1091132) * Attempting to start a non-existent domain caused network filters to stay locked for read-only access. Because of this, subsequent attempts to gain read-write access to network filters triggered a deadlock. Network filters are now properly unlocked in the described scenario, and the deadlock no longer occurs. (BZ#1088864) * If a guest configuration had an active nwfilter using the DHCP snooping feature and an attempt was made to terminate libvirtd before the associated nwfilter rule snooped the guest IP address from DHCP packets, libvirtd became unresponsive. This problem has been fixed by setting a longer wait time for snooping the guest IP address. (BZ#1075543) Enhancements: * A new "migrate_host" option is now available in /etc/libvirt/qemu.conf, which allows users to set a custom IP address to be used for incoming migrations. (BZ#1087671) * With this update, libvirt is able to create a compressed memory-only crash dump of a QEMU domain. This type of crash dump is directly readable by the GNU Debugger and requires significantly less hard disk space than the standard crash dump. (BZ#1035158) * Support for reporting the NUMA node distance of the host has been added to libvirt. This enhances the current libvirt capabilities for reporting NUMA topology of the host, and allows for easier optimization of new domains. (BZ#1086331) * The XML file of guest and host capabilities generated by the "virsh capabilities" command has been enhanced to list the following information, where relevant: the interface speed and link status of the host, the PCI Express (PCIe) details, the host's hardware support for I/O virtualization, and a report on the huge memory pages. (BZ#1076960, BZ#1076957, BZ#1076959, BZ#1076962) These packages also include a number of other bug fixes and enhancements. For additional details, see the "Bugs Fixed" section below. 4. Solution: All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing the updated packages, libvirtd will be restarted automatically. Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 706887 - [TestOnly] qemu truncates JSON numbers >= 0x8000_0000_0000_0000 765733 - Error reporting when qemu terminates unexpectedly is inconsistent and sometimes unhelpful 823535 - Libvirt is sensitive to the order in which the video devices are passed 872628 - List available LXC consoles using container_ttys env variable 874418 - clear the error message when dump a guest with pass-through device 876829 - create external checkpoint snapshot will change the guest pmsuspended state and guest hang forever 877244 - Virsh command will delay a long time if restart libvirtd with many virtual networks running 878394 - virsh iface-dumpxml or virt-manager reports "bond interface misses the bond element" for inactive bond interfaces 880483 - Guest can use inactive macvtap-passthrough network 921094 - Missing auditing for serial, parallel, channel, console and smartcard devices 924853 - blockcopy to cifs fails 956506 - virsh snapshot-delete --children-only bypasses safety check for deleting disk-only children 957293 - support libiscsi for SCSI passthrough devices 963817 - Stable SCSI host addressing 964177 - virConnectDomainEventRTCChangeCallback returns wrong offset 967493 - Lockfailure action Ignore will lead to sanlock rem_lockspace stuck 967494 - Lockfailure action Restart can shutdown the guest but fail to start it 972964 - WWN option for Hot Attaching SCSI Disks 983350 - The running Guest was paused while cancel the migration on the third machine 985782 - Some flag values of method are missing in libvirt-python bindings 985980 - virsh vcpuinfo output is difficult to read with large cpu counts 990418 - Provide option to enable/disable 64-bit PCI hole 991290 - Fail to modify the name attribute of ipv6 dhcp host via virsh net-update 992980 - Separate limits for anonymous and authenticated users 994731 - Documentation for virDomainLookupBy* should mention caller's responsibility to free virDomainPtr 995377 - Domain without autostart can't be resumed by the libvirt-guests script after rebooting the host 997802 - domdisplay should show all URI if config both vnc and spice in guest 999926 - Policy denies libvirtd the permission to relabel unix domain sockets 1006700 - need add "interface" to virt-xml-validate manual page 1007698 - The cpu_shares value of domain xml should be consistent with return value of schedinfo. 1007759 - libvirt should forbid to attach a device with boot order for the first time if the os/boot element exists 1021703 - [RFE] Support for qemu-kvm's "-boot splash_time" parameter 1022874 - In man page of virsh, a typo 'COMMMANDS' displays three times 1023366 - [virsh cmd] Error message is not clear for commands blkiotune and schedinfo 1025407 - autoport='yes' doesn't skip over ports in use with IPv6 1027076 - Fail to start lxc with disabled selinux due to the existed empty /selinux 1029266 - Error message is not clear for command nwfilter-define under non-root user. 1029732 - Libvirt can not update/modify queues value of interface element using update-device command 1032363 - document need to pass image name for block backed disks with --disk-only 1033398 - Nodedev-destroy commands both doc and error message when destroy HBA are not clear 1033704 - domain xml: libvirt should take defaultMode value into account when discarding <channel ... mode='MODE'/> entries 1035128 - Stable guest ABI doesn't check redirected usb device 1035966 - Start autostarted virtual networks in background 1041569 - [NFR] libvirt: Returning the allocation watermark for all the images opened for writing during block-commit 1043735 - virsh command domiftune bound parameter checking error 1046192 - Can't set the timer base as localtime once localtime is used in the variable attribute. 1047818 - VFs can not be listed by net-dumpxml directly after starting the hostdev network 1052114 - guest fail to start with permission denied error when with gluster volume 1056902 - virsh attach-interface/detach-interface mishandles inactive configuration on device hot(un)plug commands 1062142 - live snapshot merge (commit) of the active layer 1064770 - Fail to update floor attribute of QoS using updateDeviceFlags 1066280 - Fail to restore guest from the save file while set the static selinux lable for the guest and set the relabel='no' in the guest's xml 1066894 - Implement for libvirt guest's xml for security label 1067338 - Mem leak while start a guest with a character followed 1069784 - block commit/pull support for disks using libgfapi volumes 1070680 - cpu-stats boundary value problem 1071095 - Libvirt report incorrect error message when parsing invalid value of CTRL_IP_LEARNING in nwfilter 1072141 - "pool-list --type gluster" list other types pool 1072292 - Libvirt report incorrect message when starting domain with nwfilter whose chain priority is greater than its filter rule priority 1072653 - vol-upload should change the volume target format type after uploading a different format file to it 1072677 - Incorrect error message when hot-plugging interface with an inexistence nwfilter 1073368 - [libvirt] can create live snapshot of passthrough device (iSCSI LUN or block device) 1075290 - gluster option is not showed in virsh --version=long 1075299 - Failed to get the vol-name by giving volume path in gluster pool. 1075543 - Libvirt does not terminate when DHCP snooping is being used 1076098 - [RFE] allow setting video ram size (vgamem_mb) for qemu vga cards. 1076725 - libvirt: Multi-node NUMA policy assignment 1076957 - Expose huge pages information through libvirt API 1076959 - Expose host hardware support for I/O virtualization via libvirt API 1076960 - Expose interface speed and link information via API 1076962 - Expose PCIe BW and lane information through API 1076989 - Enable complex memory requirements for virtual machines 1077009 - It shouldn't be permitted to change the uuid of a nwfilter 1077572 - Python setInterfaceParameters function is broken 1078590 - use of tls with libvirt.so can leave zombie processes 1079162 - The guest will be destroyed abnormally while revert the guest's snapshot which took in "pmsuspended" status 1079173 - libvirt can not do vol-download for gluster pool volume 1080859 - [Snapshot Doc] In snapshot-create-as manual page, supported snapshot type should be no, internal and external 1081461 - Dropped guest network connection during migration (before it finished) 1081881 - Fail to start guest with 2 displays mixed with port allocated automatically and fixed port. 1081932 - the return value of API virNodeDevice.listCaps() is not correct 1082124 - RHEL7 libvirt vs older qemu: unable to execute QEMU command 'qom-get': The command qom-get has not been found 1082521 - The sg disk is not really shared within 2 guests 1083345 - The --memspec parameters "snapshot=no" doesn't work when creating internal disk snapshot 1084360 - [doc] Document behavior of --reuse-external (VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT) 1085706 - virsh numatune should forbid to accept int as parameter values 1085769 - [Stroage][vol-clone] Volume was cloned successfully when passing an non-existing pool 1086121 - Improve the error message when failed to restore a guest with a not availabe disk with startupPolicy='optional' 1086704 - Don't allow aio=native without cache=none 1087104 - [Storage][vol-download] virsh cmd vol-download works with option offset and length by passing a negative integer 1088667 - [storage] some volume related virsh commands work when the passed volume is not one volume of the passed pool 1088787 - Libvirt should clean up socket file on destroyed domain with UNIX character device 1088864 - nwfilter deadlock 1088901 - Fail to do external disk-only snapshot when guest use FC storage 1089179 - The error is inaccurate when create snapshot with memspec snapshot=external and diskspec snapshot=no 1091866 - volume is disappered after vol-wipe with logical type pool 1092253 - Improve the error message when blockpull with a wrong base path 1092363 - [RHEL7] Virsh cmd maxvcpus returns 255 for kvm type, but the maximum number of vcpus supported by kvm is 160. 1093127 - RFE: report NUMA node locality for PCI devices 1095035 - [RHEL7][Storage]The "lazy_refcounts" feature was missing in the xml printed by vol-dumpxml for a qcow3 disk in a native gluster pool 1095636 - SELinux prevent qemu from attaching tuntap queues 1097028 - Don't fail starting domain without cpu, cpuset and cpuacct cgroups controllers 1097503 - guest will be paused and can't resume when do external system checkpoint snapshot with wrong compression format 1097677 - libvirt loses track of hotplugged vcpus after daemon restart 1097968 - libvirt-python API baselineCPU doesn't generate exception 1098659 - libvirt binds only to ipv6 1099978 - Maintain relative path to backing file image during live merge (block-commit) 1100769 - blkiotune weight range should be (10, 1000) 1101059 - virsh vcpupin need accurate error message when --vcpu argument is negative 1101510 - no need to require iptables-ipv6 1101731 - Rebase libvirt to current upstream release 1101987 - Libvirt should report error when try to revert guest to external system checkpoint snapshot 1101999 - virt-xml-validate should pass when netfs pool xml with glusterfs backend 1102611 - The running guest will disappear while change the security_driver from "none" to "selinux" 1103245 - libvirt reset rtc interrupt backlog after guest-set-time 1104992 - Guest fail to start while disks use same no-exist source file even though with startupPolicy='optional' 1104993 - Garbage characters show in the output of pool-name with no-exist pool UUID 1105939 - Fail to start guest while disable the default security labeling 1108593 - Libvirtd will crash while start a guest which DAC's seclabel type='none' in guest's xml 1110198 - domblkinfo doesn't work when guest use glusterfs as source 1110212 - The error info is not correct when do blockcommit with --base and --top point to same source 1110673 - typo errors in man page VIRSH(1) 1111044 - capabilities mode hostdev shouldn't be added in KVM 1112939 - libvirt should prompt more readable error message while ide/sata bus disk do not support readonly 1113116 - [RFE] add API to query the stats of multiple VMs at once 1113332 - python bindings for graphics event have wrong value for address type 1113668 - libvirt failed to start a domain with unix+guestfwd channel 1113861 - The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml. 1113868 - domxml-to-native fails for spice graphics with autoport='yes' when spice_tls is disabled 1115898 - [RFE] Add events for cputune and iotune change 1118710 - The error info is not accurate when do vol-wipe with volume based on gluster pool 1119206 - RFE: Multiple virtio-rng devices support 1119215 - Generate the redundant record in guest's xml while configure the same listen address in guest's xm 1119387 - The default behavor of abort block job with pivot flag isn't sync 1119592 - libvirt will report error after use pool-build in Non-root mode(qemu:///session) 1119784 - QMP: extend block events with error information 1121837 - numatune can use nodeset 0,^0 but can't edit xml like this 1121955 - virsh command takes long time to finish after set "log_level = 1" only 1122255 - 'virsh desc $dom blah' doesn't survive libvirtd restart 1122455 - libvirt should refuse to start domain with unsupported/useless min-guarantee element in qemu driver 1122973 - missing pci address for vga devices 1126329 - Libvirt should forbid using relative path to the new overaly snapshot image for external snapshots 1126721 - [Doc] Attribute name vlan-id should be vlanid in nwfilter xml docs 1126909 - Wrong block job type reported for active layer commit 1126991 - [libvirt] expose ivshmem 1128097 - Can't use domiftune --inbound 0 or --outbound 0 to clear inbound or outbound settings for a shut off guest 1128751 - <driver/> isn't always formated as it should be 1129207 - libvirtd will crash after do managedsave the same guest in the same time 1129372 - Failed to start domain with specified cputune after decreasing vcpu number 1129998 - numatune --mode can't work well 1130089 - Possible deadlock when the domain is destroyed on destination during migration 1130379 - [Doc]no manual about metadata command in virsh manual 1131306 - number range should be checked for the 4 new options of blkiotune 1131445 - Could not show process info for migration at once. 1131788 - blkdeviotune should can be used in session mode 1131811 - The iotune element will disappear from the guest's xml while set an invalid value 1131819 - Libvirtd crash while set blkdeviotune with the hotplug disk and specify the --config option 1131876 - The range for blkdeviotune was different in guest's xml and virsh command line 1131897 - virDomainSetMemoryFlags doesn't process flag VIR_DOMAIN_MEM_MAXIMUM for LXC 1132301 - Error msg is not right for option -k and -K against virsh command 1132305 - option -k and -K should point out range of reasonable values against virsh command 1132347 - Libvirt crash after defining/editing macvtap network pool with <address> elements 1134154 - snapshot's race condition 1134454 - pkg-config --libs contains cflags 1135169 - blockcopy job was cancel by "CTRL+C" while it show there still be one block job in background 1135339 - active commit will be cancelled by another commit 1135396 - Honor hugepage settings on UMA guest 1135431 - libvirt should pass "-enable-fips" to QEMU 1135955 - The usage for migrate's option --auto-converge missed in virsh man page 1136736 - Failed to remove libvirt-daemon-1.2.8-1.el7.x86_64 package 1138221 - Fail to managedsave while configure <cpu mode='host-model'> in the guest's xml 1138231 - Report better error when backing chain detection fails 1138487 - one of guest will be shut off when restart libvirtd while disable the default security labeling 1138545 - guest NUMA cannot start when automatic NUMA placement 1139567 - virsh cmd will hang when remove blockcopy file 1140085 - guest interface which use existing bridge source bridge will disappear after libvirtd restart 1140981 - Libvirt should post more accurate error when do blockpull with qemu-kvm 1140984 - sub-element in <disk>...</disk> change after create external disk snapshot 1141209 - Back port selected upstream Coverity resolutions since 1.2.8 1141621 - libvirtd will crashed after hot-plug a virtual NIC to a guest which use qemu-attach connect to libvirtd 1141732 - wrong QMP argument 'id' when detaching iscsi hostdev 1141943 - libvirtd crash when defining scsi storage pool 1142294 - libvirt should report error when failed to use domtime to set a guest time 1142693 - [RFE] Add a qemu resume hook that is able to preprocess the domain XML 1142722 - libvirtd dead while destroy one guest with block disk 1143780 - Deadlock on nwfilter when taking same concurrent jobs 1143955 - libvirtd crashed after running "virsh metadata --remove" command 1144303 - memory leak when starting a domain with cpu mode='host-model' 1144920 - libvirtd crashed after use qemu-monitor-event --regex to a running guest 1144922 - wrong backingStore info after blockpull and destroy/start guest 1145048 - freepages argument has wrong unit and range 1145050 - API virNodeGetFreePages need report specific error when node out of range 1146511 - Updating blkdeviotune for live domain doesn't survive restarting the libvirtd 1146550 - USB Redirection no longer works: Permission Denied 1146837 - Libvirtd crash when defining scsi pool with 'scsi_host' type adapter and parentaddr attribute 1147331 - [migration] Tunnelled migration failed 1147494 - libvirtd crashes when starting a domain with 0 cpu shares 1147584 - save/managedsave doesn't work with host-passthrough 1150322 - libvirt should recognize __com.redhat_change-backing-file for relative path preservation 1150505 - Domain is out of control from libvirt when running some concurrent define/undefine/start/destroy jobs rapidly 1151718 - Permission denied when create external snapshot for guest whose source file based on nfs 1151885 - libvirtd loses track of a running restored guest with host-passthrough cpu 1152382 - [NPIV] The volume in scsi pool appears only after refreshing pool 1155410 - An LXC domain without console dies soon after start 1155441 - forbid NIC offloads change on the fly using update-device 1155458 - libvirt can not save mode='client' of vhostuser interface to domain xml 1156288 - libvirtd crashed on disk snapshot with rdma glusterfs image 1156367 - network using host bridge gets a MAC on libvirt update 1158715 - A memory error report when use domstats 1159227 - lxc domain startup is slow 1159245 - repeated migration with NBD fails 1160084 - domfsfreeze and domfsthaw cannot work well when guest restart 1160212 - libvirt doesn't stop the NBD server after migration 1160565 - Libvirt should check if the parent defined in xml matches the wwn of vHBA when starting pool 1160926 - Destroying 'fc_host' pool the HBA is NOT destroyed when not using 'parent' attribute 1161024 - libvirtd crashes after device hot-unplug crashes qemu 1161124 - small memory leak in migration 1161358 - [ACL] polkit: wrong attribute name 'interface_mac' for network interface in the documentation 1161540 - kvm_init_vcpu failed for cpu hot-plugging in NUMA 1162097 - crash after attempted spice channel hotplug 1162208 - libvirtd occasionally crashes at the end of migration 1162915 - net-event should not report unsuccessful event 1162974 - external disk snapshot with fault glusterfs snapshot xml crash libvirtd 1163463 - use after free in callers of virNetDevLinkDump 1163953 - No way to turn off rdma-pin-all once it was turned on 1164528 - VM with a storage volume that contains a RBD volume in the backing chain fails to start 1166592 - Failed to create logical volume with specified xml 1167145 - networkMigrateStateFiles function does not work on xfs file system due to using unsupported t_type field 1167883 - Report job type in virDomainGetJobInfo 1168866 - "libvirtError: Unable to write to '/sys/fs/cgroup/cpuset/machine.slice/machine-qemu\x2dinstance\x2d00000002.scope/cpuset.mems': Device or resource busy" 1169409 - Libvirt will crash with segfault if you try to set non-existing nwfilter to network interface for live guest 1170484 - guest can not start when setting " vcpu placement='auto' " 1174053 - libvirtd crash when try to cold plug a network iscsi hostdev which guest already have a iscsi hostdev 1174090 - extra space will be added to xml when update a network 1174859 - missing support for -spice disable-agent-file-xfer qemu commandline option 1175234 - virDomainGetSchedulerParameters() fails with Unable to read from '/sys/fs/cgroup/cpu,cpuacct/machine.slice/machine-qemu\x2dMic2.scope/cpu.shares': No such file or directory 1175397 - memdev= option is not supported on rhel6 machine-types 1175668 - Attach a usb disk to guest failed. 1175709 - Unable to start guest with hugepages and strict numa pinning 1176176 - CVE-2014-8136 libvirt: local denial of service in qemu/qemu_driver.c 1177194 - Fail to Migrate with Bridged network, eth + macvtap ,with different interface name on two hosts 1180136 - Memory leak when parsing invalid network XML 1180574 - migration rhel7.1 -> rhel7.0 wont work if you set "ram" < 2*"vgamem" for QXL device 1181052 - update default vgamem size from 8 MiB to 16 MiB 1181157 - libvirtError: argument unsupported: QEMU driver does not support <metadata> element 1181408 - Libvirtd crash while hotplug the guest agent without target type for many times 1182448 - cpu features are not formatted in XML for host-model 1182486 - libvirtd crashed when updating a IPv6 <host> and a IPv4 <host> into a IPv4 <ip> element 1184431 - CVE-2015-0236 libvirt: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libvirt-1.2.8-16.el7.src.rpm x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libvirt-1.2.8-16.el7.src.rpm x86_64: libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libvirt-1.2.8-16.el7.src.rpm ppc64: libvirt-1.2.8-16.el7.ppc64.rpm libvirt-client-1.2.8-16.el7.ppc.rpm libvirt-client-1.2.8-16.el7.ppc64.rpm libvirt-daemon-1.2.8-16.el7.ppc64.rpm libvirt-daemon-config-network-1.2.8-16.el7.ppc64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.ppc64.rpm libvirt-debuginfo-1.2.8-16.el7.ppc.rpm libvirt-debuginfo-1.2.8-16.el7.ppc64.rpm libvirt-devel-1.2.8-16.el7.ppc.rpm libvirt-devel-1.2.8-16.el7.ppc64.rpm libvirt-docs-1.2.8-16.el7.ppc64.rpm s390x: libvirt-1.2.8-16.el7.s390x.rpm libvirt-client-1.2.8-16.el7.s390.rpm libvirt-client-1.2.8-16.el7.s390x.rpm libvirt-daemon-1.2.8-16.el7.s390x.rpm libvirt-daemon-config-network-1.2.8-16.el7.s390x.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-network-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.s390x.rpm libvirt-debuginfo-1.2.8-16.el7.s390.rpm libvirt-debuginfo-1.2.8-16.el7.s390x.rpm libvirt-devel-1.2.8-16.el7.s390.rpm libvirt-devel-1.2.8-16.el7.s390x.rpm libvirt-docs-1.2.8-16.el7.s390x.rpm x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libvirt-daemon-lxc-1.2.8-16.el7.ppc64.rpm libvirt-debuginfo-1.2.8-16.el7.ppc64.rpm libvirt-lock-sanlock-1.2.8-16.el7.ppc64.rpm libvirt-login-shell-1.2.8-16.el7.ppc64.rpm s390x: libvirt-daemon-lxc-1.2.8-16.el7.s390x.rpm libvirt-debuginfo-1.2.8-16.el7.s390x.rpm libvirt-login-shell-1.2.8-16.el7.s390x.rpm x86_64: libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvirt-1.2.8-16.el7.src.rpm x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8136 https://access.redhat.com/security/cve/CVE-2015-0236 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <firstname.lastname@example.org>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU+G2FXlSAg2UNWIIRAt6BAJ0dU65z6s/tiZCo7wJ7woSK/lE/BQCfRIz4 RqgEguJ1FT67e1HVYLzvRdc= =uR7R - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to email@example.com and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVPzlIBLndAQH1ShLAQIhcRAAmu6ZVyX5KJybV2+A02Ock8VAB8wFhOXW QlHMNFfd9bDxRRFtw6OaKFG9beuaHdDt+Ezm7wUJn7JKj69CT1csIM1+G68PDY/I OFkNHQ68Y8Klgx34wAfCjcXW1FnRG+Flh1pJEvGHWpYi06p3pM8D0B07lEelz/pC 8z2BLjA8cDUbGYag2BNrgB3BvAagaWolG/C1GBL36bEV58T6EzDa0hmy1t+MZrHL zdek94V3Yd/kI0inak4J+AupA6F8fGT5vSRRcU6yodZ71ZI2dPodqlHB9cpouAT2 G7nATAe0ZmLHsqt+dzrpPQUu+ZXPUk1xkHbLM3OroV4VzMtztAi6rW0EE3HaOM5C L24YRNnXqCstlAi21Th4S2wh6wDidNBT6Sv5xXwNRSa0ypnGzKlX31kqGyFc5gE8 UJq8dV3Ad2bN2vpSNvKQEZST8rx8Uv2dlACoRtNbBoFTsxU1gd3Mpl6ZmSkXIU2P W9y6t0BL4SfYQoqhlu9qL9CHWtUVsooi6zHERvwNFrKHkNAH6oUuk6wOevSguw9E FVV25hf4wrLnkAqu72ET9dRjSh9m7893VG2/vPQCCWjK86dTOVG3BohEuwV0bejl 8EHBi8bi9/x59KqE1VPmNhSstT49FO+CxAtoQeeslMmWBqDWqB7+ogljkPHmtq5P GWlSiGlnRLw= =JgLJ -----END PGP SIGNATURE-----