ID CVE-2014-3657
Summary The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
References
Vulnerable Configurations
  • cpe:2.3:a:libvirt:libvirt:1.2.8
    cpe:2.3:a:libvirt:libvirt:1.2.8
  • cpe:2.3:a:libvirt:libvirt:1.2.7
    cpe:2.3:a:libvirt:libvirt:1.2.7
  • cpe:2.3:a:libvirt:libvirt:1.2.6
    cpe:2.3:a:libvirt:libvirt:1.2.6
  • cpe:2.3:a:libvirt:libvirt:1.2.5
    cpe:2.3:a:libvirt:libvirt:1.2.5
  • cpe:2.3:a:libvirt:libvirt:1.2.4
    cpe:2.3:a:libvirt:libvirt:1.2.4
  • cpe:2.3:a:libvirt:libvirt:1.2.3
    cpe:2.3:a:libvirt:libvirt:1.2.3
  • cpe:2.3:a:libvirt:libvirt:1.2.2
    cpe:2.3:a:libvirt:libvirt:1.2.2
  • cpe:2.3:a:libvirt:libvirt:1.2.1
    cpe:2.3:a:libvirt:libvirt:1.2.1
  • cpe:2.3:a:libvirt:libvirt:1.2.0
    cpe:2.3:a:libvirt:libvirt:1.2.0
CVSS
Base: 5.0 (as of 07-10-2014 - 13:56)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141118_LIBVIRT_ON_SL6_X.NASL
    description An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non- persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) This update also fixes the following bug : When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 79331
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79331
    title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1352.NASL
    description Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug : * Prior to this update, libvirt was setting the cpuset.mems parameter for domains with numatune/memory[nodeset] prior to starting them. As a consequence, domains with such a nodeset, which excluded the NUMA node with DMA and DMA32 zones (found in /proc/zoneinfo), could not be started due to failed KVM initialization. With this update, libvirt sets the cpuset.mems parameter after the initialization, and domains with any nodeset (in /numatune/memory) can be started without an error. (BZ#1135871) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 78023
    published 2014-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78023
    title RHEL 7 : libvirt (RHSA-2014:1352)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-585.NASL
    description - CVE-2014-3657: Fix domain deadlock fc22b2e7-CVE-2014-3657.patch bsc#899484 - CVE-2014-3633: Use correct definition when looking up disk in qemu blkiotune 3e745e8f-CVE-2014-3633.patch bsc#897783
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78450
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78450
    title openSUSE Security Update : libvirt (openSUSE-SU-2014:1293-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-195.NASL
    description Multiple vulnerabilities has been discovered and corrected in libvirt : An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633). A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive (CVE-2014-3657). The updated libvirt packages have been upgraded to the 1.1.3.6 version and patched to resolve these security flaws.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78062
    published 2014-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78062
    title Mandriva Linux Security Advisory : libvirt (MDVSA-2014:195)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-115.NASL
    description Updated libvirt packages fix security vulnerabilities : The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc//root and the virInitctlSetRunLevel function (CVE-2013-6456). libvirt was patched to prevent expansion of entities when parsing XML files. This vulnerability allowed malicious users to read arbitrary files or cause a denial of service (CVE-2014-0179). An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633). A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive (CVE-2014-3657). Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file (CVE-2014-7823). The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors (CVE-2014-8136). The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file (CVE-2015-0236).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82368
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82368
    title Mandriva Linux Security Advisory : libvirt (MDVSA-2015:115)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2404-1.NASL
    description Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. (CVE-2014-3657) Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file. (CVE-2014-7823). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 79210
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79210
    title Ubuntu 14.04 LTS / 14.10 : libvirt vulnerabilities (USN-2404-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1873.NASL
    description From Red Hat Security Advisory 2014:1873 : Updated libvirt packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug : When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. (BZ#1155564) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-04
    plugin id 79372
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79372
    title Oracle Linux 6 : libvirt (ELSA-2014-1873)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1873.NASL
    description Updated libvirt packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug : When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. (BZ#1155564) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79329
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79329
    title RHEL 6 : libvirt (RHSA-2014:1873)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1352.NASL
    description Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug : * Prior to this update, libvirt was setting the cpuset.mems parameter for domains with numatune/memory[nodeset] prior to starting them. As a consequence, domains with such a nodeset, which excluded the NUMA node with DMA and DMA32 zones (found in /proc/zoneinfo), could not be started due to failed KVM initialization. With this update, libvirt sets the cpuset.mems parameter after the initialization, and domains with any nodeset (in /numatune/memory) can be started without an error. (BZ#1135871) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78043
    published 2014-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78043
    title CentOS 7 : libvirt (CESA-2014:1352)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15228.NASL
    description - Rebased to version 1.1.3.8 - CVE-2014-3633: out-of-bounds read in blockiotune (bz #1160823) - CVE-2014-3657: Potential deadlock in domain_conf (bz #1160824) - CVE-2014-7823: information leak with migratable flag (bz #1160822) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79397
    published 2014-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79397
    title Fedora 20 : libvirt-1.1.3.8-1.fc20 (2014-15228)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KVM-LIBVIRT-201412-150124.NASL
    description This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm : - Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640) - Fix performance degradation after migration. (bsc#878350) - Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl. (bsc#908381) - Add validate hex properties for qdev. (bsc#852397) - Add boot option to do strict boot (bsc#900084) - Add query-command-line-options QMP command. (bsc#899144) - Fix incorrect return value of migrate_cancel. (bsc#843074) - Fix insufficient parameter validation during ram load. (bsc#905097, CVE-2014-7840) - Fix insufficient blit region checks in qemu/cirrus. (bsc#907805, CVE-2014-8106) libvirt : - Fix security hole with migratable flag in dumpxml. (bsc#904176, CVE-2014-7823) - Fix domain deadlock. (bsc#899484, CVE-2014-3657) - Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633) - Fix undefined symbol when starting virtlockd. (bsc#910145) - Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084) - Add support for 'reboot-timeout' in qemu. (bsc#899144) - Increase QEMU's monitor timeout to 30sec. (bsc#911742) - Allow setting QEMU's migration max downtime any time. (bsc#879665)
    last seen 2019-02-21
    modified 2015-02-24
    plugin id 81481
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81481
    title SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1352.NASL
    description From Red Hat Security Advisory 2014:1352 : Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug : * Prior to this update, libvirt was setting the cpuset.mems parameter for domains with numatune/memory[nodeset] prior to starting them. As a consequence, domains with such a nodeset, which excluded the NUMA node with DMA and DMA32 zones (found in /proc/zoneinfo), could not be started due to failed KVM initialization. With this update, libvirt sets the cpuset.mems parameter after the initialization, and domains with any nodeset (in /numatune/memory) can be started without an error. (BZ#1135871) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 78022
    published 2014-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78022
    title Oracle Linux 7 : libvirt (ELSA-2014-1352)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1873.NASL
    description Updated libvirt packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug : When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. (BZ#1155564) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79338
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79338
    title CentOS 6 : libvirt (CESA-2014:1873)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-586.NASL
    description - CVE-2014-3657: Fix domain deadlock fc22b2e7-CVE-2014-3657.patch bsc#899484 - CVE-2014-3633: Use correct definition when looking up disk in qemu blkiotune 3e745e8f-CVE-2014-3633.patch bsc#897783 - spec: libvirt-daemon package owns /etc/libvirt, not libvirt-client bnc#878056
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78451
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78451
    title openSUSE Security Update : libvirt (openSUSE-SU-2014:1290-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KVM-LIBVIRT-201412-150123.NASL
    description This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm : - Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640) - Fix performance degradation after migration. (bsc#878350) - Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl. (bsc#908381) - Add validate hex properties for qdev. (bsc#852397) - Add boot option to do strict boot (bsc#900084) - Add query-command-line-options QMP command. (bsc#899144) - Fix incorrect return value of migrate_cancel. (bsc#843074) - Fix insufficient parameter validation during ram load. (bsc#905097, CVE-2014-7840) - Fix insufficient blit region checks in qemu/cirrus. (bsc#907805, CVE-2014-8106) libvirt : - Fix security hole with migratable flag in dumpxml. (bsc#904176, CVE-2014-7823) - Fix domain deadlock. (bsc#899484, CVE-2014-3657) - Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633) - Fix undefined symbol when starting virtlockd. (bsc#910145) - Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084) - Add support for 'reboot-timeout' in qemu. (bsc#899144) - Increase QEMU's monitor timeout to 30sec. (bsc#911742) - Allow setting QEMU's migration max downtime any time. (bsc#879665)
    last seen 2019-02-21
    modified 2015-02-24
    plugin id 81480
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81480
    title SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)
redhat via4
advisories
bugzilla
id 1145667
title CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment libvirt is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352005
      • comment libvirt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391006
    • AND
      • comment libvirt-client is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352009
      • comment libvirt-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391010
    • AND
      • comment libvirt-daemon is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352023
      • comment libvirt-daemon is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914016
    • AND
      • comment libvirt-daemon-config-network is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352035
      • comment libvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914008
    • AND
      • comment libvirt-daemon-config-nwfilter is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352031
      • comment libvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914022
    • AND
      • comment libvirt-daemon-driver-interface is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352029
      • comment libvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914028
    • AND
      • comment libvirt-daemon-driver-lxc is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352021
      • comment libvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914026
    • AND
      • comment libvirt-daemon-driver-network is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352013
      • comment libvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914010
    • AND
      • comment libvirt-daemon-driver-nodedev is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352027
      • comment libvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914020
    • AND
      • comment libvirt-daemon-driver-nwfilter is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352025
      • comment libvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914038
    • AND
      • comment libvirt-daemon-driver-qemu is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352043
      • comment libvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914040
    • AND
      • comment libvirt-daemon-driver-secret is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352015
      • comment libvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914012
    • AND
      • comment libvirt-daemon-driver-storage is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352037
      • comment libvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914018
    • AND
      • comment libvirt-daemon-kvm is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352039
      • comment libvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914044
    • AND
      • comment libvirt-daemon-lxc is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352019
      • comment libvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914030
    • AND
      • comment libvirt-devel is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352011
      • comment libvirt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391008
    • AND
      • comment libvirt-docs is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352017
      • comment libvirt-docs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914032
    • AND
      • comment libvirt-lock-sanlock is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352041
      • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120748014
    • AND
      • comment libvirt-login-shell is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352033
      • comment libvirt-login-shell is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140914014
    • AND
      • comment libvirt-python is earlier than 0:1.1.1-29.el7_0.3
        oval oval:com.redhat.rhsa:tst:20141352007
      • comment libvirt-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110391012
rhsa
id RHSA-2014:1352
released 2014-10-01
severity Moderate
title RHSA-2014:1352: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:1.1.1-29.el7_0.3
  • libvirt-client-0:1.1.1-29.el7_0.3
  • libvirt-daemon-0:1.1.1-29.el7_0.3
  • libvirt-daemon-config-network-0:1.1.1-29.el7_0.3
  • libvirt-daemon-config-nwfilter-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-interface-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-lxc-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-network-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-nodedev-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-nwfilter-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-qemu-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-secret-0:1.1.1-29.el7_0.3
  • libvirt-daemon-driver-storage-0:1.1.1-29.el7_0.3
  • libvirt-daemon-kvm-0:1.1.1-29.el7_0.3
  • libvirt-daemon-lxc-0:1.1.1-29.el7_0.3
  • libvirt-devel-0:1.1.1-29.el7_0.3
  • libvirt-docs-0:1.1.1-29.el7_0.3
  • libvirt-lock-sanlock-0:1.1.1-29.el7_0.3
  • libvirt-login-shell-0:1.1.1-29.el7_0.3
  • libvirt-python-0:1.1.1-29.el7_0.3
  • libvirt-0:0.10.2-46.el6_6.2
  • libvirt-client-0:0.10.2-46.el6_6.2
  • libvirt-devel-0:0.10.2-46.el6_6.2
  • libvirt-lock-sanlock-0:0.10.2-46.el6_6.2
  • libvirt-python-0:0.10.2-46.el6_6.2
refmap via4
confirm
secunia
  • 60291
  • 62303
suse
  • openSUSE-SU-2014:1290
  • openSUSE-SU-2014:1293
ubuntu USN-2404-1
Last major update 18-11-2014 - 22:01
Published 06-10-2014 - 10:55
Back to Top