Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-3831 (GCVE-0-2019-3831)
Vulnerability from cvelistv5
Published
2019-03-25 17:12
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831 | Issue Tracking, Patch, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vdsm",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "4.30.9"
}
]
}
],
"datePublic": "2019-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T17:12:10",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vdsm",
"version": {
"version_data": [
{
"version_value": "4.30.9"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3831",
"datePublished": "2019-03-25T17:12:10",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-3831\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-03-25T18:29:00.933\",\"lastModified\":\"2024-11-21T04:42:38.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad en vdsm, desde la versi\u00f3n 4.19 hasta la 4.30.3 y desde la 4.30.5 hasta la 4.30.8.. La funci\u00f3n systemd_run expuesta al usuario del sistema vdsm podr\u00eda ser abusada para ejecutar comandos arbitrarios como root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19\",\"versionEndIncluding\":\"4.30.3\",\"matchCriteriaId\":\"CE133A09-DE61-4AE2-90FD-A24D2E0BD5B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.30.5\",\"versionEndIncluding\":\"4.30.8\",\"matchCriteriaId\":\"859EBC12-485A-4214-8BDA-C0A6205F904F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1986832-44C9-491E-A75D-AAD8FAE683E6\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2019:0458
Vulnerability from csaf_redhat
Published
2019-03-05 11:10
Modified
2025-09-10 14:26
Summary
Red Hat Security Advisory: vdsm security and bug fix update
Notes
Topic
An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.
The following packages have been upgraded to a later upstream version: vdsm (4.20.47). (BZ#1677458)
Security Fix(es):
* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* VDSM attempted to collect OpenStack related information, even on hosts that are not connected to OpenStack, and displayed a repeated error message in the system log. In this release, errors originating from OpenStack related information are not recorded in the system log. As a result, the system log is quieter. (BZ#1673765)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host\u0027s storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.\n\nThe following packages have been upgraded to a later upstream version: vdsm (4.20.47). (BZ#1677458)\n\nSecurity Fix(es):\n\n* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* VDSM attempted to collect OpenStack related information, even on hosts that are not connected to OpenStack, and displayed a repeated error message in the system log. In this release, errors originating from OpenStack related information are not recorded in the system log. As a result, the system log is quieter. (BZ#1673765)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0458",
"url": "https://access.redhat.com/errata/RHSA-2019:0458"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1673765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673765"
},
{
"category": "external",
"summary": "1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0458.json"
}
],
"title": "Red Hat Security Advisory: vdsm security and bug fix update",
"tracking": {
"current_release_date": "2025-09-10T14:26:01+00:00",
"generator": {
"date": "2025-09-10T14:26:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2019:0458",
"initial_release_date": "2019-03-05T11:10:04+00:00",
"revision_history": [
{
"date": "2019-03-05T11:10:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-05T11:10:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T14:26:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-fcoe@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vhostmd@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-yajsonrpc@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-openstacknet@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-common@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-cpuflags@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-client@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-http@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-ethtool-options@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-macspoof@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-localdisk@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-python@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-api@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vmfex-dev@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-nestedvt@4.20.47-1.el7ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-extra-ipv4-addrs@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-checkips@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.20.47-1.el7ev?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.src",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.src",
"product_id": "vdsm-0:4.20.47-1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-extra-ipv4-addrs@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-checkips@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.20.47-1.el7ev?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:10:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0458"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
}
]
}
rhsa-2019_0458
Vulnerability from csaf_redhat
Published
2019-03-05 11:10
Modified
2024-11-15 05:12
Summary
Red Hat Security Advisory: vdsm security and bug fix update
Notes
Topic
An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.
The following packages have been upgraded to a later upstream version: vdsm (4.20.47). (BZ#1677458)
Security Fix(es):
* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* VDSM attempted to collect OpenStack related information, even on hosts that are not connected to OpenStack, and displayed a repeated error message in the system log. In this release, errors originating from OpenStack related information are not recorded in the system log. As a result, the system log is quieter. (BZ#1673765)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host\u0027s storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.\n\nThe following packages have been upgraded to a later upstream version: vdsm (4.20.47). (BZ#1677458)\n\nSecurity Fix(es):\n\n* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* VDSM attempted to collect OpenStack related information, even on hosts that are not connected to OpenStack, and displayed a repeated error message in the system log. In this release, errors originating from OpenStack related information are not recorded in the system log. As a result, the system log is quieter. (BZ#1673765)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0458",
"url": "https://access.redhat.com/errata/RHSA-2019:0458"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1673765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673765"
},
{
"category": "external",
"summary": "1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0458.json"
}
],
"title": "Red Hat Security Advisory: vdsm security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T05:12:00+00:00",
"generator": {
"date": "2024-11-15T05:12:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:0458",
"initial_release_date": "2019-03-05T11:10:04+00:00",
"revision_history": [
{
"date": "2019-03-05T11:10:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-05T11:10:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T05:12:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-fcoe@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vhostmd@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-yajsonrpc@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-openstacknet@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-common@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-cpuflags@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-client@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-http@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-ethtool-options@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-macspoof@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-localdisk@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-python@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-api@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vmfex-dev@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-nestedvt@4.20.47-1.el7ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-extra-ipv4-addrs@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-checkips@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.20.47-1.el7ev?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.src",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.src",
"product_id": "vdsm-0:4.20.47-1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-extra-ipv4-addrs@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-checkips@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.20.47-1.el7ev?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:10:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0458"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
}
]
}
rhba-2019:1965
Vulnerability from csaf_redhat
Published
2019-07-30 10:04
Modified
2025-09-10 13:32
Summary
Red Hat Bug Fix Advisory: vdsm bug fix update
Notes
Topic
Updated vdsm packages that fix one bug are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.
Details
VDSM is a management module that serves as a Red Hat Virtualization Manager agent on Red Hat Virtualization Host or Red Hat Enterprise Linux hosts.
The vdsm package has been upgraded to version 4.30, which provides a number of bug fixes over the previous version. (BZ#1725703)
Users of vdsm package on Red Hat Gluster Storage are advised to upgrade to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated vdsm packages that fix one bug are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": "VDSM is a management module that serves as a Red Hat Virtualization Manager agent on Red Hat Virtualization Host or Red Hat Enterprise Linux hosts.\n\nThe vdsm package has been upgraded to version 4.30, which provides a number of bug fixes over the previous version. (BZ#1725703)\n\nUsers of vdsm package on Red Hat Gluster Storage are advised to upgrade to these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:1965",
"url": "https://access.redhat.com/errata/RHBA-2019:1965"
},
{
"category": "external",
"summary": "1725703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725703"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_1965.json"
}
],
"title": "Red Hat Bug Fix Advisory: vdsm bug fix update",
"tracking": {
"current_release_date": "2025-09-10T13:32:47+00:00",
"generator": {
"date": "2025-09-10T13:32:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHBA-2019:1965",
"initial_release_date": "2019-07-30T10:04:49+00:00",
"revision_history": [
{
"date": "2019-07-30T10:04:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-07-30T10:04:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:32:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product": {
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:server:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_id": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ioprocess@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_id": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product_id": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess-debuginfo@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product": {
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product_id": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease-debuginfo@1.0-7.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "safelease-0:1.0-7.el7ev.x86_64",
"product": {
"name": "safelease-0:1.0-7.el7ev.x86_64",
"product_id": "safelease-0:1.0-7.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease@1.0-7.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ioprocess-0:1.1.2-1.el7ev.src",
"product": {
"name": "ioprocess-0:1.1.2-1.el7ev.src",
"product_id": "ioprocess-0:1.1.2-1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess@1.1.2-1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "safelease-0:1.0-7.el7ev.src",
"product": {
"name": "safelease-0:1.0-7.el7ev.src",
"product_id": "safelease-0:1.0-7.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease@1.0-7.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product_id": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.30.18-1.0.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-yajsonrpc@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-fcoe@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-tests@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-cpuflags@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-common@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-macspoof@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-openstacknet@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-client@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-localdisk@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-ethtool-options@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-qemucmdline@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-http@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-api@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-faqemu@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-python@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vmfex-dev@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-0:1.1.2-1.el7ev.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src"
},
"product_reference": "ioprocess-0:1.1.2-1.el7ev.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-0:1.0-7.el7ev.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src"
},
"product_reference": "safelease-0:1.0-7.el7ev.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-0:1.0-7.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64"
},
"product_reference": "safelease-0:1.0-7.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64"
},
"product_reference": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src"
},
"product_reference": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-07-30T10:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:1965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
}
]
}
rhsa-2019_0457
Vulnerability from csaf_redhat
Published
2019-03-05 11:09
Modified
2024-11-15 08:22
Summary
Red Hat Security Advisory: redhat-virtualization-host security update
Notes
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1678629, BZ#1679414)
Security Fix(es):
* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
* systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)
* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1678629, BZ#1679414)\n\nSecurity Fix(es):\n\n* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)\n\n* systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)\n\n* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0457",
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1665371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665371"
},
{
"category": "external",
"summary": "1667032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667032"
},
{
"category": "external",
"summary": "1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "1677667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677667"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0457.json"
}
],
"title": "Red Hat Security Advisory: redhat-virtualization-host security update",
"tracking": {
"current_release_date": "2024-11-15T08:22:49+00:00",
"generator": {
"date": "2024-11-15T08:22:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:0457",
"initial_release_date": "2019-03-05T11:09:51+00:00",
"revision_history": [
{
"date": "2019-03-05T11:09:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-05T11:09:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:22:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-8.3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-8.3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product": {
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product_id": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20190219.0.el7_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.2-8.3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20190219.0.el7_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src"
},
"product_reference": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Christophe Fergeau"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-3813",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2018-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1665371"
}
],
"notes": [
{
"category": "description",
"text": "Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spice: Off-by-one error in array access in spice/server/memslot.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3813"
},
{
"category": "external",
"summary": "RHBZ#1665371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3813"
}
],
"release_date": "2019-01-28T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spice: Off-by-one error in array access in spice/server/memslot.c"
},
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
},
{
"acknowledgments": [
{
"names": [
"Chris Coulson"
],
"organization": "Ubuntu Security"
}
],
"cve": "CVE-2019-6454",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1667032"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-6454"
},
{
"category": "external",
"summary": "RHBZ#1667032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-6454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6454"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-6454",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6454"
}
],
"release_date": "2019-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash"
}
]
}
RHSA-2019:0457
Vulnerability from csaf_redhat
Published
2019-03-05 11:09
Modified
2025-09-10 14:26
Summary
Red Hat Security Advisory: redhat-virtualization-host security update
Notes
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1678629, BZ#1679414)
Security Fix(es):
* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
* systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)
* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1678629, BZ#1679414)\n\nSecurity Fix(es):\n\n* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)\n\n* systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)\n\n* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0457",
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1665371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665371"
},
{
"category": "external",
"summary": "1667032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667032"
},
{
"category": "external",
"summary": "1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "1677667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677667"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0457.json"
}
],
"title": "Red Hat Security Advisory: redhat-virtualization-host security update",
"tracking": {
"current_release_date": "2025-09-10T14:26:01+00:00",
"generator": {
"date": "2025-09-10T14:26:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2019:0457",
"initial_release_date": "2019-03-05T11:09:51+00:00",
"revision_history": [
{
"date": "2019-03-05T11:09:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-05T11:09:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T14:26:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-8.3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-8.3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product": {
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product_id": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20190219.0.el7_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.2-8.3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20190219.0.el7_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src"
},
"product_reference": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Christophe Fergeau"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-3813",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2018-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1665371"
}
],
"notes": [
{
"category": "description",
"text": "Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spice: Off-by-one error in array access in spice/server/memslot.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3813"
},
{
"category": "external",
"summary": "RHBZ#1665371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3813"
}
],
"release_date": "2019-01-28T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spice: Off-by-one error in array access in spice/server/memslot.c"
},
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
},
{
"acknowledgments": [
{
"names": [
"Chris Coulson"
],
"organization": "Ubuntu Security"
}
],
"cve": "CVE-2019-6454",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1667032"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-6454"
},
{
"category": "external",
"summary": "RHBZ#1667032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-6454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6454"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-6454",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6454"
}
],
"release_date": "2019-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash"
}
]
}
rhsa-2019:0458
Vulnerability from csaf_redhat
Published
2019-03-05 11:10
Modified
2025-09-10 14:26
Summary
Red Hat Security Advisory: vdsm security and bug fix update
Notes
Topic
An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.
The following packages have been upgraded to a later upstream version: vdsm (4.20.47). (BZ#1677458)
Security Fix(es):
* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* VDSM attempted to collect OpenStack related information, even on hosts that are not connected to OpenStack, and displayed a repeated error message in the system log. In this release, errors originating from OpenStack related information are not recorded in the system log. As a result, the system log is quieter. (BZ#1673765)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host\u0027s storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.\n\nThe following packages have been upgraded to a later upstream version: vdsm (4.20.47). (BZ#1677458)\n\nSecurity Fix(es):\n\n* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* VDSM attempted to collect OpenStack related information, even on hosts that are not connected to OpenStack, and displayed a repeated error message in the system log. In this release, errors originating from OpenStack related information are not recorded in the system log. As a result, the system log is quieter. (BZ#1673765)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0458",
"url": "https://access.redhat.com/errata/RHSA-2019:0458"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1673765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673765"
},
{
"category": "external",
"summary": "1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0458.json"
}
],
"title": "Red Hat Security Advisory: vdsm security and bug fix update",
"tracking": {
"current_release_date": "2025-09-10T14:26:01+00:00",
"generator": {
"date": "2025-09-10T14:26:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2019:0458",
"initial_release_date": "2019-03-05T11:10:04+00:00",
"revision_history": [
{
"date": "2019-03-05T11:10:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-05T11:10:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T14:26:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-fcoe@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vhostmd@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-yajsonrpc@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-openstacknet@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-common@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-cpuflags@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-client@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-http@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-ethtool-options@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-macspoof@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-localdisk@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-python@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-api@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vmfex-dev@4.20.47-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product": {
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product_id": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-nestedvt@4.20.47-1.el7ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-extra-ipv4-addrs@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-checkips@4.20.47-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product_id": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.20.47-1.el7ev?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.src",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.src",
"product_id": "vdsm-0:4.20.47-1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-extra-ipv4-addrs@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-checkips@4.20.47-1.el7ev?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product_id": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.20.47-1.el7ev?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-api-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-api-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-client-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-client-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-common-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-common-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-http-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-http-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.20.47-1.el7ev.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le"
},
"product_reference": "vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.20.47-1.el7ev.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64"
},
"product_reference": "vdsm-network-0:4.20.47-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-python-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-python-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
},
"product_reference": "vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:10:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0458"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.src",
"7Server-RHEV-4-Agents-7:vdsm-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-api-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-client-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-common-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-gluster-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-checkips-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-cpuflags-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-ethtool-options-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-hook-fcoe-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-localdisk-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-macspoof-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-nestedvt-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-openstacknet-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vhostmd-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-http-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-jsonrpc-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.ppc64le",
"7Server-RHEV-4-Agents-7:vdsm-network-0:4.20.47-1.el7ev.x86_64",
"7Server-RHEV-4-Agents-7:vdsm-python-0:4.20.47-1.el7ev.noarch",
"7Server-RHEV-4-Agents-7:vdsm-yajsonrpc-0:4.20.47-1.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
}
]
}
rhba-2019_1965
Vulnerability from csaf_redhat
Published
2019-07-30 10:04
Modified
2024-11-15 05:12
Summary
Red Hat Bug Fix Advisory: vdsm bug fix update
Notes
Topic
Updated vdsm packages that fix one bug are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.
Details
VDSM is a management module that serves as a Red Hat Virtualization Manager agent on Red Hat Virtualization Host or Red Hat Enterprise Linux hosts.
The vdsm package has been upgraded to version 4.30, which provides a number of bug fixes over the previous version. (BZ#1725703)
Users of vdsm package on Red Hat Gluster Storage are advised to upgrade to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated vdsm packages that fix one bug are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": "VDSM is a management module that serves as a Red Hat Virtualization Manager agent on Red Hat Virtualization Host or Red Hat Enterprise Linux hosts.\n\nThe vdsm package has been upgraded to version 4.30, which provides a number of bug fixes over the previous version. (BZ#1725703)\n\nUsers of vdsm package on Red Hat Gluster Storage are advised to upgrade to these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:1965",
"url": "https://access.redhat.com/errata/RHBA-2019:1965"
},
{
"category": "external",
"summary": "1725703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725703"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_1965.json"
}
],
"title": "Red Hat Bug Fix Advisory: vdsm bug fix update",
"tracking": {
"current_release_date": "2024-11-15T05:12:16+00:00",
"generator": {
"date": "2024-11-15T05:12:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2019:1965",
"initial_release_date": "2019-07-30T10:04:49+00:00",
"revision_history": [
{
"date": "2019-07-30T10:04:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-07-30T10:04:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T05:12:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product": {
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:server:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_id": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ioprocess@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_id": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product_id": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess-debuginfo@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product": {
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product_id": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease-debuginfo@1.0-7.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "safelease-0:1.0-7.el7ev.x86_64",
"product": {
"name": "safelease-0:1.0-7.el7ev.x86_64",
"product_id": "safelease-0:1.0-7.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease@1.0-7.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ioprocess-0:1.1.2-1.el7ev.src",
"product": {
"name": "ioprocess-0:1.1.2-1.el7ev.src",
"product_id": "ioprocess-0:1.1.2-1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess@1.1.2-1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "safelease-0:1.0-7.el7ev.src",
"product": {
"name": "safelease-0:1.0-7.el7ev.src",
"product_id": "safelease-0:1.0-7.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease@1.0-7.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product_id": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.30.18-1.0.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-yajsonrpc@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-fcoe@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-tests@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-cpuflags@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-common@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-macspoof@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-openstacknet@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-client@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-localdisk@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-ethtool-options@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-qemucmdline@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-http@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-api@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-faqemu@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-python@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vmfex-dev@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-0:1.1.2-1.el7ev.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src"
},
"product_reference": "ioprocess-0:1.1.2-1.el7ev.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-0:1.0-7.el7ev.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src"
},
"product_reference": "safelease-0:1.0-7.el7ev.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-0:1.0-7.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64"
},
"product_reference": "safelease-0:1.0-7.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64"
},
"product_reference": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src"
},
"product_reference": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-07-30T10:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:1965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
}
]
}
RHBA-2019:1965
Vulnerability from csaf_redhat
Published
2019-07-30 10:04
Modified
2025-09-10 13:32
Summary
Red Hat Bug Fix Advisory: vdsm bug fix update
Notes
Topic
Updated vdsm packages that fix one bug are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.
Details
VDSM is a management module that serves as a Red Hat Virtualization Manager agent on Red Hat Virtualization Host or Red Hat Enterprise Linux hosts.
The vdsm package has been upgraded to version 4.30, which provides a number of bug fixes over the previous version. (BZ#1725703)
Users of vdsm package on Red Hat Gluster Storage are advised to upgrade to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated vdsm packages that fix one bug are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": "VDSM is a management module that serves as a Red Hat Virtualization Manager agent on Red Hat Virtualization Host or Red Hat Enterprise Linux hosts.\n\nThe vdsm package has been upgraded to version 4.30, which provides a number of bug fixes over the previous version. (BZ#1725703)\n\nUsers of vdsm package on Red Hat Gluster Storage are advised to upgrade to these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:1965",
"url": "https://access.redhat.com/errata/RHBA-2019:1965"
},
{
"category": "external",
"summary": "1725703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725703"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_1965.json"
}
],
"title": "Red Hat Bug Fix Advisory: vdsm bug fix update",
"tracking": {
"current_release_date": "2025-09-10T13:32:47+00:00",
"generator": {
"date": "2025-09-10T13:32:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHBA-2019:1965",
"initial_release_date": "2019-07-30T10:04:49+00:00",
"revision_history": [
{
"date": "2019-07-30T10:04:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-07-30T10:04:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:32:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product": {
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:server:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_id": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ioprocess@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_id": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product": {
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product_id": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess-debuginfo@1.1.2-1.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product": {
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product_id": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease-debuginfo@1.0-7.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "safelease-0:1.0-7.el7ev.x86_64",
"product": {
"name": "safelease-0:1.0-7.el7ev.x86_64",
"product_id": "safelease-0:1.0-7.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease@1.0-7.el7ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product": {
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product_id": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-network@4.30.18-1.0.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ioprocess-0:1.1.2-1.el7ev.src",
"product": {
"name": "ioprocess-0:1.1.2-1.el7ev.src",
"product_id": "ioprocess-0:1.1.2-1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ioprocess@1.1.2-1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "safelease-0:1.0-7.el7ev.src",
"product": {
"name": "safelease-0:1.0-7.el7ev.src",
"product_id": "safelease-0:1.0-7.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/safelease@1.0-7.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product_id": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.30.18-1.0.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-yajsonrpc@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-fcoe@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-tests@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-cpuflags@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-common@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-macspoof@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-openstacknet@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-client@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-localdisk@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-ethtool-options@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-qemucmdline@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-http@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-api@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-faqemu@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-python@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product": {
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product_id": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vmfex-dev@4.30.18-1.0.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-0:1.1.2-1.el7ev.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src"
},
"product_reference": "ioprocess-0:1.1.2-1.el7ev.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "ioprocess-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64"
},
"product_reference": "python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-0:1.0-7.el7ev.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src"
},
"product_reference": "safelease-0:1.0-7.el7ev.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-0:1.0-7.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64"
},
"product_reference": "safelease-0:1.0-7.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "safelease-debuginfo-0:1.0-7.el7ev.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64"
},
"product_reference": "safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src"
},
"product_reference": "vdsm-0:4.30.18-1.0.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64"
},
"product_reference": "vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
},
"product_reference": "vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-07-30T10:04:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:1965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.src",
"7Server-RH-Gluster-3.4-Server:ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:ioprocess-debuginfo-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-ioprocess-0:1.1.2-1.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.src",
"7Server-RH-Gluster-3.4-Server:safelease-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:safelease-debuginfo-0:1.0-7.el7ev.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:vdsm-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-api-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-client-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-common-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-gluster-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-cpuflags-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-ethtool-options-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-faqemu-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-fcoe-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-localdisk-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-macspoof-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-openstacknet-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-qemucmdline-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-hook-vmfex-dev-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-http-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-jsonrpc-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-network-0:4.30.18-1.0.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:vdsm-python-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-tests-0:4.30.18-1.0.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:vdsm-yajsonrpc-0:4.30.18-1.0.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
}
]
}
rhsa-2019:0457
Vulnerability from csaf_redhat
Published
2019-03-05 11:09
Modified
2025-09-10 14:26
Summary
Red Hat Security Advisory: redhat-virtualization-host security update
Notes
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1678629, BZ#1679414)
Security Fix(es):
* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
* systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)
* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1678629, BZ#1679414)\n\nSecurity Fix(es):\n\n* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)\n\n* systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)\n\n* vdsm: privilege escalation to root via systemd_run (CVE-2019-3831)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0457",
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1665371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665371"
},
{
"category": "external",
"summary": "1667032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667032"
},
{
"category": "external",
"summary": "1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "1677667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677667"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0457.json"
}
],
"title": "Red Hat Security Advisory: redhat-virtualization-host security update",
"tracking": {
"current_release_date": "2025-09-10T14:26:01+00:00",
"generator": {
"date": "2025-09-10T14:26:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2019:0457",
"initial_release_date": "2019-03-05T11:09:51+00:00",
"revision_history": [
{
"date": "2019-03-05T11:09:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-05T11:09:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T14:26:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-8.3.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-8.3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product": {
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product_id": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20190219.0.el7_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.2-8.3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20190219.0.el7_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src"
},
"product_reference": "redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Christophe Fergeau"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-3813",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2018-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1665371"
}
],
"notes": [
{
"category": "description",
"text": "Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spice: Off-by-one error in array access in spice/server/memslot.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3813"
},
{
"category": "external",
"summary": "RHBZ#1665371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3813"
}
],
"release_date": "2019-01-28T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spice: Off-by-one error in array access in spice/server/memslot.c"
},
{
"cve": "CVE-2019-3831",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2019-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677108"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vdsm: privilege escalation to root via systemd_run",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3831"
},
{
"category": "external",
"summary": "RHBZ#1677108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
}
],
"release_date": "2019-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vdsm: privilege escalation to root via systemd_run"
},
{
"acknowledgments": [
{
"names": [
"Chris Coulson"
],
"organization": "Ubuntu Security"
}
],
"cve": "CVE-2019-6454",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1667032"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-6454"
},
{
"category": "external",
"summary": "RHBZ#1667032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-6454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6454"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-6454",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6454"
}
],
"release_date": "2019-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-05T11:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0457"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20190219.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-8.3.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash"
}
]
}
cnvd-2019-14430
Vulnerability from cnvd
Title: Vdsm任意命令执行漏洞
Description:
oVirt Virtual Desktop Server Manager(vdsm)是一款用于管理运行KVM管理程序技术的虚拟机主机管理器。该产品能够管理虚拟主机的存储、内存和网络资源等,并支持虚拟主机的创建。
oVirt vdsm 4.19版本至4.30.3版本和4.30.5版本至4.30.8版本中存在命令注入漏洞,该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
Severity: 高
Patch Name: Vdsm任意命令执行漏洞的补丁
Patch Description:
oVirt Virtual Desktop Server Manager(vdsm)是一款用于管理运行KVM管理程序技术的虚拟机主机管理器。该产品能够管理虚拟主机的存储、内存和网络资源等,并支持虚拟主机的创建。
oVirt vdsm 4.19版本至4.30.3版本和4.30.5版本至4.30.8版本中存在命令注入漏洞,该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布漏洞修复程序,请及时关注更新: https://gerrit.ovirt.org/#/c/97659/
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-3831
Impacted products
| Name | ['oVirt Virtual Desktop Server Manager oVirt Virtual Desktop Server Manager >=4.19,<=4.30.3', 'oVirt Virtual Desktop Server Manager oVirt Virtual Desktop Server Manager >=4.30.5,<=4.30.8'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "107037"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2019-3831"
}
},
"description": "oVirt Virtual Desktop Server Manager\uff08vdsm\uff09\u662f\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406\u8fd0\u884cKVM\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u7684\u865a\u62df\u673a\u4e3b\u673a\u7ba1\u7406\u5668\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u7ba1\u7406\u865a\u62df\u4e3b\u673a\u7684\u5b58\u50a8\u3001\u5185\u5b58\u548c\u7f51\u7edc\u8d44\u6e90\u7b49\uff0c\u5e76\u652f\u6301\u865a\u62df\u4e3b\u673a\u7684\u521b\u5efa\u3002\n\noVirt vdsm 4.19\u7248\u672c\u81f34.30.3\u7248\u672c\u548c4.30.5\u7248\u672c\u81f34.30.8\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002",
"discovererName": "oVirt Virtual Desktop Server Manager",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://gerrit.ovirt.org/#/c/97659/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-14430",
"openTime": "2019-05-16",
"patchDescription": "oVirt Virtual Desktop Server Manager\uff08vdsm\uff09\u662f\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406\u8fd0\u884cKVM\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u7684\u865a\u62df\u673a\u4e3b\u673a\u7ba1\u7406\u5668\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u7ba1\u7406\u865a\u62df\u4e3b\u673a\u7684\u5b58\u50a8\u3001\u5185\u5b58\u548c\u7f51\u7edc\u8d44\u6e90\u7b49\uff0c\u5e76\u652f\u6301\u865a\u62df\u4e3b\u673a\u7684\u521b\u5efa\u3002\r\n\r\noVirt vdsm 4.19\u7248\u672c\u81f34.30.3\u7248\u672c\u548c4.30.5\u7248\u672c\u81f34.30.8\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Vdsm\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"oVirt Virtual Desktop Server Manager oVirt Virtual Desktop Server Manager \u003e=4.19\uff0c\u003c=4.30.3",
"oVirt Virtual Desktop Server Manager oVirt Virtual Desktop Server Manager \u003e=4.30.5\uff0c\u003c=4.30.8"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831",
"serverity": "\u9ad8",
"submitTime": "2019-03-26",
"title": "Vdsm\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}
gsd-2019-3831
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-3831",
"description": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"id": "GSD-2019-3831",
"references": [
"https://access.redhat.com/errata/RHBA-2019:1965",
"https://access.redhat.com/errata/RHSA-2019:0458",
"https://access.redhat.com/errata/RHSA-2019:0457"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-3831"
],
"details": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"id": "GSD-2019-3831",
"modified": "2023-12-13T01:24:03.146999Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vdsm",
"version": {
"version_data": [
{
"version_value": "4.30.9"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.30.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.30.8",
"versionStartIncluding": "4.30.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3831"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-10-19T18:07Z",
"publishedDate": "2019-03-25T18:29Z"
}
}
}
fkie_cve-2019-3831
Vulnerability from fkie_nvd
Published
2019-03-25 18:29
Modified
2024-11-21 04:42
Severity ?
Summary
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE133A09-DE61-4AE2-90FD-A24D2E0BD5B0",
"versionEndIncluding": "4.30.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "859EBC12-485A-4214-8BDA-C0A6205F904F",
"versionEndIncluding": "4.30.8",
"versionStartIncluding": "4.30.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1986832-44C9-491E-A75D-AAD8FAE683E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en vdsm, desde la versi\u00f3n 4.19 hasta la 4.30.3 y desde la 4.30.5 hasta la 4.30.8.. La funci\u00f3n systemd_run expuesta al usuario del sistema vdsm podr\u00eda ser abusada para ejecutar comandos arbitrarios como root."
}
],
"id": "CVE-2019-3831",
"lastModified": "2024-11-21T04:42:38.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T18:29:00.933",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-mgfj-qcpq-xx99
Vulnerability from github
Published
2022-05-13 01:14
Modified
2022-05-13 01:14
Severity ?
VLAI Severity ?
Details
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
{
"affected": [],
"aliases": [
"CVE-2019-3831"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-25T18:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",
"id": "GHSA-mgfj-qcpq-xx99",
"modified": "2022-05-13T01:14:27Z",
"published": "2022-05-13T01:14:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3831"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…