Synopsis
Low: virt:rhel security, bug fix, and enhancement update
Type/Severity
Security Advisory: Low
Topic
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
Security Fix(es):
- ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)
- QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)
- QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
-
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
-
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
-
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 1531543 - [RFE] add iommu support to virtio-gpu
- BZ - 1662272 - Boot guest with device assignment+vIOMMU, qemu prompts "vtd_interrupt_remap_msi: MSI address low 32 bit invalid: 0x0" when first rebooting guest
- BZ - 1664463 - Modify iotest behavior to include luks and nbd and fail build if iotests fail
- BZ - 1667249 - Fail to launch AMD SEV VM with assigned PCI device
- BZ - 1673010 - Local VM and migrated VM on the same host can run with same RAW file as visual disk source while without shareable configured or lock manager enabled
- BZ - 1673396 - qemu-kvm core dumped after hotplug the deleted disk with iothread parameter
- BZ - 1673401 - Qemu core dump when start guest with two disks using same drive
- BZ - 1678515 - CVE-2019-9824 QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables
- BZ - 1678979 - qemu-img convert abort when converting image with unaligned size (qemu-img: block/io.c:2134: bdrv_co_block_status: Assertion `*pnum && (((*pnum) % (align)) == 0) && align > offset - aligned_offset\' failed)
- BZ - 1679483 - Use a better icon for RHEL 7+ guests
- BZ - 1679966 - virt-inspector fails with "error: int_of_string" on a Linux image when /etc/fstab contains a partionless device
- BZ - 1680231 - severe performance impact using luks format
- BZ - 1683681 - libvirt: Can't create ppc64 guests with graphics and no USB mouse
- BZ - 1684383 - qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer
- BZ - 1685151 - Guest will be destroyed if autostarted pool is destroyed and libvirtd restarted
- BZ - 1686895 - Enhance detection of host CPU model to avoid guesses based on fea.ture list length
- BZ - 1687541 - qemu aborted when start guest with a big iothreads
- BZ - 1687596 - [Intel 8.1 BUG][KVM][Crystal Ridge]object_get_canonical_path_component: assertion failed: (obj->parent != NULL)
- BZ - 1688062 - Include of the updated rhev-apt in virt-v2v
- BZ - 1689297 - RFE: rewrite cgroups code to support v2 subsystem
- BZ - 1691356 - Network filters are not honouring explicitly listed parameters for MAC
- BZ - 1691624 - CVE-2019-9755 ntfs-3g: heap-based buffer overflow leads to local root privilege escalation
- BZ - 1693299 - virsh nodedev-list --cap net can not list all the network device when modprobe ib_umad
- BZ - 1693433 - [RFE] - libvirt support for cascade lake cpu - Slow Train
- BZ - 1694148 - QEMU image locking needn't double open fd number, and it should not fail when attempting to release locks
- BZ - 1697627 - CPU mode=host-model needs to include MSR features
- BZ - 1698133 - Live migration fail with unsafe error when GPFS is used as shared filesystem
- BZ - 1707192 - implement missing reset handler for cfi.pflash01 - slow train
- BZ - 1707598 - qemu-iotest 182 fails without device hotplugging support
- BZ - 1707706 - /builddir/build/BUILD/qemu-2.12.0/target/i386/kvm.c:2031: kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.
- BZ - 1710575 - Incorrect capacity and allocation fields in iscsi pool XML
- BZ - 1712670 - CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources
- BZ - 1712810 - src packages are listed in virt rhel module for RHEL8.0.0.1 and there are some problems about version checking with virt rhel module.
- BZ - 1712946 - qemu-kvm build is broken due to spice_qxl_set_max_monitors being deprecated
- BZ - 1714933 - Disable VXHS in qemu-kvm
- BZ - 1716347 - Qemu Core dump when quit vm that's in status "paused(io-error)" with data plane enabled
- BZ - 1716907 - internal error: Failed to parse bitmap '' when starting guest
- BZ - 1716908 - 'cannot set CPU affinity' error when starting guest
- BZ - 1717088 - libvirt still doesn't relabel sockets in nbd: backing URLs
- BZ - 1719578 - VM failed to start with error "failed to install seccomp syscall filter in the kernel"
- BZ - 1721434 - virsh command delay issue on DPDK node
- BZ - 1721983 - qemu-kvm can't be build with new gluster version (6.0.6)
- BZ - 1722668 - Do not require glusterfs on i686
- BZ - 1722735 - Fix build with current libssh
- BZ - 1727821 - Failed to convert a source image to the qcow2 image encrypted by luks
- BZ - 1728530 - libvirtd crashes non deterministically when trying to destroy a guest
- BZ - 1728657 - 'qemu-io write' to a raw image over libgfapi fails
- BZ - 1728958 - Hot unplug vfio-pci NIC devices from sev guest will cause qemu-kvm: sev_ram_block_removed: failed to unregister region
- BZ - 1729675 - Please backport upstream libvirt commit 87b4e1cd7e7e ("docs: schemas: Decouple the virtio options from each other", 2019-01-04)
- BZ - 1732642 - enable the virtio-net frontend to work with the vhost-net backend in SEV guests
- BZ - 1737790 - improve error message "error: internal error: Duplicate key"
- BZ - 1738839 - I/O error when virtio-blk disk is backed by a raw image on 4k disk
- BZ - 1738886 - virt-v2v: Use scp -T in -i vmx -it ssh mode
- BZ - 1740797 - Disable memfd in QEMU
- BZ - 1741825 - [cgroup_v2] Error happened and xml not changed when use blkiotune to set blk cgroup values
- BZ - 1741837 - [cgroup_v2] Cannot get and set cpu cgroup params due to cpu.max error
- BZ - 1742819 - Remove iotests from qemu-kvm builds [RHEL 8.1.0]
- BZ - 1744415 - Backport support for count cache flush Spectre v2 mitigation [slow train]
- BZ - 1747185 - "filtered-features" QOM property is not available
- BZ - 1747440 - [cgroup_v2] Crash happens when set cpu related cgroup values by “schedinfo”
- BZ - 1749227 - [cgroup_v2] schedinfo cmd cannot set vcpu/emulator/global/iothread period values
CVEs
References
Vulmon