Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM.
- A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
This issue was discovered by Asias He of Red Hat.
- Previously, a counter variable was not correctly reset when restarting an allocating request for disk images using the qcow2 file format. Consequently, these disk images in the cluster allocation code were corrupted in some cases. This update changes the way the number of available clusters is counted in the qcow2 format, and qcow2 disks are no longer corrupted in the described scenario.
- Due to an integer overflow in calculations, the
qemu-kvmutility was reporting incorrect memory size on QMP (QEMU Machine Protocol) event when using
Virtio Balloon Driverwith more than 4 GB of memory. A patch has been provided to fix this bug, and
qemu-kvmnow reports the correct amount of current RAM.
- Previously, smart card emulation for Microsoft Windows XP and Microsoft Windows 7 guests failed due to inconsistent Answer To Reset (ATR) file length with a smart card Input/Output device error. This update creates an ATR file length with appropriate historical bytes, and disables USB signaling when necessary. Now, smart card emulation works, and failures no longer occur in the aforementioned scenario.
- Previously, the
qemu-kvmutility did not enable the
IOeventFDfeature, which caused the IOeventFD support for
virtio-blkdevices to be silently disabled. This update enables the
IOeventFDfeature, and the
virtio-blkdevices works as expected.
- A new feature for removing the backing file using the
qemu-img rebasecommand has been implemented. Now, no data loss will occur when running the
- Red Hat Enterprise Linux 6.5 brings read-only support for VHDX (
Hyper-Vvirtual hard disk), image formats, as created by Microsoft
- Red Hat Enterprise Linux 6.5 brings a number of improvements on read-only support for VMDK (Virtual Machine Disk), image file formats, including its sub-formats, as created by many VMware Virtualization products.
- Updated support for
QEMUallows native access to
GlusterFSvolumes using the
libgfapilibrary instead of through a locally mounted
FUSEfile system. This native approach offers considerable performance improvements.
- Support of Volume Control from within Microsoft Windows Guests has been implemented. Users can now fully control the volume level on Microsoft Windows XP guests using the AC'97 codec.
- Support for dumping metadata of virtual disks has been implemented with this update. Third-party applications running on the host are now able to read guest image contents without knowing the details of the QCOW2 image format. This can be used together with the Linux device mapper to access QCOW2 images as Linux block devices.
- Similarly to the Windows VSS (Visual SourceSafe) version, application-consistent snapshots can now be created with the use of scripts that attach to the
QEMUguest agent running on the guest. These scripts can notify applications which would flush their data to the disk during a freeze or thaw operation, thus allowing consistent snapshots to be taken.
VNC password authentication is disabled when the system is operating in FIPS (Federal Information Processing Standards) mode.
All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Updated qemu-kvm packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM.
- Recent changes to the block layer resulted in a disk I/O performance degradation due to the way block length is calculated and cached internally. This update improves the logic for calculating such lengths and restores performance to the expected levels.
- Due to a regression, the "qemu-img info" command took too much time to respond with the "cluster_size=512,preallocation=metadata" option. This bug has been fixed and "qemu-img info" now responds within one second.
- On images created with very small non-standard cluster sizes (for example, 512 bytes), the "qemu-img info" command could take a long time to respond if run immediately after an image creation. This bug has been fixed, and "qemu-img info" now works as expected.
- When doing live migration with the "--copy-storage-all" option, the virsh user interface failed with the following error message:"error: Unable to read from monitor: Connection reset by peer"This bug, caused by a regression, has been fixed, and live migration now finishes successfully.
- Previously, qemu (for example, the "qemu-img info" command) could not open VMWare ESX image files. A patch fixing this bug has been provided, and ESX images are now handled correctly.
Users of qemu-kvm are advised to upgrade to these updated packages, which fix these bugs.