RHBA-2015:0335 - Bug Fix Advisory

Topic

Updated spice packages that fix several bugs and add various enhancements are now available.

Description

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.

• Previously, repeated changes of resolution in a Quick Emulator (QEMU) instance using the xrandr tool caused a segmentation fault in the qemu-kvm process. As a consequence, the QEMU guest could terminate unexpectedly. To fix this bug, a patch has been applied. The patch fixes a crash when clearing surface memory. As a result, repeated resolution changes no longer cause a segmentation fault. (BZ#1029646)
• Prior to this update, a segmentation fault caused by a race condition could cause live migration to fail if a SPICE client was connected to a guest virtual machine that could terminate unexpectedly. To fix this bug, the race condition on the spice-server has been eliminated and the segmentation fault no longer occurs in this situation. (BZ#1035184)
• Previously, invalid drawing commands from guests using older versions of QEMU machine types and QXL device revisions could cause qemu-kvm to terminate unexpectedly. To fix this bug, detection of invalid drawing commands has been introduced and they are now rejected. As a result, qemu-kvm no longer terminates in this situation. (BZ#1052856)
• Due to a logic error on the SPICE server, booting with four distinct QXL devices could trigger assertion in the SPICE code. This led to unexpected termination of qemu-kvm with signal: abort (SIGABRT). The lookup of channels error which caused the assertion has been fixed. As a result, the SPICE server no longer asserts in this situation. (BZ#1058625)
• Previously, when monitoring flushes by SPICE in text mode on a qemu-kvm machine, qemu-kvm logs were flooded with large numbers of SPICE warnings. To fix this bug, this specific warning message has been changed to a debug, which by default does not appear in logs. As a result, logs no longer receive excessive messages of this type. (BZ#1070028)
• Due to invalid assertion in the video streaming code, the SPICE hypervisor

could terminate unexpectedly when the assert was triggered. The following error message was returned in the log file:

qemu sometimes crashes in spice-server with
"rate_control->num_recent_enc_frames" assertion

The invalid assertion has been fixed, and the hypervisor no longer terminates unexpectedly. (BZ#1086823)

• Previously, when launching a KVM guest, a client_monitors_config

failed or missing SPICE warning was displayed. This can happen under
normal conditions so this message has been changed to be only a debug
message which is not shown by default. As a result, the SPICE warning no
longer displays in this situation. (BZ#1119220)

• Previously, in older clients, the SPICE server reset the spicevmc device instead of deleting it for compatibility reasons. Consequently, accessing a guest using SPICE vdagent with an old version of the SPICE gtk client could cause qemu-kvm to terminate unexpectedly when rebooting the guest. To fix this bug, NULL checks have been added to the SPICE server code to handle the situation on reboot, when the spicevmc device had already been deleted. As a result, the spicevmc device is now deleted on reboot and qemu-kvm no longer terminates in this scenario. (BZ#1145919)
• Previously, spice-server used version TLS 1.0 of the Transport Layer

Security protocol, With this update, spice-server can now use version
TLS 1.0, 1.1, and 1.2. (BZ#1175540)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.4 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.3 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
• Red Hat Enterprise Linux Server - AUS 7.6 x86_64
• Red Hat Enterprise Linux Server - AUS 7.4 x86_64
• Red Hat Enterprise Linux Server - AUS 7.3 x86_64
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Enterprise Linux Desktop 7 x86_64
• Red Hat Enterprise Linux for Scientific Computing 7 x86_64
• Red Hat Enterprise Linux Server from RHUI 7 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
• Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
• Red Hat Enterprise Linux Server - AUS 7.7 x86_64
• Red Hat Enterprise Linux Server - TUS 7.7 x86_64
• Red Hat Enterprise Linux Server - TUS 7.6 x86_64
• Red Hat Enterprise Linux Server - TUS 7.3 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.3 x86_64

Fixes

• BZ - 1029646 - Qemu instance received segfault after multiple resolution change
• BZ - 1052856 - boot vm -M rhel6.0.0 with qxl would cause qemu crash
• BZ - 1058625 - QEMU core dumped when boot guest with 4 qxl devices (spice with 4 monitors) specified 512MB
• BZ - 1070028 - qemu-kvm flood with 'Spice-Warning **: mjpeg_encoder.c:799:mjpeg_encoder_start_frame: unsupported format 2'
• BZ - 1086823 - qemu sometimes crashes in spice-server with "rate_control->num_recent_enc_frames" assertion
• BZ - 1145919 - qemu-kvm segmentation fault, when boot a RHEL7.1 guest with "-chardev spicevmc" and reboot inside guest
• BZ - 1175540 - Backport patches enabling TLS 1.1 and better to spice-server

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal