Red Hat Product Errata RHSA-2010:0271 - Security Advisory

Issued:: 2010-03-30
Updated:: 2010-03-30

RHSA-2010:0271 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kvm security, bug fix and enhancement update

Type/Severity

Security Advisory: Important

Topic

Updated kvm packages that fix one security issue, multiple bugs, and add
enhancements are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

A flaw was found in the way QEMU-KVM handled erroneous data provided by
the Linux virtio-net driver, used by guest operating systems. Due to a
deficiency in the TSO (TCP segment offloading) implementation, a guest's
virtio-net driver would transmit improper data to a certain QEMU-KVM
process on the host, causing the guest to crash. A remote attacker could
use this flaw to send specially-crafted data to a target guest system,
causing that guest to crash. (CVE-2010-0741)

Additionally, these updated packages include numerous bug fixes and
enhancements. Refer to the KVM chapter of the Red Hat Enterprise Linux 5.5
Technical Notes for details:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kvm.html

All KVM users should upgrade to these updated packages, which resolve this
issue as well as fixing the bugs and adding the enhancements noted in the
Technical Notes. Note: The procedure in the Solution section must be
performed before this update will take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Workstation 5 x86_64

Fixes

BZ - 508040 - Windows XP not using all CPUS
BZ - 510706 - qemu-kvm segfault when using i82551 vnic
BZ - 511072 - KVM - qemu-img fail to copy a RAW format image over FCP storage
BZ - 512672 - Remove initrd warning message
BZ - 515549 - upstream qemu issues on rhel 5.4
BZ - 515655 - Add result test to prevent Infinite loop in raw_pread, reading too large offset
BZ - 515749 - Remove warnings from kvm compilation
BZ - 516545 - qemu-kvm crashed when setting 32bitwin28k with 64G ram
BZ - 516672 - Disable unused/unsupported features on qemu-kvm
BZ - 516762 - qemu aborted when restart 32bitwin23k with more than 4G mem in intel host.
BZ - 517223 - BUG: warning at /builddir/build/BUILD/kvm-83-maint-snapshot-20090205/kernel-/x86/x86.c:240/kvm_queue_exception_e() (Tainted: G )
BZ - 518090 - [RFE] KVM should be able to export advanced cpu flags to the guest
BZ - 518169 - Bad qcow2 performance with cache=off
BZ - 519397 - KVM: MMU: make __kvm_mmu_free_some_pages handle empty list (upstream backport)
BZ - 520285 - windows 64 bit does vmexit on each cr8 access.
BZ - 521025 - rtc-td-hack stopped working. Time drifts in windows
BZ - 521749 - Guest Window2008-R2-datacenter installation is stopped at step "Setup will continue after restarting your computer" (AMD host only)
BZ - 521835 - German keymap using KVM+VNC missing some keys
BZ - 522887 - Call to migrate_set_speed after a migrate_cancel causes segmentation fault in kvm
BZ - 524970 - Guest single-cpu IPI leads to a global IPI on host
BZ - 525323 - QEMU terminates without warning with virtio-net and SMP enabled
BZ - 525699 - x86_64 guest hang when set guest's cpu1 online on AMD host
BZ - 526124 - ne model failed to get ip address
BZ - 526837 - KVM: x86: verify MTRR/PAT validity (upstream backport)
BZ - 527722 - Build tree for RHEL 5.X and RHEL 5.4.z contains build bugs
BZ - 528310 - when kvm is load, Kernel panic on rebooting after implement suspend and resume
BZ - 529694 - -initrd is broken with > 4GB guests
BZ - 530134 - RFE - In-place backing file format change
BZ - 530533 - debug message is displayed when save VM state into a compressed file
BZ - 531631 - Windows XP unattended install doesn't get an IP address after rebooting, if using -net user
BZ - 531701 - pvclock msr values are not preserved across remote migration
BZ - 531827 - O/S Filesystem Corruption with RHEL-5.4 on a RHEV Guest
BZ - 532086 - Rhev-Block driver causes 'unhandled vm exit' with 32bit win2k3r2sp2 Guest VM on restart
BZ - 533059 - kvm modules can't be built against latest kernel-devel package
BZ - 533197 - kvm kmod package should filter only some specific ksym dependencies
BZ - 533390 - RHEL5.4 VM image corruption with an IDE v-disk
BZ - 533453 - kvm kmod package should require a compatible kernel version
BZ - 537075 - qcow2: infinite recursion on grow_refcount_table() error handling
BZ - 537077 - error codes aren't always propagated up through the block layer (e.g. -ENOSPC)
BZ - 537646 - backports of qemu barrier support
BZ - 537655 - qemu-img: error creating a new preallocated volume image on FCP storage
BZ - 537888 - fix unsafe device data handling
BZ - 539250 - Cannot eject cd-rom when configured to host cd-rom
BZ - 539589 - kvm can't build against kernel-2.6.18-174.el5
BZ - 540893 - qemu-img: snapshot info error
BZ - 541084 - KVM: x86: Add KVM_GET/SET_VCPU_EVENTS
BZ - 541731 - kvm: migration: mechanism to make older savevm versions to be emitted on some cases
BZ - 542923 - Get segmentation fault when running with ide block on kvm-83-136.el5
BZ - 543137 - time drift in win2k364 KVM guest
BZ - 543979 - gPXE fails to PXE boot on e1000 virtual NIC
BZ - 545136 - CVE-2010-0741 whitelist host virtio networking features
BZ - 545194 - Discrepancy between man page and source code for qcow2 with regards to default value used when no explicit caching is specified
BZ - 546019 - kvm: use gpxe PXE roms if available
BZ - 546039 - [FEAT] Supported KVM guests for RHEL5.5
BZ - 549938 - Maintain barrier state after migration
BZ - 550053 - require newer etherboot package that is compatible with new pxe ROM paths
BZ - 550265 - gPXE fails to PXE boot on e1000 virtual NIC
BZ - 550755 - Hypercall driver doesn't reset device on power-down
BZ - 552487 - Guest image corruption after RHEV-H update to 5.4-2.1.3.el5_4rhev2_1 using virtio-blk
BZ - 553187 - Add rhel-5.4.4 support to rhel5.5.0
BZ - 555780 - iozone test can not finish when using virtio_blk in RHEL5u4 guest.
BZ - 557327 - migration failed with -M rhel5.4.4 between host 5.5 and host 5.4.4
BZ - 558195 - kvm: NFS : kvm-qemu-img convert failure on RAW/Sparse template with COW/Sparse snapshot
BZ - 559163 - migration failed host 5.5 with -M rhel5.5.0 to host 5.5 with -M rhel5.5.0.
BZ - 559509 - KVM:Wake up from hibernation operation failed ( migration to file )
BZ - 563141 - qemu-img re-base subcommand got Segmentation fault
BZ - 569762 - 'qemu-img re-base' broken on block devices
BZ - 577218 - CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
kvm-83-164.el5.src.rpm	SHA-256: f4799accd66d6de49465fee46c364467c296ea022732c93257e99a1a2a1d62f9
x86_64
kmod-kvm-83-164.el5.x86_64.rpm	SHA-256: 11ce90f5641dcbb2e353092cecb98b67654338e541a47e661bf99bf815b00c68
kvm-83-164.el5.x86_64.rpm	SHA-256: 4668e90bdd71f6cf18e84286d28f9c9e36c87fd2bdb7be2104314f29b162ce31
kvm-qemu-img-83-164.el5.x86_64.rpm	SHA-256: 2cda6e6fee133d542d457345fe555342d988e88c2b4204f24d5067ed8d81804b
kvm-tools-83-164.el5.x86_64.rpm	SHA-256: 57900bb378b5eac727a409d07373fd5ea909a93641eea4ee73b28fe02dc6ac75

Red Hat Enterprise Linux Workstation 5

SRPM
kvm-83-164.el5.src.rpm	SHA-256: f4799accd66d6de49465fee46c364467c296ea022732c93257e99a1a2a1d62f9
x86_64
kmod-kvm-83-164.el5.x86_64.rpm	SHA-256: 11ce90f5641dcbb2e353092cecb98b67654338e541a47e661bf99bf815b00c68
kvm-83-164.el5.x86_64.rpm	SHA-256: 4668e90bdd71f6cf18e84286d28f9c9e36c87fd2bdb7be2104314f29b162ce31
kvm-qemu-img-83-164.el5.x86_64.rpm	SHA-256: 2cda6e6fee133d542d457345fe555342d988e88c2b4204f24d5067ed8d81804b
kvm-tools-83-164.el5.x86_64.rpm	SHA-256: 57900bb378b5eac727a409d07373fd5ea909a93641eea4ee73b28fe02dc6ac75

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories