5 - RHSA-2019:3345

Problem Description:

An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

* ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)

* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)

* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1531543 - [RFE] add iommu support to virtio-gpu 1662272 - Boot guest with device assignment+vIOMMU, qemu prompts "vtd_interrupt_remap_msi: MSI address low 32 bit invalid: 0x0" when first rebooting guest 1664463 - Modify iotest behavior to include luks and nbd and fail build if iotests fail 1667249 - Fail to launch AMD SEV VM with assigned PCI device 1673010 - Local VM and migrated VM on the same host can run with same RAW file as visual disk source while without shareable configured or lock manager enabled 1673396 - qemu-kvm core dumped after hotplug the deleted disk with iothread parameter 1673401 - Qemu core dump when start guest with two disks using same drive 1678515 - CVE-2019-9824 QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables 1678979 - qemu-img convert abort when converting image with unaligned size (qemu-img: block/io.c:2134: bdrv_co_block_status: Assertion `*pnum && (((*pnum) % (align)) == 0) && align > offset - aligned_offset\' failed) 1679483 - Use a better icon for RHEL 7+ guests 1679966 - virt-inspector fails with "error: int_of_string" on a Linux image when /etc/fstab contains a partionless device 1680231 - severe performance impact using luks format 1683681 - libvirt: Can't create ppc64 guests with graphics and no USB mouse 1684383 - qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer 1685151 - Guest will be destroyed if autostarted pool is destroyed and libvirtd restarted 1686895 - Enhance detection of host CPU model to avoid guesses based on fea.ture list length 1687541 - qemu aborted when start guest with a big iothreads 1687596 - [Intel 8.1 BUG][KVM][Crystal Ridge]object_get_canonical_path_component: assertion failed: (obj->parent != NULL) 1688062 - Include of the updated rhev-apt in virt-v2v 1689297 - RFE: rewrite cgroups code to support v2 subsystem 1691356 - Network filters are not honouring explicitly listed parameters for MAC 1691624 - CVE-2019-9755 ntfs-3g: heap-based buffer overflow leads to local root privilege escalation 1693299 - virsh nodedev-list --cap net can not list all the network device when modprobe ib_umad 1693433 - [RFE] - libvirt support for cascade lake cpu - Slow Train 1694148 - QEMU image locking needn't double open fd number, and it should not fail when attempting to release locks 1697627 - CPU mode=host-model needs to include MSR features 1698133 - Live migration fail with unsafe error when GPFS is used as shared filesystem 1707192 - implement missing reset handler for cfi.pflash01 - slow train 1707598 - qemu-iotest 182 fails without device hotplugging support 1707706 - /builddir/build/BUILD/qemu-2.12.0/target/i386/kvm.c:2031: kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed. 1710575 - Incorrect capacity and allocation fields in iscsi pool XML 1712670 - CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources 1712810 - src packages are listed in virt rhel module for RHEL8.0.0.1 and there are some problems about version checking with virt rhel module. 1712946 - qemu-kvm build is broken due to spice_qxl_set_max_monitors being deprecated 1714933 - Disable VXHS in qemu-kvm 1716347 - Qemu Core dump when quit vm that's in status "paused(io-error)" with data plane enabled 1716907 - internal error: Failed to parse bitmap '' when starting guest 1716908 - 'cannot set CPU affinity' error when starting guest 1717088 - libvirt still doesn't relabel sockets in nbd: backing URLs 1719578 - VM failed to start with error "failed to install seccomp syscall filter in the kernel" 1721434 - virsh command delay issue on DPDK node 1721983 - qemu-kvm can't be build with new gluster version (6.0.6) 1722668 - Do not require glusterfs on i686 1722735 - Fix build with current libssh 1727821 - Failed to convert a source image to the qcow2 image encrypted by luks 1728530 - libvirtd crashes non deterministically when trying to destroy a guest 1728657 - 'qemu-io write' to a raw image over libgfapi fails 1728958 - Hot unplug vfio-pci NIC devices from sev guest will cause qemu-kvm: sev_ram_block_removed: failed to unregister region 1729675 - Please backport upstream libvirt commit 87b4e1cd7e7e ("docs: schemas: Decouple the virtio options from each other", 2019-01-04) 1732642 - enable the virtio-net frontend to work with the vhost-net backend in SEV guests 1737790 - improve error message "error: internal error: Duplicate key" 1738839 - I/O error when virtio-blk disk is backed by a raw image on 4k disk 1738886 - virt-v2v: Use scp -T in -i vmx -it ssh mode 1740797 - Disable memfd in QEMU 1741825 - [cgroup_v2] Error happened and xml not changed when use blkiotune to set blk cgroup values 1741837 - [cgroup_v2] Cannot get and set cpu cgroup params due to cpu.max error 1742819 - Remove iotests from qemu-kvm builds [RHEL 8.1.0] 1744415 - Backport support for count cache flush Spectre v2 mitigation [slow train] 1747185 - "filtered-features" QOM property is not available 1747440 - [cgroup_v2] Crash happens when set cpu related cgroup values by “schedinfo†1749227 - [cgroup_v2] schedinfo cmd cannot set vcpu/emulator/global/iothread period values