8.167. qemu-kvm
Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM.
- CVE-2013-4344
- A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
This issue was discovered by Asias He of Red Hat.
Bug Fixes
- BZ#974617
- Previously, a counter variable was not correctly reset when restarting an allocating request for disk images using the qcow2 file format. Consequently, these disk images in the cluster allocation code were corrupted in some cases. This update changes the way the number of available clusters is counted in the qcow2 format, and qcow2 disks are no longer corrupted in the described scenario.
- BZ#927336
- Due to an integer overflow in calculations, the
qemu-kvm
utility was reporting incorrect memory size on QMP (QEMU Machine Protocol) event when usingVirtio Balloon Driver
with more than 4 GB of memory. A patch has been provided to fix this bug, andqemu-kvm
now reports the correct amount of current RAM. - BZ#917860
- Previously, smart card emulation for Microsoft Windows XP and Microsoft Windows 7 guests failed due to inconsistent Answer To Reset (ATR) file length with a smart card Input/Output device error. This update creates an ATR file length with appropriate historical bytes, and disables USB signaling when necessary. Now, smart card emulation works, and failures no longer occur in the aforementioned scenario.
- BZ#916020
- Previously, the
qemu-kvm
utility did not enable theIOeventFD
feature, which caused the IOeventFD support forvirtio-blk
devices to be silently disabled. This update enables theIOeventFD
feature, and theIOeventFD
support forvirtio-blk
devices works as expected.
Enhancements
- BZ#670162
- A new feature for removing the backing file using the
qemu-img rebase
command has been implemented. Now, no data loss will occur when running theqemu-img rebase
command. - BZ#963420
- Red Hat Enterprise Linux 6.5 brings read-only support for VHDX (
Hyper-V
virtual hard disk), image formats, as created by MicrosoftHyper-V
. - BZ#960685
- Red Hat Enterprise Linux 6.5 brings a number of improvements on read-only support for VMDK (Virtual Machine Disk), image file formats, including its sub-formats, as created by many VMware Virtualization products.
- BZ#848070
- Updated support for
GlusterFS
inQEMU
allows native access toGlusterFS
volumes using thelibgfapi
library instead of through a locally mountedFUSE
file system. This native approach offers considerable performance improvements. - BZ#884253
- Support of Volume Control from within Microsoft Windows Guests has been implemented. Users can now fully control the volume level on Microsoft Windows XP guests using the AC'97 codec.
- BZ#914802
- Support for dumping metadata of virtual disks has been implemented with this update. Third-party applications running on the host are now able to read guest image contents without knowing the details of the QCOW2 image format. This can be used together with the Linux device mapper to access QCOW2 images as Linux block devices.
- BZ#911569
- Similarly to the Windows VSS (Visual SourceSafe) version, application-consistent snapshots can now be created with the use of scripts that attach to the
QEMU
guest agent running on the guest. These scripts can notify applications which would flush their data to the disk during a freeze or thaw operation, thus allowing consistent snapshots to be taken.
Note
VNC password authentication is disabled when the system is operating in FIPS (Federal Information Processing Standards) mode.
All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Updated qemu-kvm packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM.
Bug Fixes
- BZ#1025596
- Recent changes to the block layer resulted in a disk I/O performance degradation due to the way block length is calculated and cached internally. This update improves the logic for calculating such lengths and restores performance to the expected levels.
- BZ#1029327
- Due to a regression, the "qemu-img info" command took too much time to respond with the "cluster_size=512,preallocation=metadata" option. This bug has been fixed and "qemu-img info" now responds within one second.
- BZ#1029327
- On images created with very small non-standard cluster sizes (for example, 512 bytes), the "qemu-img info" command could take a long time to respond if run immediately after an image creation. This bug has been fixed, and "qemu-img info" now works as expected.
- BZ#1029329
- When doing live migration with the "--copy-storage-all" option, the virsh user interface failed with the following error message:"error: Unable to read from monitor: Connection reset by peer"This bug, caused by a regression, has been fixed, and live migration now finishes successfully.
- BZ#1028252
- Previously, qemu (for example, the "qemu-img info" command) could not open VMWare ESX image files. A patch fixing this bug has been provided, and ESX images are now handled correctly.
Users of qemu-kvm are advised to upgrade to these updated packages, which fix these bugs.