- Vulnerability/
- RHSA-2009:1692
RHSA-2009:1692: Important: rhev-hypervisor security and bug fix update
First published: Wed Dec 23 2009(Updated: )
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization<br>(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated<br>Kernel-based Virtual Machine (KVM) hypervisor. It includes everything<br>necessary to run and manage virtual machines: A subset of the Red Hat<br>Enterprise Linux operating environment and the Red Hat Enterprise<br>Virtualization Agent.<br>Note: RHEV Hypervisor is only available for the Intel 64 and AMD64<br>architectures with virtualization extensions.<br>A flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel.<br>pci_unmap_single() presented a memory leak that could lead to IOMMU space<br>exhaustion and a system crash. An attacker on the local network could<br>trigger this flaw by using jumbo frames for large amounts of network<br>traffic. (CVE-2009-3613)<br>On x86 platforms, the do_insn_fetch() function did not limit the amount of<br>instruction bytes fetched per instruction. Users in guest operating systems<br>could leverage this flaw to cause large latencies on SMP hosts that could<br>lead to a local denial of service on the host operating system. This update<br>fixes this issue by imposing the architecturally-defined 15 byte length<br>limit for instructions. (CVE-2009-4031)<br>This updated package provides updated components that include fixes for<br>security issues; however, these issues have no security impact for RHEV<br>Hypervisor. These fixes are for kernel issues CVE-2009-2695, CVE-2009-2908,<br>CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3612, CVE-2009-3620,<br>CVE-2009-3621, and CVE-2009-3726; acpid issue CVE-2009-4033; expat issues<br>CVE-2009-3560 and CVE-2009-3720; and wget issue CVE-2009-3490.<br>This update also fixes the following bugs:<br><li> the scsi_dh_rdac driver was updated to recognize the Sun StorageTek</li> Flexline 380. This driver is now also loaded into initrd to handle passive<br>paths correctly. Without this initrd change, lots of errors could occur<br>during boot, increasing boot time. (BZ#545909)<br><li> during the firstboot network configuration of the RHEV Hypervisor, it was</li> only possible to specify NTP servers by their IP addresses if the RHEV<br>Hypervisor system was configured with a static IP address. With this<br>update, hostnames can also be used to specify NTP servers. (BZ#545923)<br><li> with the default settings, performance problems occurred when using the</li> qcow2 image format. This could cause guest operating system installations<br>to take hours. With this update, performance patches have been backported<br>to resolve this issue. (BZ#520693)<br><li> when using the virtual vm8086 mode, bugs in the emulated hardware task</li> switching implementation may have, in some situations, caused older guest<br>operating systems to malfunction. (BZ#532031)<br><li> Windows Server 2003 guests (32-bit) with more than 4GB of memory may have</li> crashed during reboot when using the default RHEV Hypervisor settings.<br>(BZ#532043)<br><li> guests continued to run after encountering disk read errors. This could</li> have led to their file systems becoming corrupted (but not the host's),<br>notably in environments that use networked storage. With this update,<br>guests will now pause on disk read and write errors. (BZ#537334, BZ#540406)<br><li> the para-virtualized block driver (virtio-blk) silently ignored read</li> errors when accessing disk images. With this update, the driver correctly<br>signals the read error to the guest. (BZ#537334)<br>Users of the Red Hat Enterprise Virtualization Hypervisor are advised to<br>upgrade to this updated package, which corrects these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=529137
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=541160
- http://www.redhat.com/security/updates/classification/#important
- http://redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/Red_Hat_Enterprise_Virtualization_Hypervisor/5.4-2.1/html/RHEV-Hypervisor_Deployment_Guide/
- https://access.redhat.com/errata/RHSA-2009:1692 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:1692
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type