Date:         Thu, 10 Dec 2009 12:06:18 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: kvm on SL5.4 x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: kvm security and bug fix update
Issue date:	2009-12-09
CVE Names:	CVE-2009-4031

CVE-2009-4031 kernel: KVM: x86 emulator: limit instructions to 15 bytes

On x86 platforms, the do_insn_fetch() function did not limit the amount 
of instruction bytes fetched per instruction. Users in guest operating 
systems could leverage this flaw to cause large latencies on SMP hosts 
that could lead to a local denial of service on the host operating 
system. This update fixes this issue by imposing the 
architecturally-defined 15 byte length limit for instructions. 
(CVE-2009-4031)

This update also fixes the following bugs:

* performance problems occurred when using the qcow2 image format with 
the qemu-kvm -drive "cache=none" option (the default setting when not 
specified otherwise). This could cause guest operating system 
installations to take hours. With this update, performance patches have 
been backported so that using the qcow2 image format with the 
"cache=none" option no longer causes performance issues. (BZ#520693)

* when using the virtual vm8086 mode, bugs in the emulated hardware task
switching implementation may have, in some situations, caused older 
guest operating systems to malfunction. (BZ#532031)

* Windows Server 2003 guests (32-bit) with more than 4GB of memory may 
have crashed during reboot when using the default qemu-kvm CPU settings.
(BZ#532043)

* with Scientific Linux  Virtualization, guests continued to run after
encountering disk read errors. This could have led to their file systems
becoming corrupted (but not the host's), notably in environments that 
use networked storage. With this update, the qemu-kvm -drive 
"werror=stop" option now applies not only to write errors but also to 
read errors: When using this option, guests will pause on disk read and 
write errors.

By default, guests managed by Scientific Linux Virtualization use the
"werror=stop" option. This option is not used by default for guests 
managed by libvirt. (BZ#537334, BZ#540406)

* the para-virtualized block driver (virtio-blk) silently ignored read
errors when accessing disk images. With this update, the driver 
correctly signals the read error to the guest. (BZ#537334)

SL 5.4

     SRPMS:
kvm-83-105.el5_4.13.src.rpm
     x86_64:
kmod-kvm-83-105.el5_4.13.x86_64.rpm
kvm-83-105.el5_4.13.x86_64.rpm
kvm-qemu-img-83-105.el5_4.13.x86_64.rpm
kvm-tools-83-105.el5_4.13.x86_64.rpm

-Connie Sieh
-Troy Dawson