Issued:
2020-09-30
Updated:
2020-09-30

RHBA-2020:4112 - Red Hat Virtualization Engine security, bug fix 4.3.11

Synopsis

Red Hat Virtualization Engine security, bug fix 4.3.11

Type/Severity

Bug Fix Advisory None

Topic

An update is now available for Red Hat Virtualization Engine 4.3.

Description

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The rhv-guest-tools-iso package contains tools and drivers that are required by supported Windows guest operating systems when installed as guests on Red Hat Virtualization.

Changes to the ovirt-engine component:

  • Previously, importing an OVA as a Template using the ovirt-engine-sdk's uploading script failed with a null pointer exception because some storage-related values were not set correctly. The current release fixes this issue. It adds code that checks the storage values and, if needed, sets them using values from the image object. Now, importing the OVA this way succeeds. (BZ#1830762)

  • With this enhancement, while deploying RHEL 7-based hosts, you can configure SPICE encryption so that:

    • Only TLSv1.2 and newer protocols are enabled
    • Available ciphers are limited as described in BZ1563271

To apply this enhancement to existing hosts, an administrator puts each host into Maintenance mode, performs a Reinstall, and activates each host. For details, search for "Reinstalling Hosts" in the documentation. (BZ#1842522)

  • Previously, after upgrading to 4.3 and updating the cluster, the virtual machine (VM) tab in the Administration Portal was extremely slow until you restarted the VMs. This issue happened because updating the page recalculated the list of changed fields for every VM on the VM list page (read from the snapshot). The current release fixes this issue. It eliminates the previous performance impact by calculating the changed fields only once when the next run snapshot is created. (BZ#1845747)

  • In previous versions, engine-backup --mode=verify passed even if pg_restore emitted errors. The current release fixes this issue. The engine-backup --mode=verify command correctly fails if pg_restore emits errors. (BZ#1848877)

  • Previously,creating a live snapshot with memory while LiveSnapshotPerformFreezeInEngine was set to True, resulted in a virtual machine file system that is frozen when previewing or committing the snapshot with memory restore. In this release, the virtual machine runs successfully after creating a preview snapshot from a memory snapshot. (BZ#1850920)

  • Previously, exporting a virtual machine or template to an OVA file incorrectly sets its format in the OVF metadata file to "RAW". This issue causes problems using the OVA file. The current release fixes this issue. Exporting to OVA sets the format in the OVF metadata file to "COW", which represents the disk's actual format, qcow2. (BZ#1852314)

  • Previously, while creating virtual machine snapshots, if the VDSM's command to freeze a virtual machines' file systems exceeded the snapshot command's 3-minute timeout period, creating snapshots failed, causing virtual machines and disks to lock.

The current release adds two key-value pairs to the engine configuration. You can configure these using the engine-config tool:

  • Setting LiveSnapshotPerformFreezeInEngine to true enables the {engine-name} to freeze VMs' file systems before it creates a snapshot of them.
  • Setting LiveSnapshotAllowInconsistent to true enables the {engine-name} to continue creating snapshots if it fails to freeze VMs' file systems. (BZ#1842377)

Changes to the rhv-guest-tools-iso component:

  • Previously, installing guest agents for Windows guests from rhv-guest-tools-iso-4.3-12.el7ev using rhev-apt.exe failed because it could not verify a filename that exceeded Windows' 63-character limit. The current release fixes this issue. It renames the file with a shorter name, so the installation process works. (BZ#1850963)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Affected Products

ProductVersionArch
Red Hat Virtualization Manager4.3x86_64

Updated Packages

  • ovirt-engine-4.3.11.3-0.1.el7.src.rpm
  • ovirt-engine-extensions-api-impl-javadoc-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-backend-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-extensions-api-impl-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-dbscripts-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-webadmin-portal-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-websocket-proxy-4.3.11.3-0.1.el7.noarch.rpm
  • rhv-guest-tools-iso-4.3-13.el7ev.noarch.rpm
  • ovirt-engine-metrics-1.3.8-1.el7ev.noarch.rpm
  • rhv-guest-tools-iso-4.3-13.el7ev.src.rpm
  • ovirt-engine-vmconsole-proxy-helper-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.3.11.3-0.1.el7.noarch.rpm
  • rhvm-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-setup-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-setup-plugin-ovirt-engine-common-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-fast-forward-upgrade-1.0.2-1.el7ev.noarch.rpm
  • ovirt-engine-setup-base-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-setup-plugin-ovirt-engine-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-restapi-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-setup-plugin-cinderlib-4.3.11.3-0.1.el7.noarch.rpm
  • python2-ovirt-engine-lib-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-metrics-1.3.8-1.el7ev.src.rpm
  • ovirt-engine-setup-plugin-websocket-proxy-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-tools-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-engine-tools-backup-4.3.11.3-0.1.el7.noarch.rpm
  • ovirt-fast-forward-upgrade-1.0.2-1.el7ev.src.rpm
  • ovirt-engine-health-check-bundler-4.3.11.3-0.1.el7.noarch.rpm

Fixes

CVEs

(none)

References

(none)

Additional information