Red Hat 6: RHSA-2011:0534-01 Critical: Qemu-KVM Security Concerns
red hat
May 19, 2011
Updated qemu-kvm packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Summary
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM.
It was found that the virtio-blk driver in qemu-kvm did not properly
validate read and write requests from guests. A privileged guest user could
use this flaw to crash the guest or, possibly, execute arbitrary code on
the host. (CVE-2011-1750)
It was found that the PIIX4 Power Management emulation layer in qemu-kvm
did not properly check for hot plug eligibility during device removals. A
privileged guest user could use this flaw to crash the guest or, possibly,
execute arbitrary code on the host. (CVE-2011-1751)
Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1751.
This update also fixes several bugs and adds various enhancements.
Documentation for these bug fixes and enhancements will be available
shortly from the Technical Notes document, linked to in the References
section.
All users of qemu-kvm should upgrade to these updated packages, which
contain backported patches to resolve these issues, and fix the bugs and
add the enhancements noted in the Technical Notes. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2011-1750 https://access.redhat.com/security/cve/CVE-2011-1751 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/search/
Package List
Red Hat Enterprise Linux Desktop (v. 6):
Source:
x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
x86_64:
qemu-img-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key#package
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2011:0534-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2011:0534.html
Issue date: 2011-05-19
Topic
Updated qemu-kvm packages that fix two security issues, several bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.
Topics Covered
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Bugs Fixed
482427 - support high resolutions
581750 - Vhost: Segfault when assigning a none vhostfd
596610 - "Guest moved used index from 0 to 61440" if remove virtio serial device before virtserialport
599307 - info snapshot return "bdrv_snapshot_list: error -95"
602205 - Could not ping guest successfully after changing e1000 MTU
603413 - RHEL3.9 guest netdump hung with e1000
604992 - index is empty in qemu-doc.html
607598 - Incorrect & misleading error reporting when failing to open a drive due to block driver whitelist denial
608548 - QEMU doesn't respect hardware sector size of underlying block device when doing O_DIRECT
609016 - incorrect committed memory on idle host
613893 - [RFE] qemu-io enable truncate function for qcow2.
615947 - RFE QMP: support of query spice for guest
616187 - vmware device emulation enabled but not supported
616659 - mrg buffers: migration breaks between systems with/without vhost
616703 - qemu-kvm core dump with virtio-serial-pci max-port greater than 31
617119 - Qemu becomes unresponsive during unattended_installation
619168 - qemu should more clearly indicate internal detection of this host out-of-memory condition at startup..
619259 - qemu "-cpu [check | enforce ]" should work even when a model name is not specified on the command line
623552 - SCP image fails from host to guest with vhost on when do migration
623735 - hot unplug of vhost net virtio NIC causes qemu segfault
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!