Red Hat: RHSA-2013-1553-02 Critical: qemu-kvm Buffer Overflow
red hat
November 21, 2013
Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Summary
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat
Enterprise Linux kernel. The qemu-kvm packages form the user-space
component for running virtual machines using KVM.
A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT
LUNS" command when more than 256 LUNs were specified for a single SCSI
target. A privileged guest user could use this flaw to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)
This issue was discovered by Asias He of Red Hat.
These updated qemu-kvm packages include numerous bug fixes and various
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. After installing this update, shut down all running virtual
machines. Once all virtual machines have shut down, start them again for
this update to take effect.
References
https://access.redhat.com/security/cve/CVE-2013-4344 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/qemu-kvm.html##RHSA-2013-1553
Package List
Red Hat Enterprise Linux Desktop (v. 6):
Source:
i386:
qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
i386:
qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
i386:
qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2013:1553-02
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2013:1553.html
Issue date: 2013-11-21
Topic
Updated qemu-kvm packages that fix one security issue, several bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System (CVSS)base score, which gives a detailed severity rating, is available from theCVE link in the References section.
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Bugs Fixed
670162 - [RFE] Removing the backing file using qemu-img re-base
796011 - Prompt error of trigger blkdebug: BLKDBG_CLUSTER_FREE event is not the same as expected
817066 - QEMU should disable VNC password auth when in FIPS 140-2 mode
821741 - (re-)enable SEP flag on CPU models
843797 - qemu-kvm core dumps when virtio-net(w/ tx=timer and vhost=on) RHEL.6(w/ msi-x enabled) guest shutting down
848070 - [RHEL 6.5] Add glusterfs support to qemu
856505 - Missing error message in bdrv_commit to read-only backing file
864378 - qemu-img convert fails with Floating Point Exception with zero length source image
869496 - screendump wont save PPM image file if qemu-kvm booted with '-S'
869586 - core dump happens when quitting qemu via monitor
879096 - qemu should disable hot-unplug usb-ehci controller and give a prompt if not support
882834 - no warning while check the lacked cpuid_7_0_ebx_feature_name flag
884590 - ovs-ifup affect but ovs-ifdown not affect when run a guest with a wrong netdriver(e.g. ... -device virtio-pci-net,...)
886080 - Qemu segmentation fault when resume VM from stop at rebooting process after do some hot-plug/unplug and S3
886878 - atapi: tray statuses (locked and open) are not reset on boot/reboot of guest
888008 - RFE: qemu-img should be able to report the amount of space used by a qcow2 image stored on a block device
888297 - qemu-ga should be enabled right after installation
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!