Red Hat Enterprise: RHSA-2018:1104-01 Important Qemu-KVM-RHEV Security Fix
red hat
April 10, 2018
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
Summary
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.
The following packages have been upgraded to a later upstream version:
qemu-kvm-rhev (2.10.0). (BZ#1470749)
Security Fix(es):
* Qemu: stack buffer overflow in NBD server triggered via long export name
(CVE-2017-15118)
* Qemu: DoS via large option request (CVE-2017-15119)
* Qemu: vga: OOB read access during display update (CVE-2017-13672)
* Qemu: vga: reachable assert failure during display update
(CVE-2017-13673)
* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)
* Qemu: memory exhaustion through framebuffer update request message in VNC
server (CVE-2017-15124)
* Qemu: I/O: potential memory exhaustion via websock connection to VNC
(CVE-2017-15268)
* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank David Buchanan for reporting CVE-2017-13672 and
CVE-2017-13673; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and
Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15118
and CVE-2017-15119 issues were discovered by Eric Blake (Red Hat) and the
CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).
References
https://access.redhat.com/security/cve/CVE-2017-13672 https://access.redhat.com/security/cve/CVE-2017-13673 https://access.redhat.com/security/cve/CVE-2017-13711 https://access.redhat.com/security/cve/CVE-2017-15118 https://access.redhat.com/security/cve/CVE-2017-15119 https://access.redhat.com/security/cve/CVE-2017-15124 https://access.redhat.com/security/cve/CVE-2017-15268 https://access.redhat.com/security/cve/CVE-2018-5683 https://access.redhat.com/security/updates/classification#important
Package List
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source:
qemu-kvm-rhev-2.10.0-21.el7.src.rpm
ppc64le:
qemu-img-rhev-2.10.0-21.el7.ppc64le.rpm
qemu-kvm-common-rhev-2.10.0-21.el7.ppc64le.rpm
qemu-kvm-rhev-2.10.0-21.el7.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7.ppc64le.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7.ppc64le.rpm
x86_64:
qemu-img-rhev-2.10.0-21.el7.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2018:1104-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1104
Issue date: 2018-04-10
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64
Bugs Fixed
1139507 - wrong data-plane properties via info qtree to check if use iothread object syntax
1178472 - fail to boot win2012r2 guest with hv_relaxed&hv_vapic&hv_spinlocks=0x1fff&hv_time & -smp 80,cores=2,threads=1,sockets=40
1212715 - qemu-img gets wrong actual path of backing file when the file name contains colon
1213786 - qemu-img doesn't check if base image exists when size parameter indicated.
1285044 - migration/RDMA: Race condition
1305398 - [RFE] PAPR Hash Page Table (HPT) resizing (qemu-kvm-rhev)
1320114 - qemu prompt "main-loop: WARNING: I/O thread spun for 1000 iterations" when block mirror from format qcow2 to raw
1344299 - PCIe: Add an option to PCIe ports to disable IO port space support
1372583 - Keyboard can't be used when install rhel7 in guest which has SATA CDROM and spice+qxl mode sometimes
1378241 - QEMU image file locking
1390346 - PCI: Reserve MMIO space over 4G for PCI hotplug
1390348 - PCI: Provide to libvirt a new query command whether a device is PCI/PCIe/hybrid
1398633 - [RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm-rhev)
1406803 - RFE: native integration of LUKS and qcow2
1414049 - [RFE] Add support to qemu-img for resizing with preallocation
1433670 - Provide an API that estimates the size of QCOW2 image converted from a raw image
1434321 - [Q35] code 10 error when install VF in windows 2016
1437113 - PCIe: Allow configuring Generic PCIe Root Ports MMIO Window
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!