RedHat: RHSA-2019-0148:01 Important: qemu-kvm-rhev security update

    Date23 Jan 2019
    CategoryRed Hat
    3027
    Posted ByAnthony Pell
    An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.4 EUS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: qemu-kvm-rhev security update
    Advisory ID:       RHSA-2019:0148-01
    Product:           Red Hat Enterprise Linux OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0148
    Issue date:        2019-01-23
    CVE Names:         CVE-2018-3639 
    =====================================================================
    
    1. Summary:
    
    An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux
    OpenStack Platform 7.0 (Kilo) for RHEL 7.4 EUS.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.4 EUS - x86_64
    
    3. Description:
    
    KVM (Kernel-based Virtual Machine) is a full virtualization solution for
    Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
    user-space component for running virtual machines that use KVM in
    environments managed by Red Hat products.
    
    Security Fix(es):
    
    * An industry-wide issue was found in the way many modern microprocessor
    designs have implemented speculative execution of Load & Store instructions
    (a commonly used performance optimization). It relies on the presence of a
    precisely-defined instruction sequence in the privileged code as well as
    the fact that memory read from address to which a recent memory write has
    occurred may see an older value and subsequently cause an update into the
    microprocessor's data cache even for speculatively executed instructions
    that never actually commit (retire). As a result, an unprivileged attacker
    could use this flaw to read privileged memory by conducting targeted cache
    side-channel attacks. (CVE-2018-3639)
    
    Red Hat would like to thank Ken Johnson (Microsoft Security Response
    Center) and Jann Horn (Google Project Zero) for reporting this issue.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    After installing this update, shut down all running virtual machines. Once
    all virtual machines have shut down, start them again for this update to
    take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
    
    6. Package List:
    
    Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.4 EUS:
    
    Source:
    qemu-kvm-rhev-2.9.0-16.el7_4.18.src.rpm
    
    x86_64:
    qemu-img-rhev-2.9.0-16.el7_4.18.x86_64.rpm
    qemu-kvm-common-rhev-2.9.0-16.el7_4.18.x86_64.rpm
    qemu-kvm-rhev-2.9.0-16.el7_4.18.x86_64.rpm
    qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.18.x86_64.rpm
    qemu-kvm-tools-rhev-2.9.0-16.el7_4.18.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-3639
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXEiK2NzjgjWX9erEAQhodg//TbQrGuVQ5GJeWISY50v4jKls00E5Ibkh
    1NQLelJsFGWyZJd1uBwe+FU9KLIBHOhq0XDCzr9HuH7KmtQpt37O/60Qp2hzMH8o
    NHfYiifunSFBFXlRYt49WFO3b0OegXhXh18MQJSJJrwsSH72NP9tgE8N+NlBrm7y
    hHoEwmfUbM0qL6he7omPFq7nJykxfSE1lN9/AQs9NR1CkWQMNATkh3idyaLVTds+
    /pI7OwNjxq8N4njVcCL+VAFKVq2CtieVrrBD3ijvE/b7uDs/kC2ag1kA6oMu0tOu
    aMVcP8TwmnVB23oIL+hKf6cZutCLlQe8BD+uZAQhw2cJPxkGBm4pG5+NpZKVI+TQ
    ZHw+Q09E6R+hI5Ysl2osNUEdrc9l+BCv2tOVEKui4viOObMCxHsRe7vxm5jksaa6
    IJUnHcaeuDRpelkV7K0kF4x/eCDMOdezsXvnzBEEidzQxyUmGGBaRhjhOyOJS+0d
    1Od2U276sgLSrlmY6LkhdJhYupFQ4JnaeTWASSRLfA+DWc+zXD9dMxFBr++k6KqI
    s57QPGl/4PaMtgLuVk46GwGcM89prnjyBi7yIt+Rv1N//glejMDAdU2PS6ekxHPF
    a4lNsp/OmX163oq7ZtjXbaLnH6pir6zeoZySgpWJuW6LhzB8qIbx0DSi8GLS3tDv
    lJkJvY/sDQw=
    =HeUs
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.