Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Red Hat Enterprise Linux: RHSA-2019-3345:01 Low Impact Security Issues

red hat
Calendar Grey November 5, 2019
Dist Redhat Esm H88
Delve into Red Hat's recent advisory concerning minor-impact security patches for virt:rhel, highlighting key bug resolutions and feature upgrades.
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
Security Fix(es):
* ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)
* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)
* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory buffer overflow Red Hat Enterprise Linux low severity information leakage QEMU virt:rhel module

References

https://access.redhat.com/security/cve/CVE-2019-9755 https://access.redhat.com/security/cve/CVE-2019-9824 https://access.redhat.com/security/cve/CVE-2019-12155 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: SLOF-20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab.src.rpm hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab.src.rpm libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab.src.rpm libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab.src.rpm libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab.src.rpm libvirt-4.5.0-35.module+el8.1.0+4227+b2722cb3.src.rpm libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab.src.rpm libvirt-python-4.5.0-2.module+el8.1.0+4066+0f1aadab.src.rpm nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab.src.rpm netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab.src.rpm perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab.src.rpm qemu-kvm-2.12.0-88.module+el8.1.0+4233+bc44be3f.src.rpm seabios-1.11.1-4.module+el8.1.0+4066+0f1aadab.src.rpm sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab.src.rpm supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab.src.rpm
aarch64: hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab.aarch64.rpm hivex-debuginfo-1.3.15-7.module+el8.1.0+4066+0f1aadab.aarch64.rpm hivex-debugsource-1.3.15-7.module+el8.1.0+4066+0f1aadab.aarch64.rpm hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab.aarch64.rpm libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab.aarch64.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:3345-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3345
Issue date: 2019-11-05

Topic

An update for the virt:rhel module is now available for Red Hat EnterpriseLinux 8.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory buffer overflow Red Hat Enterprise Linux low severity information leakage QEMU virt:rhel module

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1531543 - [RFE] add iommu support to virtio-gpu

1662272 - Boot guest with device assignment+vIOMMU, qemu prompts "vtd_interrupt_remap_msi: MSI address low 32 bit invalid: 0x0" when first rebooting guest

1664463 - Modify iotest behavior to include luks and nbd and fail build if iotests fail

1667249 - Fail to launch AMD SEV VM with assigned PCI device

1673010 - Local VM and migrated VM on the same host can run with same RAW file as visual disk source while without shareable configured or lock manager enabled

1673396 - qemu-kvm core dumped after hotplug the deleted disk with iothread parameter

1673401 - Qemu core dump when start guest with two disks using same drive

1678515 - CVE-2019-9824 QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables

1678979 - qemu-img convert abort when converting image with unaligned size (qemu-img: block/io.c:2134: bdrv_co_block_status: Assertion `*pnum && (((*pnum) % (align)) == 0) && align > offset - aligned_offset\' failed)

1679483 - Use a better icon for RHEL 7+ guests

1679966 - virt-inspector fails with "error: int_of_string" on a Linux image when /etc/fstab contains a partionless device

1680231 - severe performance impact using luks format

1683681 - libvirt: Can't create ppc64 guests with graphics and no USB mouse

1684383 - qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here