Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat Virtualization 4.2: Important Security Fixes for qemu-kvm-rhev

red hat
Calendar Grey March 5, 2020
Dist Redhat Esm H88
Canonical has unveiled a significant patch for the ubuntu-server-kvm, tackling several vulnerabilities and correcting various issues.
An update for qemu-kvm-rhev is now available for Red Hat Virtualization Engine 4.2

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Summary

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
* QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [Intel 7.6.z Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm-rhev (BZ#1730601)
* qemu-kvm-rhev: backport cpuidle-haltpoll support (BZ#1746281)
Enhancement(s):
* [Intel 7.7 FEAT] MDS_NO exposure to guest - qemu-kvm-rhev (BZ#1743632)

Topics%20covered

Topics Covered

security advisory bug fix important KVM Red Hat Virtualization iscsi access TSX issue

References

https://access.redhat.com/security/cve/CVE-2019-11135 https://access.redhat.com/security/cve/CVE-2020-1711 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/articles/tsx-asynchronousabort

Package List

RHV-M 4.2:
Source: qemu-kvm-rhev-2.12.0-18.el7_6.9.src.rpm
x86_64: qemu-img-rhev-2.12.0-18.el7_6.9.x86_64.rpm qemu-kvm-common-rhev-2.12.0-18.el7_6.9.x86_64.rpm qemu-kvm-rhev-2.12.0-18.el7_6.9.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-18.el7_6.9.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-18.el7_6.9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:0730-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0730
Issue date: 2020-03-05

Topic

An update for qemu-kvm-rhev is now available for Red Hat VirtualizationEngine 4.2.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory bug fix important KVM Red Hat Virtualization iscsi access TSX issue

Relevant Releases Architectures

RHV-M 4.2 - x86_64

Bugs Fixed

1746281 - qemu-kvm-rhev: backport cpuidle-haltpoll support [rhel-7.6.z]

1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

1794290 - CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here