Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

RedHat: RHSA-2020-1292-01 Important: qemu-kvm-rhev OOB Access Issue

red hat
Calendar Grey April 2, 2020
Dist Redhat Esm H88
SUSE provides a critical patch for libvirt addressing vulnerabilities. Prompt installations are essential to reduce exposure.
An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

Summary

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
Users of qemu-kvm are advised to upgrade to these updated packages. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Topics%20covered

Topics Covered

security advisory security update red hat important qemu-kvm kernel virtualization oob access

References

https://access.redhat.com/security/cve/CVE-2020-8608 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source: qemu-kvm-rhev-2.12.0-44.el7_8.1.src.rpm
ppc64le: qemu-img-rhev-2.12.0-44.el7_8.1.ppc64le.rpm qemu-kvm-common-rhev-2.12.0-44.el7_8.1.ppc64le.rpm qemu-kvm-rhev-2.12.0-44.el7_8.1.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.12.0-44.el7_8.1.ppc64le.rpm qemu-kvm-tools-rhev-2.12.0-44.el7_8.1.ppc64le.rpm
x86_64: qemu-img-rhev-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-common-rhev-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-rhev-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-44.el7_8.1.x86_64.rpm
RHV-M 4.3:
Source: qemu-kvm-rhev-2.12.0-44.el7_8.1.src.rpm
x86_64: qemu-img-rhev-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-common-rhev-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-rhev-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-44.el7_8.1.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-44.el7_8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:1292-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1292
Issue date: 2020-04-02

Topic

An update for qemu-kvm-rhev is now available for Red Hat Virtualization forRed Hat Virtualization Host 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update red hat important qemu-kvm kernel virtualization oob access

Relevant Releases Architectures

RHV-M 4.3 - x86_64

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64

Bugs Fixed

1798453 - CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here