Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Red Hat Virtualization Update: RHSA-2020-2342-01 Low Impact Bug Fix

red hat
Calendar Grey June 1, 2020
Dist Redhat Esm H88
A critical qemu-kvm-rhev upgrade for Red Hat Virtualization resolves multiple security vulnerabilities with minimal risk.
An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

Summary

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
* CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
* CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly
This update fixes the following bug:
* BZ 1804577 Backport: Passthrough host CPU microcode version to KVM guest if using CPU passthrough to RHEL 7.7/7.8 [rhel-7.6.z]
Users of qemu-kvm are advised to upgrade to these updated packages. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Topics%20covered

Topics Covered

security advisory red hat bug fix important low impact qemu-kvm-rhev tcp protocols

References

https://access.redhat.com/security/cve/CVE-2019-14378 https://access.redhat.com/security/cve/CVE-2020-7039 https://access.redhat.com/security/cve/CVE-2020-8608 https://access.redhat.com/security/updates/classification/#important

Package List

RHV-M 4.2:
Source: qemu-kvm-rhev-2.12.0-18.el7_6.11.src.rpm
x86_64: qemu-img-rhev-2.12.0-18.el7_6.11.x86_64.rpm qemu-kvm-common-rhev-2.12.0-18.el7_6.11.x86_64.rpm qemu-kvm-rhev-2.12.0-18.el7_6.11.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-18.el7_6.11.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-18.el7_6.11.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:2342-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2342
Issue date: 2020-06-01

Topic

An update for qemu-kvm-rhev is now available for Red Hat Virtualization forRed Hat Virtualization Host 7.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory red hat bug fix important low impact qemu-kvm-rhev tcp protocols

Relevant Releases Architectures

RHV-M 4.2 - x86_64

Bugs Fixed

1734745 - CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly

1791551 - CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()

1798453 - CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages

1804577 - Backport: Passthrough host CPU microcode version to KVM guest if using CPU passthrough to RHEL 7.7/7.8 [rhel-7.6.z]

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here