Red Hat Virtualization: RHSA-2020:3267-01 Low Severity Memory Leak Fix
red hat
August 3, 2020
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
Summary
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.
Security Fix(es):
* CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Add support for newer glusterfs (BZ#1802216)
* Backport: Passthrough host CPU microcode version to KVM guest if using
CPU passthrough to RHEL 7.7/7.8 (BZ#1791653)
* After hot unplug virtio-net and vfio nic, hot plug vfio-pci device fails
in Win2019 guest (BZ#1721403)
* qemu-kvm-rhev: Qemu: seccomp: blacklist is not applied to all threads
(BZ#1618504)
* Fix overzealous I/O request splitting performance regression (BZ#1819253)
References
https://access.redhat.com/security/cve/CVE-2019-20382 https://access.redhat.com/security/updates/classification/#low
Package List
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source:
qemu-kvm-rhev-2.12.0-48.el7.src.rpm
ppc64le:
qemu-img-rhev-2.12.0-48.el7.ppc64le.rpm
qemu-kvm-common-rhev-2.12.0-48.el7.ppc64le.rpm
qemu-kvm-rhev-2.12.0-48.el7.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7.ppc64le.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7.ppc64le.rpm
x86_64:
qemu-img-rhev-2.12.0-48.el7.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-48.el7.x86_64.rpm
qemu-kvm-rhev-2.12.0-48.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7.x86_64.rpm
RHV-M 4.3:
Source:
qemu-kvm-rhev-2.12.0-48.el7.src.rpm
x86_64:
qemu-img-rhev-2.12.0-48.el7.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-48.el7.x86_64.rpm
qemu-kvm-rhev-2.12.0-48.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
PREVIOUS 
NEXT Severity
low
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2020:3267-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3267
Issue date: 2020-08-03
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
RHV-M 4.3 - x86_64
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64
Bugs Fixed
1721403 - After hot unplug virtio-net and vfio nic, hot plug vfio-pci device fails in Win2019 guest
1791653 - Backport: Passthrough host CPU microcode version to KVM guest if using CPU passthrough to RHEL 7.7/7.8
1802216 - Add support for newer glusterfs
1810390 - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
1819253 - Fix overzealous I/O request splitting performance regression
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!