RedHat: RHSA-2021-2529:01 Moderate: qemu-kvm-rhev security update
Summary
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux
on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.
Security Fix(es):
* QEMU: ide: atapi: OOB access while processing read commands
(CVE-2020-29443)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
References
https://access.redhat.com/security/cve/CVE-2020-29443 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source:
qemu-kvm-rhev-2.12.0-48.el7_9.3.src.rpm
ppc64le:
qemu-img-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
x86_64:
qemu-img-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.3.x86_64.rpm
RHV-M 4.3:
Source:
qemu-kvm-rhev-2.12.0-48.el7_9.3.src.rpm
x86_64:
qemu-img-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization forRed Hat Virtualization Host 7.Red Hat Product Security has rated this update as having a security impactofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgivesa detailed severity rating, is available for each vulnerability from theCVElink(s) in the References section.
Topic
Relevant Releases Architectures
RHV-M 4.3 - x86_64
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64
Bugs Fixed
1917446 - CVE-2020-29443 QEMU: ide: atapi: OOB access while processing read commands