Red Hat Product Errata RHSA-2014:1941 - Security Advisory

Issued:: 2014-12-02
Updated:: 2014-12-02

RHSA-2014:1941 - Security Advisory

Overview
Updated Packages

Synopsis

Low: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Low

Topic

Updated qemu-kvm-rhev packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM, in
environments managed by Red Hat Enterprise Linux OpenStack Platform.

An information leak flaw was found in the way QEMU's VGA emulator accessed
frame buffer memory for high resolution displays. A privileged guest user
could use this flaw to leak memory contents of the host to the guest by
setting the display to use a high resolution in the guest. (CVE-2014-3615)

This issue was discovered by Laszlo Ersek of Red Hat.

All users of qemu-kvm-rhev are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing this update, shut down all running virtual machines. Once all
virtual machines have shut down, start them again for this update to take
effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - RHSA-2014:1941 - CVE-2014-3615 Qemu: information leakage when guest sets high resolution

CVEs

CVE-2014-3615

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
qemu-kvm-rhev-1.5.3-60.el7_0.10.src.rpm	SHA-256: 6a07d6cefa8c173f500f96c73c0a651e30fb6b6a7b34aa35c885634edd3c194c
x86_64
libcacard-devel-rhev-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: 002ae4ed91ff0792ef04d39c26d72a7af1ee8991a2e0e001e16da1475471761b
libcacard-rhev-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: 6a770d48d15c09ad9c80381f8968dbebd5d33d9030a19ed5602e88a1ce88d488
libcacard-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: 335d911bb549d82cfc184fde3f5e83b6718f3d85ed27081156e25bd595ffd1ac
qemu-img-rhev-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: 2fc6aa6fbbadc0275f1e0278dff2795b5dae7d5bf4f044bbcbecf70c2319c855
qemu-kvm-common-rhev-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: 2dae99fb0fccf54315e8938e8ceec94508920af4ac94ca72bd266b948e48a135
qemu-kvm-rhev-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: 80afbf06e3e0515eef84a9b6a87155eaf1e6a07ae7703e70b43afb54e9517b0a
qemu-kvm-rhev-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: 845c5221e553f11c8ab7dd935b5afdaed61dc4b2c0a4f97f935b643317101e7f
qemu-kvm-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpm	SHA-256: d125717c478964a2c546ff7093e5b822b6568acb62f2e8795f33e69a460899db

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories