Red Hat Product Errata RHSA-2015:0795 - Security Advisory

Issued:: 2015-04-09
Updated:: 2015-04-09

RHSA-2015:0795 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Topic

Updated qemu-kvm-rhev packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM, in
environments managed by Red Hat Enterprise Linux OpenStack Platform.

It was found that the Cirrus blit region checks were insufficient.
A privileged guest user could use this flaw to write outside of
VRAM-allocated buffer boundaries in the host's QEMU process address space
with attacker-provided data. (CVE-2014-8106)

This issue was discovered by Paolo Bonzini of Red Hat.

All users of qemu-kvm-rhev are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing this update, shut down all running virtual machines. Once all
virtual machines have shut down, start them again for this update to take
effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - 1169454 - CVE-2014-8106 qemu: cirrus: insufficient blit region checks

CVEs

CVE-2014-8106

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
x86_64
libcacard-devel-rhev-2.1.2-23.el7.x86_64.rpm	SHA-256: 100fe20ccf4ece20a1b1aef58b439178d1f7be5bd0dbe532db41ee3090ef7b9e
libcacard-rhev-2.1.2-23.el7.x86_64.rpm	SHA-256: f30705eece366decce92ecdbee961a0c3c5e0de10427e5ad31c694699655b843
libcacard-tools-rhev-2.1.2-23.el7.x86_64.rpm	SHA-256: 2c4332890b205380956bfb1f4b69575ab7d991950352045f2307d15358731ac8
qemu-img-rhev-2.1.2-23.el7.x86_64.rpm	SHA-256: 2bc3a76cfaf01ecf0b0f1d98fb180e35dda7aae959c10d7a92b0c02be70df1d6
qemu-kvm-common-rhev-2.1.2-23.el7.x86_64.rpm	SHA-256: 0241ae3754269deda9abebbb14afac843c6cac01e60be472c0e0ab6d32700f6f
qemu-kvm-rhev-2.1.2-23.el7.x86_64.rpm	SHA-256: 50c9a9fba65f725dd15bebfe7b1d3fcdd5396bbe019f09b409e2134d8857ae0e
qemu-kvm-rhev-debuginfo-2.1.2-23.el7.x86_64.rpm	SHA-256: e8d820f17f86238b6377984fc70abc5fcdf3f8777c7afc231c3099b5c5ca7591
qemu-kvm-tools-rhev-2.1.2-23.el7.x86_64.rpm	SHA-256: c9a9660bc4e35056b524647c51d4fdd9adfc23f842d59faadf4e4a8b90dd47fb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories