Red Hat Product Errata RHSA-2015:1896 - Security Advisory

Issued:: 2015-10-15
Updated:: 2015-10-15

RHSA-2015:1896 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Topic

Updated qemu-kvm-rhev packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat
Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM.

A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC
emulation implementation handled certain packets received over the
network. A privileged user inside a guest could use this flaw to crash the
QEMU instance (denial of service) or potentially execute arbitrary code on
the host. (CVE-2015-5279)

Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting
this issue.

All users of qemu-kvm-rhev are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing this update, shut down and restart all running virtual machines
for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 6 x86_64

Fixes

BZ - 1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function

CVEs

CVE-2015-5279

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 6

SRPM
qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.src.rpm	SHA-256: db5664cff881b2cb4aa6a166cb0aa510636c320dc082e7fb39e7b1d81055c41d
x86_64
qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm	SHA-256: 5f93fafdcdb4efdbc1fd556b99de5888dce474b4bad56b5048ce52ef9fd8078b
qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm	SHA-256: 73d187412d6be82dd93a2d198786cc5df204415b0e6c202358720c9dd14ad023
qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm	SHA-256: de7805c494dadba51dab5c4b75034c0295ca7d97d28d5c33cb456f85b7fb1186
qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm	SHA-256: d4432a83727147e8e4f8f32cc3556a9e1b1af2f1fb9cd04da514705c23a80344

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories