Issued:: 2016-05-10
Updated:: 2016-05-10

RHSA-2016:0999 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.

Security Fix(es):

An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710)

Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module

CVEs

CVE-2016-3710

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
qemu-kvm-rhev-2.3.0-31.el7_2.13.src.rpm	SHA-256: e43d7f754e7955010183363b0f86d53b9ce3e9ee3d4f2081de12bfbe096823a3
x86_64
libcacard-devel-rhev-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: 9ea2d791429f1f2db81d612433f094113e1e0180c70e3eb74f8d7fe7d6915653
libcacard-rhev-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: 080ad8cc132455213c777b620678b96aff583d9ccde9ff126686d432aec16360
libcacard-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: 009c8502b537684ea7563425da18446c35a97d9ee331aa2e8d1213e71e26cb28
qemu-img-rhev-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: c5d2db11f55f0b1d89dbfb085572de4f6c6021216316503f42f5aa4133a528e2
qemu-kvm-common-rhev-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: 22e053def1c95a6ccd9c3d0b6a67ae00a6e8a03f5cbb287533a0ce705a0beafa
qemu-kvm-rhev-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: a90c3f720e56cb87a5b8621a18a157705001c7481e755102071857fc5d5dd7ac
qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: ba45750ad39f775ce94935921430e5bee58c007f6fe5241ce59edde64d679bf4
qemu-kvm-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm	SHA-256: eb57145d02ea41ea576f72d4f7610869da9f791b25248d6d762362004bb14729

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation