Red Hat Product Errata RHSA-2017:0333 - Security Advisory

Issued:: 2017-02-27
Updated:: 2017-02-27

RHSA-2017:0333 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Topic

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)

Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode
BZ - 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm	SHA-256: 8fa1c5d4f5cb2d6195a7df93e917efadb5696e8032b5cd7ebdade993ca640d12
x86_64
qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm	SHA-256: 8d48714c227dd1f8f21055f6a325f054166d16ca8590d4e87ee44672975ec5ec
qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm	SHA-256: 9b8e93e436862bab8b4493df06bf8162146435e04fe56bc52e2baafb7876c750
qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm	SHA-256: 8fbbb6f7c2da1bca7b63bb35f7bed7549ddfe5e86bc61421588f0f8e471b9359
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm	SHA-256: 02ae2c065b8a4fd3fcbb0b9db1d90be61b3a56fb29b788082723c74e8ee854a9
qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm	SHA-256: 4eda31539e4e241bf5d26272d7b093556cb35b9bd4cbf5614da09690f27be2d1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories