- Issued:
- 2017-02-27
- Updated:
- 2017-02-27
RHSA-2017:0333 - Security Advisory
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
- Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)
- Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)
Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Products
- Red Hat OpenStack 5.0 for RHEL 7 x86_64
Fixes
- BZ - 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode
- BZ - 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
Red Hat OpenStack 5.0 for RHEL 7
| SRPM | |
|---|---|
| qemu-kvm-rhev-2.6.0-28.el7_3.6.src.rpm | SHA-256: 8fa1c5d4f5cb2d6195a7df93e917efadb5696e8032b5cd7ebdade993ca640d12 |
| x86_64 | |
| qemu-img-rhev-2.6.0-28.el7_3.6.x86_64.rpm | SHA-256: 8d48714c227dd1f8f21055f6a325f054166d16ca8590d4e87ee44672975ec5ec |
| qemu-kvm-common-rhev-2.6.0-28.el7_3.6.x86_64.rpm | SHA-256: 9b8e93e436862bab8b4493df06bf8162146435e04fe56bc52e2baafb7876c750 |
| qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.rpm | SHA-256: 8fbbb6f7c2da1bca7b63bb35f7bed7549ddfe5e86bc61421588f0f8e471b9359 |
| qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.6.x86_64.rpm | SHA-256: 02ae2c065b8a4fd3fcbb0b9db1d90be61b3a56fb29b788082723c74e8ee854a9 |
| qemu-kvm-tools-rhev-2.6.0-28.el7_3.6.x86_64.rpm | SHA-256: 4eda31539e4e241bf5d26272d7b093556cb35b9bd4cbf5614da09690f27be2d1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.