- Issued:
- 2017-02-27
- Updated:
- 2017-02-27
RHSA-2017:0334 - Security Advisory
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
- Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)
- Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)
- An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857)
Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Products
- Red Hat OpenStack 5.0 for RHEL 6 x86_64
Fixes
- BZ - 1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate()
- BZ - 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode
- BZ - 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
Red Hat OpenStack 5.0 for RHEL 6
| SRPM | |
|---|---|
| qemu-kvm-rhev-0.12.1.2-2.491.el6_8.7.src.rpm | SHA-256: c9dd41521ce59d7f17fcda7ffc910b3a740255f9bf0a3510d4b76363b82b7501 |
| x86_64 | |
| qemu-img-rhev-0.12.1.2-2.491.el6_8.7.x86_64.rpm | SHA-256: 2d60a6bb095dc60c79a9b039bb3de853aee78a805c0ad52070ecb10ea98552d7 |
| qemu-kvm-rhev-0.12.1.2-2.491.el6_8.7.x86_64.rpm | SHA-256: e21ad3f7d5de6383eab70d13a289c521e86416667812eedb41bbc85411c90fd2 |
| qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.7.x86_64.rpm | SHA-256: 59b9e28f696b03d6354b38573ad0540549a92aad60df7071e2536cb5b38fddc9 |
| qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.7.x86_64.rpm | SHA-256: 347440666f17ad7bd2385ef8628ff43f8d5a75d063ccd82d370e93a831e9dbe1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
