Red Hat Product Errata RHSA-2017:0344 - Security Advisory

Issued:: 2017-02-28
Updated:: 2017-02-28

RHSA-2017:0344 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Topic

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on the host with privileges of Qemu process on the host. (CVE-2017-2615)
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857)

Red Hat would like to thank Wjjzhang (Tencent.com Inc.) Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

Red Hat Virtualization 3 for RHEL 6 x86_64

Fixes

BZ - 1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate()
BZ - 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 3 for RHEL 6

SRPM
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.6.src.rpm	SHA-256: 00ffef3c111389835a6a93272139b290c2a69b36d01bec80346e9ef1b091ce12
x86_64
qemu-img-rhev-0.12.1.2-2.491.el6_8.6.x86_64.rpm	SHA-256: 24acc4cf940067ae0d18b3e60a59941452eb5f48927c30eb05d10f95a8e87998
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.6.x86_64.rpm	SHA-256: 667ab2844c6208401a072e08200f43d7a298e5d8d8ed787599bd7f1903b4f962
qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.6.x86_64.rpm	SHA-256: b17337280963b6f86e276d42a82da79fd63bff4296509c295b2d4fb0720fcde7
qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.6.x86_64.rpm	SHA-256: 824264e20923e2a08caeb15b74e54b4fa86d62a40662a67afcbb277b25967fad

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories