- Issued:
- 2017-02-28
- Updated:
- 2017-02-28
RHSA-2017:0344 - Security Advisory
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
- Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on the host with privileges of Qemu process on the host. (CVE-2017-2615)
- An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857)
Red Hat would like to thank Wjjzhang (Tencent.com Inc.) Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Products
- Red Hat Virtualization 3 for RHEL 6 x86_64
Fixes
- BZ - 1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate()
- BZ - 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode
Red Hat Virtualization 3 for RHEL 6
SRPM | |
---|---|
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.6.src.rpm | SHA-256: 00ffef3c111389835a6a93272139b290c2a69b36d01bec80346e9ef1b091ce12 |
x86_64 | |
qemu-img-rhev-0.12.1.2-2.491.el6_8.6.x86_64.rpm | SHA-256: 24acc4cf940067ae0d18b3e60a59941452eb5f48927c30eb05d10f95a8e87998 |
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.6.x86_64.rpm | SHA-256: 667ab2844c6208401a072e08200f43d7a298e5d8d8ed787599bd7f1903b4f962 |
qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.6.x86_64.rpm | SHA-256: b17337280963b6f86e276d42a82da79fd63bff4296509c295b2d4fb0720fcde7 |
qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.6.x86_64.rpm | SHA-256: 824264e20923e2a08caeb15b74e54b4fa86d62a40662a67afcbb277b25967fad |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.