Synopsis

Important: kvm security update

Type/Severity

Security Advisory: Important

Topic

An update for kvm is now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for
Linux on x86 hardware. Using KVM, one can run multiple virtual machines running
unmodified Linux or Windows images. Each virtual machine has private virtualized
hardware: a network card, disk, graphics adapter, etc.

Security Fix(es):

• Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is
  vulnerable to an out-of-bounds access issue. It could occur while copying VGA
  data via bitblt copy in backward mode. A privileged user inside a guest could
  use this flaw to crash the QEMU process resulting in DoS or potentially execute
  arbitrary code on the host with privileges of QEMU process on the host.
  (CVE-2017-2615)
  
• Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is
  vulnerable to an out-of-bounds access issue. The issue could occur while copying
  VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use
  this flaw to crash the QEMU process OR potentially execute arbitrary code on
  host with privileges of the QEMU process. (CVE-2017-2620)
  

Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn
Inc.) for reporting CVE-2017-2615.

Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Note: The procedure in the Solution section must be performed before this update
will take effect.

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Workstation 5 x86_64

Fixes

• BZ - 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode
• BZ - 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

CVEs

• CVE-2017-2615
• CVE-2017-2620

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server 5

SRPM
kvm-83-277.el5_11.src.rpm	SHA-256: 293a16161c1b096f2f7af7eac62fe99fe5c384cfd43e0e796301da419d11351b
x86_64
kmod-kvm-83-277.el5_11.x86_64.rpm	SHA-256: 7ebbfc580d852597e6ef9c0aa6cdebc09fb4c65ad4f9c427fd5f0c47ac52ae68
kmod-kvm-debug-83-277.el5_11.x86_64.rpm	SHA-256: caa3be438fd076b56d2152564e6fbe655410985246410cdc1d08ef952ea462b9
kvm-83-277.el5_11.x86_64.rpm	SHA-256: c2689edaa494af92e582d269976a3aec8153e7a4221276ee5aa121fd9aff006d
kvm-debuginfo-83-277.el5_11.x86_64.rpm	SHA-256: 65ba4fc5fde5be1396f21e58af93ecb0b039a6ead907b41cfa66496e8bc42115
kvm-qemu-img-83-277.el5_11.x86_64.rpm	SHA-256: 72f5d27cfe06aeec6e0e36e06016697cdd522b2bcea48b7901ce31141e82b3b4
kvm-tools-83-277.el5_11.x86_64.rpm	SHA-256: 8504d28a318d860811a8bea6f831d6e87a2c1edb66033b38b4b6558c4547d6e2

Red Hat Enterprise Linux Workstation 5

SRPM
kvm-83-277.el5_11.src.rpm	SHA-256: 293a16161c1b096f2f7af7eac62fe99fe5c384cfd43e0e796301da419d11351b
x86_64
kmod-kvm-83-277.el5_11.x86_64.rpm	SHA-256: 7ebbfc580d852597e6ef9c0aa6cdebc09fb4c65ad4f9c427fd5f0c47ac52ae68
kmod-kvm-debug-83-277.el5_11.x86_64.rpm	SHA-256: caa3be438fd076b56d2152564e6fbe655410985246410cdc1d08ef952ea462b9
kvm-83-277.el5_11.x86_64.rpm	SHA-256: c2689edaa494af92e582d269976a3aec8153e7a4221276ee5aa121fd9aff006d
kvm-debuginfo-83-277.el5_11.x86_64.rpm	SHA-256: 65ba4fc5fde5be1396f21e58af93ecb0b039a6ead907b41cfa66496e8bc42115
kvm-qemu-img-83-277.el5_11.x86_64.rpm	SHA-256: 72f5d27cfe06aeec6e0e36e06016697cdd522b2bcea48b7901ce31141e82b3b4
kvm-tools-83-277.el5_11.x86_64.rpm	SHA-256: 8504d28a318d860811a8bea6f831d6e87a2c1edb66033b38b4b6558c4547d6e2