Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Troubleshoot a product issue
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Troubleshoot a product issue
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Or troubleshoot an issue.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycles

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem Catalog
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Troubleshoot a product issue
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2017:0985 - Security Advisory
Issued:
2017-04-18
Updated:
2017-04-18

RHSA-2017:0985 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: qemu-kvm-rhev security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Topic

An update for qemu-kvm-rhev is now available for Red Hat Virtualization Hypervisor 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages provide the user-space component for running virtual machines using KVM in environments managed by Red Hat Virtualization Manager.

Security Fix(es):

  • Quick Emulator (QEMU), built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-9603)

Bug Fix(es):

  • When attempting to use a virtual CPU with the "invtsc" feature, the "nonstop_tsc" flag was not set for the guest. This update adjusts the flag to be migrateable, and "nonstop_tsc" is now properly set when requested. (BZ#1413897)
  • Previously, the QEMU emulator failed to open disk images with backing files stored on a Gluster volume. This update ensures that QEMU is able to handle Gluster disk URIs correctly, and the problem no longer occurs. (BZ#1425125)
  • Prior to this update, creating a new GlusterFS instance in some cases consumed an excessive amount of memory. This update reuses data for existing GlusterFS volumes, which reduces the memory consumption when creating new instances. (BZ#1413044)
  • Under certain circumstances, guest machines previously encountered I/O errors or were paused when a large number of block transfer actions was being performed. With this update, QEMU ensures that the number of block transfers does not exceed the host limit, which prevents the described problem. (BZ#1431149)

Enhancement(s):

  • The QEMU emulator is now able to present virtual L3 cache information to the guest. This improves the performance and stability of tasks and processes that use L3 cache, such as SAP HANA. (BZ#1430802)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization 3 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
  • Red Hat Virtualization for IBM Power LE 3 ppc64le

Fixes

  • BZ - 1413044 - block-gluster: use one glfs instance per volume
  • BZ - 1413897 - cpu flag nonstop_tsc is not present in guest with host-passthrough and feature policy require invtsc
  • BZ - 1425125 - qemu fails to recognize gluster URIs in backing chain for block-commit operation
  • BZ - 1430056 - CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection
  • BZ - 1430802 - Enhance qemu to present virtual L3 cache info for vcpus

CVEs

  • CVE-2016-9603

References

  • https://access.redhat.com/security/updates/classification/#important
  • Note: More recent versions of these packages may be available. Click a package name for more details.

    Red Hat Virtualization 4 for RHEL 7

    SRPM
    qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
    x86_64
    qemu-img-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2ca945b22de39de5c7d7546cd26632cb2930aed95ddab5d8244ee9a4b090f403
    qemu-kvm-common-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2a8e3c5a13008d7bda37c11345fded1583b794ea6edfb29b09375bb0bfd541f5
    qemu-kvm-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 937cf6453957ae26fee902b6cdfd7cc1b01793ada0b55446a2d59723a448fd96
    qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 8ffb80072ccc66f506a40c3ce1dc17f575ca6770c65b03972c88bbb6a05ed003
    qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 65f3f3eb40cf3911a906058a4296eb6cc8d44f9147486bdc867d29895a0ea807

    Red Hat Virtualization 3 for RHEL 7

    SRPM
    qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
    x86_64
    qemu-img-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2ca945b22de39de5c7d7546cd26632cb2930aed95ddab5d8244ee9a4b090f403
    qemu-kvm-common-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2a8e3c5a13008d7bda37c11345fded1583b794ea6edfb29b09375bb0bfd541f5
    qemu-kvm-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 937cf6453957ae26fee902b6cdfd7cc1b01793ada0b55446a2d59723a448fd96
    qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 8ffb80072ccc66f506a40c3ce1dc17f575ca6770c65b03972c88bbb6a05ed003
    qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 65f3f3eb40cf3911a906058a4296eb6cc8d44f9147486bdc867d29895a0ea807

    Red Hat Virtualization for IBM Power LE 4 for RHEL 7

    SRPM
    qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
    ppc64le
    qemu-img-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 525a04dd8ff3ce0c72a060738c9627a9ab44c08055bfaf6c40ede7dc8d60c777
    qemu-kvm-common-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 7811c766f03dd425f390fd0783460a442a55816d2eb6558d9fe0dd0bd6369f84
    qemu-kvm-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: a5cb956568cb855d895cf5db82295855eb077e23578fe475abc91c7d881e2e1e
    qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 6e3df9c25d91bb3522dcbb59328fd75da777741a1d0934d3695d2346f1358cee
    qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 0ab0b2a50c2e675e632d1a8097f3a0416399c5bbc2db9a522230804b8eeca991

    Red Hat Virtualization for IBM Power LE 3

    SRPM
    qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
    ppc64le
    qemu-img-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 525a04dd8ff3ce0c72a060738c9627a9ab44c08055bfaf6c40ede7dc8d60c777
    qemu-kvm-common-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 7811c766f03dd425f390fd0783460a442a55816d2eb6558d9fe0dd0bd6369f84
    qemu-kvm-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: a5cb956568cb855d895cf5db82295855eb077e23578fe475abc91c7d881e2e1e
    qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 6e3df9c25d91bb3522dcbb59328fd75da777741a1d0934d3695d2346f1358cee
    qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 0ab0b2a50c2e675e632d1a8097f3a0416399c5bbc2db9a522230804b8eeca991

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

    Red Hat

    Quick Links

    • Downloads
    • Subscriptions
    • Support Cases
    • Customer Service
    • Product Documentation

    Help

    • Contact Us
    • Customer Portal FAQ
    • Log-in Assistance

    Site Info

    • Trust Red Hat
    • Browser Support Policy
    • Accessibility
    • Awards and Recognition
    • Colophon

    Related Sites

    • redhat.com
    • openshift.com
    • developers.redhat.com
    • connect.redhat.com
    • cloud.redhat.com

    About

    • Red Hat Subscription Value
    • About Red Hat
    • Red Hat Jobs
    Copyright © 2021 Red Hat, Inc.
    • Privacy Statement
    • Customer Portal Terms of Use
    • All Policies and Guidelines
    Red Hat Summit
    Twitter Facebook