Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:0985 - Security Advisory
Issued:
2017-04-18
Updated:
2017-04-18

RHSA-2017:0985 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: qemu-kvm-rhev security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-rhev is now available for Red Hat Virtualization Hypervisor 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages provide the user-space component for running virtual machines using KVM in environments managed by Red Hat Virtualization Manager.

Security Fix(es):

  • Quick Emulator (QEMU), built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-9603)

Bug Fix(es):

  • When attempting to use a virtual CPU with the "invtsc" feature, the "nonstop_tsc" flag was not set for the guest. This update adjusts the flag to be migrateable, and "nonstop_tsc" is now properly set when requested. (BZ#1413897)
  • Previously, the QEMU emulator failed to open disk images with backing files stored on a Gluster volume. This update ensures that QEMU is able to handle Gluster disk URIs correctly, and the problem no longer occurs. (BZ#1425125)
  • Prior to this update, creating a new GlusterFS instance in some cases consumed an excessive amount of memory. This update reuses data for existing GlusterFS volumes, which reduces the memory consumption when creating new instances. (BZ#1413044)
  • Under certain circumstances, guest machines previously encountered I/O errors or were paused when a large number of block transfer actions was being performed. With this update, QEMU ensures that the number of block transfers does not exceed the host limit, which prevents the described problem. (BZ#1431149)

Enhancement(s):

  • The QEMU emulator is now able to present virtual L3 cache information to the guest. This improves the performance and stability of tasks and processes that use L3 cache, such as SAP HANA. (BZ#1430802)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization 3 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
  • Red Hat Virtualization for IBM Power LE 3 ppc64le

Fixes

  • BZ - 1413044 - block-gluster: use one glfs instance per volume
  • BZ - 1413897 - cpu flag nonstop_tsc is not present in guest with host-passthrough and feature policy require invtsc
  • BZ - 1425125 - qemu fails to recognize gluster URIs in backing chain for block-commit operation
  • BZ - 1430056 - CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection
  • BZ - 1430802 - Enhance qemu to present virtual L3 cache info for vcpus

CVEs

  • CVE-2016-9603

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
x86_64
qemu-img-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2ca945b22de39de5c7d7546cd26632cb2930aed95ddab5d8244ee9a4b090f403
qemu-kvm-common-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2a8e3c5a13008d7bda37c11345fded1583b794ea6edfb29b09375bb0bfd541f5
qemu-kvm-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 937cf6453957ae26fee902b6cdfd7cc1b01793ada0b55446a2d59723a448fd96
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 8ffb80072ccc66f506a40c3ce1dc17f575ca6770c65b03972c88bbb6a05ed003
qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 65f3f3eb40cf3911a906058a4296eb6cc8d44f9147486bdc867d29895a0ea807

Red Hat Virtualization 3 for RHEL 7

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
x86_64
qemu-img-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2ca945b22de39de5c7d7546cd26632cb2930aed95ddab5d8244ee9a4b090f403
qemu-kvm-common-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 2a8e3c5a13008d7bda37c11345fded1583b794ea6edfb29b09375bb0bfd541f5
qemu-kvm-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 937cf6453957ae26fee902b6cdfd7cc1b01793ada0b55446a2d59723a448fd96
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 8ffb80072ccc66f506a40c3ce1dc17f575ca6770c65b03972c88bbb6a05ed003
qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.x86_64.rpm SHA-256: 65f3f3eb40cf3911a906058a4296eb6cc8d44f9147486bdc867d29895a0ea807

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
ppc64le
qemu-img-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 525a04dd8ff3ce0c72a060738c9627a9ab44c08055bfaf6c40ede7dc8d60c777
qemu-kvm-common-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 7811c766f03dd425f390fd0783460a442a55816d2eb6558d9fe0dd0bd6369f84
qemu-kvm-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: a5cb956568cb855d895cf5db82295855eb077e23578fe475abc91c7d881e2e1e
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 6e3df9c25d91bb3522dcbb59328fd75da777741a1d0934d3695d2346f1358cee
qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 0ab0b2a50c2e675e632d1a8097f3a0416399c5bbc2db9a522230804b8eeca991

Red Hat Virtualization for IBM Power LE 3

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.9.src.rpm SHA-256: 3674af01637627a31d434247c513c76ec8f65707e1249f675614ef031f9fbb30
ppc64le
qemu-img-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 525a04dd8ff3ce0c72a060738c9627a9ab44c08055bfaf6c40ede7dc8d60c777
qemu-kvm-common-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 7811c766f03dd425f390fd0783460a442a55816d2eb6558d9fe0dd0bd6369f84
qemu-kvm-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: a5cb956568cb855d895cf5db82295855eb077e23578fe475abc91c7d881e2e1e
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 6e3df9c25d91bb3522dcbb59328fd75da777741a1d0934d3695d2346f1358cee
qemu-kvm-tools-rhev-2.6.0-28.el7_3.9.ppc64le.rpm SHA-256: 0ab0b2a50c2e675e632d1a8097f3a0416399c5bbc2db9a522230804b8eeca991

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility