- Issued:
- 2017-05-09
- Updated:
- 2017-05-09
RHSA-2017:1206 - Security Advisory
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.
Security Fix(es):
- A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-9603)
- An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)
- An out-of-bounds memory access issue was found in QEMU's VNC display driver support. The vulnerability could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user/process inside a guest could use this flaw to crash the QEMU process, resulting in a denial of service. (CVE-2017-2633)
- An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)
Red Hat would like to thank Jiangxin (PSIRT Huawei Inc.) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc.) for reporting CVE-2017-7718.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Fixes
- BZ - 1400438 - CVE-2017-2633 qemu-kvm coredump in vnc_refresh_server_surface [rhel-6.9.z]
- BZ - 1425939 - CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit
- BZ - 1430056 - CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection
- BZ - 1437060 - Fails to build in brew
- BZ - 1443441 - CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
- BZ - 1444371 - CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm | SHA-256: dacec2af67edb1b47919c43694955d9be5cbf978e7aab8f945c11374d4b66a2b |
| x86_64 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: f4d544ee0162b6a878fdb9a8cf74ed317c6ce6896bbadb9daa8cc3b684c6e523 |
| qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 3e98f826b6461d338662975eac25e8e717e5b62d020ff6dd53cd49458621a8de |
| qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 538cef24b18b0dad1539baf408320fa828bff05a3da2e517bdb31fa4beb0dea4 |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: b84150027bf5e7b2cff7a0ffa689ba6975a784c6ef7b539434c0723cf9791f78 |
| qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 5bbcd57fad213722cf4c9578ad2a1b7356fb8757ae7ed0f083fc1afe5dd2d7f3 |
| i386 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.i686.rpm | SHA-256: dc1e5c6e205dfabf8c52390ba14a1db7cb57453afd653ab99778eb4e93cf881a |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.i686.rpm | SHA-256: 613ba7581c4ce85a690dc2b14a772578d4913d7e72009c03763281d0e7bee6d2 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm | SHA-256: dacec2af67edb1b47919c43694955d9be5cbf978e7aab8f945c11374d4b66a2b |
| x86_64 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: f4d544ee0162b6a878fdb9a8cf74ed317c6ce6896bbadb9daa8cc3b684c6e523 |
| qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 3e98f826b6461d338662975eac25e8e717e5b62d020ff6dd53cd49458621a8de |
| qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 538cef24b18b0dad1539baf408320fa828bff05a3da2e517bdb31fa4beb0dea4 |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: b84150027bf5e7b2cff7a0ffa689ba6975a784c6ef7b539434c0723cf9791f78 |
| qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 5bbcd57fad213722cf4c9578ad2a1b7356fb8757ae7ed0f083fc1afe5dd2d7f3 |
| i386 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.i686.rpm | SHA-256: dc1e5c6e205dfabf8c52390ba14a1db7cb57453afd653ab99778eb4e93cf881a |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.i686.rpm | SHA-256: 613ba7581c4ce85a690dc2b14a772578d4913d7e72009c03763281d0e7bee6d2 |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm | SHA-256: dacec2af67edb1b47919c43694955d9be5cbf978e7aab8f945c11374d4b66a2b |
| x86_64 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: f4d544ee0162b6a878fdb9a8cf74ed317c6ce6896bbadb9daa8cc3b684c6e523 |
| qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 3e98f826b6461d338662975eac25e8e717e5b62d020ff6dd53cd49458621a8de |
| qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 538cef24b18b0dad1539baf408320fa828bff05a3da2e517bdb31fa4beb0dea4 |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: b84150027bf5e7b2cff7a0ffa689ba6975a784c6ef7b539434c0723cf9791f78 |
| qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 5bbcd57fad213722cf4c9578ad2a1b7356fb8757ae7ed0f083fc1afe5dd2d7f3 |
| i386 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.i686.rpm | SHA-256: dc1e5c6e205dfabf8c52390ba14a1db7cb57453afd653ab99778eb4e93cf881a |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.i686.rpm | SHA-256: 613ba7581c4ce85a690dc2b14a772578d4913d7e72009c03763281d0e7bee6d2 |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm | SHA-256: dacec2af67edb1b47919c43694955d9be5cbf978e7aab8f945c11374d4b66a2b |
| ppc64 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.ppc64.rpm | SHA-256: eb311d433462eb7c9515cbc631463e5f093e85dcf683aafa93df8428e71ff60d |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.ppc64.rpm | SHA-256: a0e8ae26c9764fe0803f490578bf1abfdc966a07b5759c20d117d63908be7351 |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm | SHA-256: dacec2af67edb1b47919c43694955d9be5cbf978e7aab8f945c11374d4b66a2b |
| x86_64 | |
| qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: f4d544ee0162b6a878fdb9a8cf74ed317c6ce6896bbadb9daa8cc3b684c6e523 |
| qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 3e98f826b6461d338662975eac25e8e717e5b62d020ff6dd53cd49458621a8de |
| qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 538cef24b18b0dad1539baf408320fa828bff05a3da2e517bdb31fa4beb0dea4 |
| qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: b84150027bf5e7b2cff7a0ffa689ba6975a784c6ef7b539434c0723cf9791f78 |
| qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm | SHA-256: 5bbcd57fad213722cf4c9578ad2a1b7356fb8757ae7ed0f083fc1afe5dd2d7f3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.