Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Tower
      • Red Hat Ansible Engine
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat Cloud Infrastructure
      • Red Hat Cloud Suite
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat OpenShift Application Runtimes
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Container-Native Storage
    • JBoss Development and Management
      • Back
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat JBoss Data Grid
      • Red Hat JBoss Web Server
      • Red Hat JBoss Operations Network
      • Red Hat JBoss Developer Studio
    • JBoss Integration and Automation
      • Back
      • Red Hat JBoss Data Virtualization
      • Red Hat JBoss Fuse
      • Red Hat JBoss AMQ
      • Red Hat JBoss BPM Suite
      • Red Hat Decision Manager
      • Red Hat 3scale API Management Platform
    • Mobile
      • Back
      • Red Hat Mobile Application Platform
    • Enterprise-ready containers
    • Search the Red Hat Container Catalog
    • Support
    • Production Support
    • Development Support
    • Product Life Cycle & Update Policies
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem
    • Browse Certified Solutions
    • Partner Resources
  • Tools
    • Back
    • Red Hat Insights
    • Learn More
    • Red Hat Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Troubleshooting
    • Security
    • Additional Tools
    • Red Hat Access plug-ins
    • Red Hat Satellite Certificate Tool
  • Security
    • Back
    • Product Security Center
    • Spectre & Meltdown Detector
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • Newsletter and Contact Preferences
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • Español
    • Deutsch
    • Italiano
    • 한국어
    • Français
    • 日本語
    • Português
    • 中文 (中国)
    • русский
Red Hat Logo Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Tower
      • Red Hat Ansible Engine
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat Cloud Infrastructure
      • Red Hat Cloud Suite
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat OpenShift Application Runtimes
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Container-Native Storage
    • JBoss Development and Management
      • Back
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat JBoss Data Grid
      • Red Hat JBoss Web Server
      • Red Hat JBoss Operations Network
      • Red Hat JBoss Developer Studio
    • JBoss Integration and Automation
      • Back
      • Red Hat JBoss Data Virtualization
      • Red Hat JBoss Fuse
      • Red Hat JBoss AMQ
      • Red Hat JBoss BPM Suite
      • Red Hat Decision Manager
      • Red Hat 3scale API Management Platform
    • Mobile
      • Back
      • Red Hat Mobile Application Platform
    • Enterprise-ready containers
    • Search the Red Hat Container Catalog
    • Support
    • Production Support
    • Development Support
    • Product Life Cycle & Update Policies
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem
    • Browse Certified Solutions
    • Partner Resources
  • Tools
    • Back
    • Red Hat Insights
    • Learn More
    • Red Hat Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Troubleshooting
    • Security
    • Additional Tools
    • Red Hat Access plug-ins
    • Red Hat Satellite Certificate Tool
  • Security
    • Back
    • Product Security Center
    • Spectre & Meltdown Detector
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • Newsletter and Contact Preferences
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • Español
    • Deutsch
    • Italiano
    • 한국어
    • Français
    • 日本語
    • Português
    • 中文 (中国)
    • русский
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Account
  • Language
Troubleshooting an issue? Try Solution Engine—our new support tool.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • Newsletter and Contact Preferences
  • User Management
  • Account Maintenance

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • Español
  • Deutsch
  • Italiano
  • 한국어
  • Français
  • 日本語
  • Português
  • 中文 (中国)
  • русский
Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • JBoss Development and Management

  • JBoss Integration and Automation

  • Mobile

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Tower
  • Red Hat Ansible Engine
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat Cloud Infrastructure
  • Red Hat Cloud Suite
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat OpenShift Application Runtimes
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Container-Native Storage
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat JBoss Data Grid
  • Red Hat JBoss Web Server
  • Red Hat JBoss Operations Network
  • Red Hat JBoss Developer Studio
  • Red Hat JBoss Data Virtualization
  • Red Hat JBoss Fuse
  • Red Hat JBoss AMQ
  • Red Hat JBoss BPM Suite
  • Red Hat Decision Manager
  • Red Hat 3scale API Management Platform
  • Red Hat Mobile Application Platform
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycle & Update Policies

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem
  • Browse Certified Solutions
  • Partner Resources

Enterprise-ready containers

Secure, certified, and up-to-date container images.

Search the Red Hat Container Catalog

Red Hat Customer Portal Labs

To help you use Red Hat products to their full potential, our engineers have developed a powerful set of tools to support your ongoing success.

Explore Labs

  • Configuration
  • Deployment
  • Troubleshooting
  • Security

Additional Tools

  • Red Hat Access plug-ins
  • Red Hat Satellite Certificate Tool

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn More

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Spectre & Meltdown Detector

Go to App

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses for high-priority security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2017:1682 - Security Advisory
Issued:
2017-07-05
Updated:
2017-07-05

RHSA-2017:1682 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: qemu-kvm-rhev security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

  • Quick Emulator (QEMU) built with Network Block Device (NBD) Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server (denial of service). (CVE-2017-9524)

Bug Fix(es):

  • Previously, when the data plane was in use, changing the target image of a virtual SCSI CD device caused the guest to terminate unexpectedly with a core dump. With this update, the virtio-scsi bus rejects SCSI CDs when the data plane is active, which prevents the crash from occurring. Note that this is a temporary solution, and a full fix to make the data plane and SCSI CD compatible will be provided in the future. (BZ#1461837)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Virtualization 4 x86_64
  • Red Hat Virtualization 3 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 ppc64le
  • Red Hat Virtualization for IBM Power LE 3 ppc64le

Fixes

  • BZ - 1460170 - CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation
  • BZ - 1461837 - Core dump when use "data-plane" and execute change cd

CVEs

  • CVE-2017-9524

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.12.src.rpm SHA-256: 97e1480fe6868347354edc6160b804d7cc842c363d4fd4a7746a229d1283b198
x86_64
qemu-img-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: 465c173378c14e81048624f039702159c32ac0ee6323fe00c43d1cd271ec86f9
qemu-kvm-common-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: f2fc578920b3c61fbbaf367d477f8099b82b1c348d406fe1be399ccacdbda5c1
qemu-kvm-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: 4cff9df313bd1c3aa9623fac1665cd4393c4903a9ed3f21930f8d637bfea1702
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: d1c1b76d96d59c3ec5aab342e10a99a056baff3beb9824ee2360b8d14f4d2bbe
qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: 115b5f0f8cdc5f5739625608220402da070db3acf4ebc739b9e5a47e9523c421

Red Hat Virtualization 3 for RHEL 7

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.12.src.rpm SHA-256: 97e1480fe6868347354edc6160b804d7cc842c363d4fd4a7746a229d1283b198
x86_64
qemu-img-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: 465c173378c14e81048624f039702159c32ac0ee6323fe00c43d1cd271ec86f9
qemu-kvm-common-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: f2fc578920b3c61fbbaf367d477f8099b82b1c348d406fe1be399ccacdbda5c1
qemu-kvm-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: 4cff9df313bd1c3aa9623fac1665cd4393c4903a9ed3f21930f8d637bfea1702
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: d1c1b76d96d59c3ec5aab342e10a99a056baff3beb9824ee2360b8d14f4d2bbe
qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.x86_64.rpm SHA-256: 115b5f0f8cdc5f5739625608220402da070db3acf4ebc739b9e5a47e9523c421

Red Hat Virtualization for IBM Power LE 4

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.12.src.rpm SHA-256: 97e1480fe6868347354edc6160b804d7cc842c363d4fd4a7746a229d1283b198
ppc64le
qemu-img-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 5fbfaac577e4a7196bb0604796686a0a089e282cec9ae3e56252505c0bdc97dd
qemu-kvm-common-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: cfcfcfe7e5206d0f71b3b73cf026b7cabbd92047711afcc7a4e089fdb1f0a983
qemu-kvm-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 5469ef9cb955f5f1ca59fa44d5e632d1c5c75e0ea9f4084f6b0b2a31527ea2b0
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 86f4c75e172e179bf94618ab12918efe5a6b9dabecbf48642d3d528af4057a3c
qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 1caaeeb5cf27f2f07a690b77995f94e3a6e7d8897cc696e24e7a42bde8305fc6

Red Hat Virtualization for IBM Power LE 3

SRPM
qemu-kvm-rhev-2.6.0-28.el7_3.12.src.rpm SHA-256: 97e1480fe6868347354edc6160b804d7cc842c363d4fd4a7746a229d1283b198
ppc64le
qemu-img-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 5fbfaac577e4a7196bb0604796686a0a089e282cec9ae3e56252505c0bdc97dd
qemu-kvm-common-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: cfcfcfe7e5206d0f71b3b73cf026b7cabbd92047711afcc7a4e089fdb1f0a983
qemu-kvm-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 5469ef9cb955f5f1ca59fa44d5e632d1c5c75e0ea9f4084f6b0b2a31527ea2b0
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 86f4c75e172e179bf94618ab12918efe5a6b9dabecbf48642d3d528af4057a3c
qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.ppc64le.rpm SHA-256: 1caaeeb5cf27f2f07a690b77995f94e3a6e7d8897cc696e24e7a42bde8305fc6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs

Related Sites

  • RedHat.com
  • JBoss.org
  • OpenShift.com
  • Developers.RedHat.com
  • Red Hat Partner Connect
Red Hat Summit Twitter Facebook Google+
  • Privacy Policy
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Copyright © 2018 Red Hat, Inc.