Red Hat Product Errata RHSA-2017:2390 - Security Advisory

Issued:: 2017-08-01
Updated:: 2017-08-01

RHSA-2017:2390 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Moderate

Topic

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS. (CVE-2017-10664)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

Red Hat Virtualization 4 x86_64
Red Hat Virtualization 3 for RHEL 7 x86_64
Red Hat Virtualization for IBM Power LE 4 ppc64le
Red Hat Virtualization for IBM Power LE 3 ppc64le

Fixes

BZ - 1466190 - CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
BZ - 1471076 - unbreak virtio-scsi for vIOMMU
BZ - 1473145 - Wrong allocation value after virDomainBlockCopy() (alloc=capacity)

CVEs

CVE-2017-10664

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm	SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
x86_64
qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 1f1f85944e3214744d46df352b1d6deec5ec7142e1e3c1efc5b343f778e1a2a5
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: d24c4d6543d7e66bcebfb466cfa2f149935a219f14217bfa7a9bd19612b7b9ba
qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 95e5aa98f81b116be2a7741591200fc6e37a129895d5105fb64f42c373bf3a85
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 3539922219401c2bc0b323625b05c3a053a44293ae411765f4a6d111a8e446d4
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 75ba46126459bbcb5e8f6bd7a569c0d380c7bfdc9aa14bd760f0b0e25c319279

Red Hat Virtualization 3 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm	SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
x86_64
qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 1f1f85944e3214744d46df352b1d6deec5ec7142e1e3c1efc5b343f778e1a2a5
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: d24c4d6543d7e66bcebfb466cfa2f149935a219f14217bfa7a9bd19612b7b9ba
qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 95e5aa98f81b116be2a7741591200fc6e37a129895d5105fb64f42c373bf3a85
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 3539922219401c2bc0b323625b05c3a053a44293ae411765f4a6d111a8e446d4
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm	SHA-256: 75ba46126459bbcb5e8f6bd7a569c0d380c7bfdc9aa14bd760f0b0e25c319279

Red Hat Virtualization for IBM Power LE 4

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm	SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 79e3251d2cc6d69747e76f85f46c40410791d62dbad19c9ff40dd6d692d27e4a
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 1efeb40f7ae43bafb6c49eb174430b100d47cfc5bab2abceea33647d47386819
qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 19b716812708c69c5051c9ce77b2092698a75b0a124b64fe821d3d6341e01e69
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 11a7dc780da4905d6c3f7173e8c27b2bff3c8fda70579aaadf8059b6f6ec03d9
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 783e639484b4e0de2da1442c2f3fdc99515739da26360993eedaf94c77f5744f

Red Hat Virtualization for IBM Power LE 3

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm	SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 79e3251d2cc6d69747e76f85f46c40410791d62dbad19c9ff40dd6d692d27e4a
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 1efeb40f7ae43bafb6c49eb174430b100d47cfc5bab2abceea33647d47386819
qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 19b716812708c69c5051c9ce77b2092698a75b0a124b64fe821d3d6341e01e69
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 11a7dc780da4905d6c3f7173e8c27b2bff3c8fda70579aaadf8059b6f6ec03d9
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm	SHA-256: 783e639484b4e0de2da1442c2f3fdc99515739da26360993eedaf94c77f5744f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories