Red Hat Product Errata RHSA-2017:2390 - Security Advisory
Issued:
2017-08-01
Updated:
2017-08-01

RHSA-2017:2390 - Security Advisory

Synopsis

Moderate: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

  • Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS. (CVE-2017-10664)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization 3 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
  • Red Hat Virtualization for IBM Power LE 3 ppc64le

Fixes

  • BZ - 1466190 - CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
  • BZ - 1471076 - unbreak virtio-scsi for vIOMMU
  • BZ - 1473145 - Wrong allocation value after virDomainBlockCopy() (alloc=capacity)

Red Hat Virtualization 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
x86_64
qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 1f1f85944e3214744d46df352b1d6deec5ec7142e1e3c1efc5b343f778e1a2a5
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: d24c4d6543d7e66bcebfb466cfa2f149935a219f14217bfa7a9bd19612b7b9ba
qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 95e5aa98f81b116be2a7741591200fc6e37a129895d5105fb64f42c373bf3a85
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 3539922219401c2bc0b323625b05c3a053a44293ae411765f4a6d111a8e446d4
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 75ba46126459bbcb5e8f6bd7a569c0d380c7bfdc9aa14bd760f0b0e25c319279

Red Hat Virtualization 3 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
x86_64
qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 1f1f85944e3214744d46df352b1d6deec5ec7142e1e3c1efc5b343f778e1a2a5
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: d24c4d6543d7e66bcebfb466cfa2f149935a219f14217bfa7a9bd19612b7b9ba
qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 95e5aa98f81b116be2a7741591200fc6e37a129895d5105fb64f42c373bf3a85
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 3539922219401c2bc0b323625b05c3a053a44293ae411765f4a6d111a8e446d4
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm SHA-256: 75ba46126459bbcb5e8f6bd7a569c0d380c7bfdc9aa14bd760f0b0e25c319279

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 79e3251d2cc6d69747e76f85f46c40410791d62dbad19c9ff40dd6d692d27e4a
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 1efeb40f7ae43bafb6c49eb174430b100d47cfc5bab2abceea33647d47386819
qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 19b716812708c69c5051c9ce77b2092698a75b0a124b64fe821d3d6341e01e69
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 11a7dc780da4905d6c3f7173e8c27b2bff3c8fda70579aaadf8059b6f6ec03d9
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 783e639484b4e0de2da1442c2f3fdc99515739da26360993eedaf94c77f5744f

Red Hat Virtualization for IBM Power LE 3

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm SHA-256: 707ac0e9340a5142a55c9015e4cc1f15ff42300b24d652081da0d0b3e746315d
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 79e3251d2cc6d69747e76f85f46c40410791d62dbad19c9ff40dd6d692d27e4a
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 1efeb40f7ae43bafb6c49eb174430b100d47cfc5bab2abceea33647d47386819
qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 19b716812708c69c5051c9ce77b2092698a75b0a124b64fe821d3d6341e01e69
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 11a7dc780da4905d6c3f7173e8c27b2bff3c8fda70579aaadf8059b6f6ec03d9
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm SHA-256: 783e639484b4e0de2da1442c2f3fdc99515739da26360993eedaf94c77f5744f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.