RHSA-2017:2392 - Security Advisory

Topic

An update for qemu-kvm-rhev is now available for RHEV 4.X RHEV-H and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

The following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.9.0). (BZ#1387372, BZ#1387600, BZ#1400962)

Security Fix(es):

• A stack buffer overflow flaw was found in the Quick Emulator (QEMU) built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. (CVE-2017-2630)
• An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898)
• An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020)
• A memory-leak flaw was found in the Quick Emulator(QEMU) built with USB xHCI controller emulation support. The flaw could occur while doing a USB-device unplug operation. Unplugging the device repeatedly resulted in leaking host memory, affecting other services on the host. A privileged user inside the guest could exploit this flaw to cause a denial of service on the host or potentially crash the host's QEMU process instance. (CVE-2016-7466)
• Multiple CVEs(CVE-2016-10155, CVE-2016-4020, CVE-2016-6835, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-2630, CVE-2017-5579, CVE-2017-5898, CVE-2017-5973, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375) were fixed as result of rebase to QEMU version 2.9.0.

Red Hat would like to thank Li Qiang (Qihoo 360 Inc.) for reporting CVE-2016-6835 and CVE-2016-6888; Li Qiang (360.cn Inc.) for reporting CVE-2017-5898, CVE-2016-7466, CVE-2016-10155, CVE-2017-5579, and CVE-2017-5973; Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020; Qinghao Tang (Marvel Team 360.cn Inc.) and Zhenhao Hong (Marvel Team 360.cn Inc.) for reporting CVE-2016-7422; PSIRT (Huawei Inc.) for reporting CVE-2016-8669; Andrew Henderson (Intelligent Automation Inc.) for reporting CVE-2016-8910; Qinghao Tang (Qihoo 360), Li Qiang (Qihoo 360), and Jiangxin (Huawei Inc.) for reporting CVE-2016-9921 and CVE-2016-9922; and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, and CVE-2017-9375.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

• Red Hat Virtualization 4 for RHEL 7 x86_64
• Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le

Fixes

• BZ - 750801 - [RFE] specifying the entire image chain as a qemu drive (blockdev-add) (qemu)
• BZ - 971799 - qemu should not crash when if=scsi although it's unsupportable device
• BZ - 1032873 - block-job-cancel can not cancel current job when drive-mirror to a no enough space libiscsi disk
• BZ - 1038963 - [RFE] qemu can't listen on both IPv6 and IPv4 localhost for VNC
• BZ - 1046612 - qemu should quit with friendly prompt when use usb3.0 stick + uhci controller
• BZ - 1055093 - RFE: usb-host redir: make usb superspeed devices work when redirected to a non superspeed capable vm
• BZ - 1086193 - RFE: Add blockdev-delete QMP command in company with blockdev-add
• BZ - 1159726 - RFE: blockdev-add support for gluster
• BZ - 1159728 - add blockdev-add support with libiscsi backends
• BZ - 1175113 - pci-bridge should behave the same when adding devices from cli or at hotplug time
• BZ - 1179045 - [rfe] qemu should report usb-host hotplug errors
• BZ - 1185172 - The blockcopy command will hang there in the mirror period with the raw disk
• BZ - 1189998 - Active commit does not support on rbd based disk
• BZ - 1193826 - Dump progress only show up when memory-only dump finish
• BZ - 1219541 - virsh migrate --copy-storage-all fails to preserve sparse disk image
• BZ - 1231739 - qmp should give friendly hints when can not use __com.redhat_drive_del to delete device
• BZ - 1248279 - [RFE] Memory hot unplug on powerpc platform - qemu-kvm-rhev
• BZ - 1254422 - [RFE]Add option to specify the initiator for qemu-img to login iscsi target
• BZ - 1256618 - Chardev remains busy after hot remove vhost-user that connected to the chardev.
• BZ - 1262277 - qemu quit when block mirror 2 disk enable data-plane
• BZ - 1262676 - When mirroring to remote NBD disk with granularity =8192 and buf-size=8193, qemu core dump ( on src host)
• BZ - 1264255 - When hot-unplug a device which is doing block-commit, guest and qemu will hang until the commit finished, and call trace appears in guest
• BZ - 1264258 - Guest's time stops with option clock=vm when guest is paused
• BZ - 1271060 - virtio_pci_set_host_notifier_internal: unable to init event notifier: -24
• BZ - 1274567 - HMP doesn't reflect the correct numa topology after hot plugging vCPU
• BZ - 1281407 - Memdev id is not specified when query memdev via QMP
• BZ - 1285928 - linux-aio aborts on io_submit() failure
• BZ - 1291284 - [RFE 7.4] support for virtio-vsock - qemu-kvm-rhev
• BZ - 1293975 - RFE: Operational Blockers for BDS Nodes in QEMU block layer
• BZ - 1295637 - [virtio-win][netkvm][rhel6]win2012 guest bsod with DRIVER_POWER_STATE_FAILURE(9f) when shutdown after netdev_del&device_del while coping files in guest
• BZ - 1299876 - system_reset should clear pending request for error (IDE)
• BZ - 1300768 - RFE: add support for native TLS encryption on migration TCP transport
• BZ - 1300770 - RFE: add support for native TLS encryption on NBD client/server transports
• BZ - 1313686 - CVE-2016-4020 Qemu: i386: leakage of stack memory to guest in kvmvapic.c
• BZ - 1314131 - RHEV for Power: VFIO passthrough of SR-IOV virtual functions
• BZ - 1329145 - qemu-kvm-rhev sometimes gets SIGABRT when do continuous blockcommit operations
• BZ - 1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
• BZ - 1334398 - CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy
• BZ - 1335808 - [RFE] [vIOMMU] Add Support for VFIO devices with vIOMMU present
• BZ - 1340439 - qemu-kvm crashed when set vram64_size_mb to some vaule
• BZ - 1342434 - qemu core dump when starting a guest with more than 54 nested pcie switches
• BZ - 1347172 - 'info block' should not show backing file when reopen block after drive-mirror with 'sync=full'
• BZ - 1352620 - qemu-kvm fail to start in vnc reverse mode
• BZ - 1352769 - QEMU core dumped when query memory devices in hmp after unplugging memdev of nvdimm
• BZ - 1354177 - Booting from a passthrough usb stick fails when using the bootindex property
• BZ - 1357808 - TCG defaults to POWER7 cpu which won't run modern distributions
• BZ - 1360301 - [RFE] allow qemu gfapi log redirection
• BZ - 1361487 - system_reset should clear pending request for error (virtio-blk)
• BZ - 1362084 - qemu core dump when do blockdev-add with option detect-zeroes on
• BZ - 1362729 - [RFE] log hot unplug requests
• BZ - 1363938 - qemu aborted after enter "q" to hmp:virtio-scsi.c:543: virtio_scsi_handle_cmd_req_prepare: Assertion `blk_get_aio_context(d->conf.blk) == s->ctx' failed
• BZ - 1365708 - qemu-kvm gets SIGSEGV when attach a json backing image of ssh protocol
• BZ - 1366919 - extend virtio-net to expose host MTU to guest
• BZ - 1367369 - Both guest and qemu hang after doing block stream when guest rebooting
• BZ - 1367731 - Other operations(snapshot/hot-unplug) to the block are not forbidden after image streaming starts, which cause qemu and guest hang until streaming completes.
• BZ - 1368040 - Qemu-kvm coredump in repeating hotplug/hot remove virtio-gpu device
• BZ - 1368406 - Virtual display of virtio-gpu should behave like qxl device when using rhel7.3 guest
• BZ - 1368422 - Post-copy migration fails with XBZRLE compression
• BZ - 1369012 - CVE-2016-6835 Qemu: net: vmxnet: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation
• BZ - 1369031 - CVE-2016-6888 Qemu: net: vmxnet: integer overflow in packet initialisation
• BZ - 1369641 - Boot guest with 'kernel-irqchip=split', 'intremap=true' and e1000, guest fails to get ip and call trace occurs
• BZ - 1369795 - QMP should prompt more specific information when hotplug more than 32 vfs to guest
• BZ - 1373264 - DEVICE_TRAY_MOVED event is not delivered after migration
• BZ - 1373600 - virtio-balloon stats virtqueue does not migrate properly
• BZ - 1373604 - Enhance live migration post-copy to support file-backed memory (e.g. 2M hugepages)
• BZ - 1373710 - qemu-img: unable to create images via ftp/ftps
• BZ - 1373816 - [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queues=4) in a loop in windows 2012R2 guest
• BZ - 1374237 - Multi monitors of virtio-vga works abnormally on rhel7.3 guest
• BZ - 1375444 - Add fw_cfg device in windows guest in order to make svvp test pass
• BZ - 1375520 - qemu core dump when there is an I/O error on AHCI
• BZ - 1376000 - xhci emulation fixes
• BZ - 1376755 - CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc
• BZ - 1376760 - Backport memory leak fixes from QEMU 2.7
• BZ - 1377063 - Guest numa topology not correct after hot plug-unplug-plug vcpus
• BZ - 1377160 - [RFE] Q35: Implement hotplug for pxb-pcie devices
• BZ - 1377837 - CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug
• BZ - 1378334 - windows guests migration from rhel6.8-z to rhel7.3 with virtio-net-pci fail
• BZ - 1378536 - QEMU runtime modularization of the block layer
• BZ - 1378538 - QEMU: update package summary and description
• BZ - 1378694 - Prevent qemu-img resize from causing "Active L1 table too large"
• BZ - 1378816 - Core dump when use "data-plane" and execute change cd
• BZ - 1379034 - RFE: add 'iSCSI protocol' support of option 'password-secret' to support for securely passing passwords to QEMU block drivers
• BZ - 1379206 - Graphic can't be showed out quickly if guest graphic mode is vnc
• BZ - 1380258 - ppc64le: > 1024GiB of guest RAM will conflict with IO
• BZ - 1381630 - QEMU segfaults when using a lot of pci bridges and USB devices
• BZ - 1383012 - qemu-img command should return non-zero error value on fail
• BZ - 1384124 - cpu flag nonstop_tsc is not present in guest with host-passthrough and feature policy require invtsc
• BZ - 1384909 - CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters
• BZ - 1387372 - Rebase qemu-kvm-rhev for RHEL-7.4
• BZ - 1387600 - Rebase qemu-kvm-rhev to 2.8.0
• BZ - 1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode
• BZ - 1388052 - CVE-2016-8909 Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
• BZ - 1389238 - Re-enable kvm_stat script
• BZ - 1390316 - PCIe: Add Generic PCIe Root Ports
• BZ - 1390734 - ppc64: pseries-rhel7.4.0 machine type
• BZ - 1390737 - RHEL-7.4 new qemu-kvm-rhev machine type (x86)
• BZ - 1390991 - Wrong error message when executing qemu-img commit with wrong arguments while confusing base and top volumes
• BZ - 1391942 - kvmclock: advance clock by time window between vm_stop and pre_save (backport patch)
• BZ - 1392328 - Disable new devices in QEMU 2.8 (x86_64)
• BZ - 1392359 - [abrt] qemu-img: strrchr(): qemu-img killed by SIGSEGV: TAINTED
• BZ - 1393322 - Guest fails boot up with ivshmem-plain and virtio-pci device
• BZ - 1393698 - Correctly set host bits for guests to go beyond 1TB
• BZ - 1394140 - qemu gets SIGSEGV when hot-plug a vhostuser network
• BZ - 1396536 - qemu-kvm-rhev: POWER8 CPU model is listed twice in 'query-cpu-definitions' output
• BZ - 1397697 - Backport remaining kvm_stat patches from the kernel to QEMU
• BZ - 1397870 - qemu fails to recognize gluster URIs in backing chain for block-commit operation
• BZ - 1400059 - block-gluster: use one glfs instance per volume
• BZ - 1400785 - qemu: Remove pxi-expander-bridge (PXB) device for Power
• BZ - 1400962 - Verify configuration coverage for rebased qemu-kvm-rhev
• BZ - 1402222 - Device IOTLB support in qemu
• BZ - 1402265 - CVE-2016-9907 Qemu: usb: redirector: memory leakage when destroying redirector
• BZ - 1402272 - CVE-2016-9911 Qemu: usb: ehci: memory leakage in ehci_init_transfer
• BZ - 1402645 - Required cache.direct=on when set aio=native
• BZ - 1404137 - 'block-job-cancel' can not cancel a "block-stream" job normally
• BZ - 1404303 - RFE: virtio-blk/scsi polling mode (QEMU)
• BZ - 1404673 - [ppc64le]reset vm when do migration, HMP in src host promp "tcmalloc: large alloc 1073872896 bytes..."
• BZ - 1405123 - Opteron_G4 CPU model broken in QEMU 2.6 with RHEL 6 machine type
• BZ - 1406827 - Blacklist TSX feature from specific Intel CPU models
• BZ - 1409973 - [TestOnly] supported Tier2 OS/distros in RHEL7.4
• BZ - 1410284 - [RFE] Allow PCIe devices on pseries guests (qemu part)
• BZ - 1410618 - Flickering Fedora 24 Login Screen on RHEL 7
• BZ - 1410674 - qemu: Remove unnecessary EHCI implementation for Power
• BZ - 1411105 - Windows Server 2008-32 crashes on startup with q35 if cdrom attached
• BZ - 1412327 - RFE: negotiable broadcast SMI for Q35
• BZ - 1412470 - Keyboard hang after migration with kernel-irqchip=split
• BZ - 1412472 - [RFE] VT-d migration
• BZ - 1414694 - Reenable edu device for kvm-unit-tests support
• BZ - 1415199 - CVE-2016-10155 Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb
• BZ - 1415947 - data-plane cause qemu-kvm process hang when do basic Block stream for virtio-scsi
• BZ - 1416157 - CVE-2017-5579 Qemu: serial: host memory leakage 16550A UART emulation
• BZ - 1416681 - PCIe compliance issues
• BZ - 1417840 - Include kvm_stat man page in qemu-kvm-tools package
• BZ - 1418166 - Remove dependencies required by spice on ppc64le
• BZ - 1418575 - Forward port of downstream-only QMP commands is incorrect
• BZ - 1418927 - The lifecycle event for Guest OS Shutdown is not distinguishable from a qemu process that was quit with SIG_TERM
• BZ - 1419466 - Hotplug memory will induce error: kvm run failed Bad address on ppc when boot up with "-mem-path /mnt/hugetlbfs"
• BZ - 1419699 - CVE-2017-5898 Qemu: usb: integer overflow in emulated_apdu_from_guest
• BZ - 1419899 - Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add
• BZ - 1420195 - Migration from RHEL7.4 -> RHEL7.3.z failed with rtl8139 nic card
• BZ - 1420216 - Migration from RHEL7.3.z -> RHEL4 failed with e1000e nic card
• BZ - 1420679 - Guest reboot after migration from RHEL7.2.z -> RHEL7.4
• BZ - 1421626 - CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
• BZ - 1421788 - migration/spice: assert with slot_id 112 too big, addr=7000000000000000
• BZ - 1422415 - CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync
• BZ - 1422846 - Disable replication feature
• BZ - 1425151 - qemu zeroes the first byte of NVDIMM on initialization
• BZ - 1425178 - Remove texi2html build dependancy from RPM
• BZ - 1425273 - [Q35] migration failed after hotplug e1000e device
• BZ - 1425700 - virtio-scsi data plane takes 100% host CPU with polling
• BZ - 1425765 - The guest failed to start with ich6 sound when machine type is rhel6.*.0
• BZ - 1427466 - [RHEV7.4] dump-guest-memory failed due to Python Exception <class 'gdb.error'> Attempt to extract a component of a value that is not a (null).
• BZ - 1428534 - Enhance qemu to present virtual L3 cache info for vcpus
• BZ - 1428810 - 'Segmentation fault (core dumped)' after hot unplug one disk in a throttle group AND do guest system reset
• BZ - 1430620 - TLS encryption migration via exec failed with "TLS handshake failed: The TLS connection was non-properly terminated"
• BZ - 1431224 - Attach lun type disk report error and crash guest
• BZ - 1431939 - The host nodes of memdev is set to 128 default
• BZ - 1432295 - Add gpa2hpa command to qemu hmp
• BZ - 1432382 - Hot-unplug "device_del dimm1" induce qemu-kvm coredump (hotplug at guest boot up stage)
• BZ - 1432588 - Some compat_props properties override -cpu command-line options
• BZ - 1433193 - Guest could not boot up when attached numa nodes with ram on ppc64le
• BZ - 1433921 - Switch from librdmacm-devel to rdma-core-devel
• BZ - 1434666 - "-numa" should not silently accept an invalid parameter ("size")
• BZ - 1434706 - [pci-bridge] Hotplug devices to pci-bridge failed
• BZ - 1434743 - Boot guest failed with error "virtio_scsi_data_plane_handle_ctrl: Assertion `s->ctx && s->dataplane_started' failed"
• BZ - 1434784 - migration: 7.4->7.2 error while loading state for instance 0x0 of device 'apic'
• BZ - 1435086 - Migration is failed from host RHEL7.3.z to host RHEL7.4 with "-machine pseries-rhel7.3.0 -device pci-bridge,id=pci_bridge,bus=pci.0,addr=03,chassis_nr=1"
• BZ - 1435521 - Migration failed with postcopy enabled from rhel7.3.z host to rhel7.4 host "error while loading state for instance 0x0 of device 'pci@800000020000000:05.0/virtio-rng'"
• BZ - 1436562 - [QEMU] scsi-generic: make up opt xfer len if not reported by backend
• BZ - 1436616 - usb-storage device under nec-usb-xhci is unusable after migration
• BZ - 1437310 - The guest os can not boot when set qxl.vram64 >=2G
• BZ - 1437337 - Hotplug cpu cores with invalid nr_threads causes qemu-kvm coredump
• BZ - 1437393 - snapshot created base on the image in https server will hang during booting
• BZ - 1438566 - migration/qxl: Seg fault migrating rhel5&6 at grub
• BZ - 1440619 - Reboot guest will induce error message - KVM: Failed to create TCE table for liobn 0x80000001
• BZ - 1440667 - The guest exit abnormally with data-plane when do "block-job-complete" after do "drive-mirror" in QMP.
• BZ - 1440677 - The guest exit abnormally with data-plane when do "blockdev-snapshot-sync"in QMP.
• BZ - 1441069 - Failed to create image with iscsi protocol
• BZ - 1443029 - Disable new devices in qemu 2.9
• BZ - 1443040 - seabios can't recognize usb 3.0 loader at boot menu
• BZ - 1444003 - USB 3.0 flash drive not accessible on Windows guest
• BZ - 1444326 - Keyboard inputs are buffered when qemu in stop status
• BZ - 1445174 - [RHEV7.4] [guest memory dump]dump-guest-memory QMP command with "detach" param makes qemu-kvm process aborted
• BZ - 1446003 - vnc cannot find a free port to use
• BZ - 1446498 - Guest freeze after live snapshot with data-plane
• BZ - 1447184 - qemu abort when live snapshot for multiple block device simultaneously with transaction and one is to a non-exist path
• BZ - 1447257 - QEMU coredump while doing hexdump test onto virtio serial ports
• BZ - 1447551 - qemu hang when do block_resize guest disk during crystal running
• BZ - 1447581 - [RHEV7.4] [usb-hub] input devices under usb hub don't work on win2016 with xhci
• BZ - 1447590 - qemu curl driver hangs in a particular libguestfs file download
• BZ - 1447592 - vhost-user/reply-ack: Wait for ack even if no request sent (one-time requests)
• BZ - 1447874 - Migration failed from rhel7.2.z->rhel7.4 with "-M rhel7.0.0" and "-device nec-usb-xhci"
• BZ - 1448813 - qemu crash when shutdown guest with '-device intel-iommu' and '-device vfio-pci'
• BZ - 1449031 - qemu core dump when hot-unplug/hot-plug scsi controller in turns
• BZ - 1449037 - Dst qemu quit when migrate guest with hugepage and total memory is not a multiple of pagesize
• BZ - 1449490 - [q35] guest hang after do migration with virtio-scsi-pci.
• BZ - 1449939 - Remove dependency on seavgabios-bin and ipxe-roms-qemu for qemu-kvm-rhev on s390x
• BZ - 1450759 - Creating fallocated image using qemu-img using gfapi fails
• BZ - 1451191 - qemu-img: block/gluster.c:1307: find_allocation: Assertion `offs >= start' failed.
• BZ - 1451483 - QEMU crashes with "-machine none -device intel-iommu"
• BZ - 1451629 - TCP tunnel network: the guest with interface type=client can not start
• BZ - 1451631 - Keyboard does not work after migration
• BZ - 1451849 - qemu-img convert crashes on error
• BZ - 1451862 - IOMMU support in QEMU for Vhost-user backend
• BZ - 1452048 - qemu abort when hot unplug block device during live commit
• BZ - 1452066 - Fix backing image referencing in drive-backup sync=none
• BZ - 1452148 - Op blockers don't work after postcopy migration
• BZ - 1452512 - qemu coredump when add more than 12 usb-storage devices to ehci
• BZ - 1452605 - disable pulseaudio and alsa support
• BZ - 1452620 - CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation
• BZ - 1452702 - qemu-img aborts on empty filenames
• BZ - 1452752 - Some block drivers incorrectly close their associated file
• BZ - 1453169 - qemu aborts if quit during live commit process
• BZ - 1454582 - Qemu crashes when start guest with qcow2 nbd image
• BZ - 1454641 - Windows 10 BSOD when using rhel6.4.0/rhel6.5.0/rhel6.6.0
• BZ - 1455150 - Unable to detach virtio disk from pcie-root-port after migration
• BZ - 1456424 - qemu crash when starting image streaming job fails
• BZ - 1456456 - qemu crashes on job completion during drain
• BZ - 1457088 - rbd/iscsi: json: pseudo-protocol format is incompatible with 7.3
• BZ - 1457740 - [Tracing] compling qemu-kvm failed through systemtap
• BZ - 1458270 - CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug
• BZ - 1458705 - pvdump: QMP reports "GUEST_PANICKED" event but HMP still shows VM running after guest crashed
• BZ - 1458744 - CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep
• BZ - 1458782 - QEMU crashes after hot-unplugging virtio-serial device
• BZ - 1459132 - CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
• BZ - 1461561 - virtio-blk: drain block before cleanup missing
• BZ - 1461827 - QEMU hangs in aio wait when trying to access NBD volume over TLS

CVEs

• CVE-2016-10155
• CVE-2016-4020
• CVE-2016-6835
• CVE-2016-6888
• CVE-2016-7422
• CVE-2016-7466
• CVE-2016-8576
• CVE-2016-8669
• CVE-2016-8909
• CVE-2016-8910
• CVE-2016-9907
• CVE-2016-9911
• CVE-2016-9921
• CVE-2016-9922
• CVE-2017-2630
• CVE-2017-5579
• CVE-2017-5898
• CVE-2017-5973
• CVE-2017-9310
• CVE-2017-9373
• CVE-2017-9374
• CVE-2017-9375

References

• https://access.redhat.com/security/updates/classification/#important