Issued:
2017-09-05
Updated:
2017-09-05

RHSA-2017:2628 - Security Advisory

Synopsis

Moderate: qemu-kvm-rhev security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

  • An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O co-routine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Virtualization 3 for RHEL 7 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
  • Red Hat Virtualization for IBM Power LE 3 ppc64le

Fixes

  • BZ - 1473622 - CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine
  • BZ - 1482515 - [Tracing] capturing trace data failed [rhel-7.4.z]
  • BZ - 1482851 - Requires for the seabios version that support vIOMMU of virtio [rhel-7.4.z]
  • BZ - 1482856 - Unable to start vhost if iommu_platform=on but intel_iommu=on not specified in guest [rhel-7.4.z]

Red Hat Virtualization 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
x86_64
qemu-img-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: 1a9f6f6583532f133f1b3e9f3f13d9bb95dc531644622886f8266fcd9a7c6a73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: e06b0f46ff5bb8637b0b98db99a5476aa7d88f0e2d5d030105fd0ff5366ad348
qemu-kvm-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: c31368d3f4ddb9a502d0ec8e35aa624c73ff00742080a9c6f973488fa0ac8b40
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: a0a8a195a6f373b00a7a6f0bbcd090ae1099d67e26976517cdb8a72089adcb9e
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: 5d69363438b7863bf99d1c5e203a8935e3a474637490237a6504a7bf4f681d5f

Red Hat Virtualization 3 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
x86_64
qemu-img-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: 1a9f6f6583532f133f1b3e9f3f13d9bb95dc531644622886f8266fcd9a7c6a73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: e06b0f46ff5bb8637b0b98db99a5476aa7d88f0e2d5d030105fd0ff5366ad348
qemu-kvm-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: c31368d3f4ddb9a502d0ec8e35aa624c73ff00742080a9c6f973488fa0ac8b40
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: a0a8a195a6f373b00a7a6f0bbcd090ae1099d67e26976517cdb8a72089adcb9e
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.x86_64.rpm SHA-256: 5d69363438b7863bf99d1c5e203a8935e3a474637490237a6504a7bf4f681d5f

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 37041f0534410eeb226b714289543a00666463bb0ce6dceeac965c0689578e73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: e58e68fd5609ecc7387273140e3abd91db6935c196212f09ab8934e0a9bff54c
qemu-kvm-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 06d60efb52f8eabecc433656dfc5e57afb763023d3fc06dba8c51ed19cf2451a
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 7ace2fdbf27a111d7f882a0c8564f8fc4101b5f90bfedd9d4d850fd136ed2eca
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 769c4853ae7a2a4dc4186e2ddfd84ef41e095b6b1c0b4499c53ba471128dbb99

Red Hat Virtualization for IBM Power LE 3

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 37041f0534410eeb226b714289543a00666463bb0ce6dceeac965c0689578e73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: e58e68fd5609ecc7387273140e3abd91db6935c196212f09ab8934e0a9bff54c
qemu-kvm-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 06d60efb52f8eabecc433656dfc5e57afb763023d3fc06dba8c51ed19cf2451a
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 7ace2fdbf27a111d7f882a0c8564f8fc4101b5f90bfedd9d4d850fd136ed2eca
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.ppc64le.rpm SHA-256: 769c4853ae7a2a4dc4186e2ddfd84ef41e095b6b1c0b4499c53ba471128dbb99

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.