Red Hat Product Errata RHSA-2017:2628 - Security Advisory

Issued:: 2017-09-05
Updated:: 2017-09-05

RHSA-2017:2628 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: qemu-kvm-rhev security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O co-routine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

Red Hat Virtualization 4 for RHEL 7 x86_64
Red Hat Virtualization 3 for RHEL 7 x86_64
Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
Red Hat Virtualization for IBM Power LE 3 ppc64le

Fixes

BZ - 1473622 - CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine
BZ - 1482515 - [Tracing] capturing trace data failed [rhel-7.4.z]
BZ - 1482851 - Requires for the seabios version that support vIOMMU of virtio [rhel-7.4.z]
BZ - 1482856 - Unable to start vhost if iommu_platform=on but intel_iommu=on not specified in guest [rhel-7.4.z]

CVEs

CVE-2017-7539

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm	SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
x86_64
qemu-img-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: 1a9f6f6583532f133f1b3e9f3f13d9bb95dc531644622886f8266fcd9a7c6a73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: e06b0f46ff5bb8637b0b98db99a5476aa7d88f0e2d5d030105fd0ff5366ad348
qemu-kvm-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: c31368d3f4ddb9a502d0ec8e35aa624c73ff00742080a9c6f973488fa0ac8b40
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: a0a8a195a6f373b00a7a6f0bbcd090ae1099d67e26976517cdb8a72089adcb9e
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: 5d69363438b7863bf99d1c5e203a8935e3a474637490237a6504a7bf4f681d5f

Red Hat Virtualization 3 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm	SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
x86_64
qemu-img-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: 1a9f6f6583532f133f1b3e9f3f13d9bb95dc531644622886f8266fcd9a7c6a73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: e06b0f46ff5bb8637b0b98db99a5476aa7d88f0e2d5d030105fd0ff5366ad348
qemu-kvm-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: c31368d3f4ddb9a502d0ec8e35aa624c73ff00742080a9c6f973488fa0ac8b40
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: a0a8a195a6f373b00a7a6f0bbcd090ae1099d67e26976517cdb8a72089adcb9e
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.x86_64.rpm	SHA-256: 5d69363438b7863bf99d1c5e203a8935e3a474637490237a6504a7bf4f681d5f

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm	SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 37041f0534410eeb226b714289543a00666463bb0ce6dceeac965c0689578e73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: e58e68fd5609ecc7387273140e3abd91db6935c196212f09ab8934e0a9bff54c
qemu-kvm-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 06d60efb52f8eabecc433656dfc5e57afb763023d3fc06dba8c51ed19cf2451a
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 7ace2fdbf27a111d7f882a0c8564f8fc4101b5f90bfedd9d4d850fd136ed2eca
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 769c4853ae7a2a4dc4186e2ddfd84ef41e095b6b1c0b4499c53ba471128dbb99

Red Hat Virtualization for IBM Power LE 3

SRPM
qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm	SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615
ppc64le
qemu-img-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 37041f0534410eeb226b714289543a00666463bb0ce6dceeac965c0689578e73
qemu-kvm-common-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: e58e68fd5609ecc7387273140e3abd91db6935c196212f09ab8934e0a9bff54c
qemu-kvm-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 06d60efb52f8eabecc433656dfc5e57afb763023d3fc06dba8c51ed19cf2451a
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 7ace2fdbf27a111d7f882a0c8564f8fc4101b5f90bfedd9d4d850fd136ed2eca
qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.ppc64le.rpm	SHA-256: 769c4853ae7a2a4dc4186e2ddfd84ef41e095b6b1c0b4499c53ba471128dbb99

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories