- Issued:
- 2017-09-05
- Updated:
- 2017-09-05
RHSA-2017:2628 - Security Advisory
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
- An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O co-routine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Products
- Red Hat Virtualization 4 for RHEL 7 x86_64
- Red Hat Virtualization 3 for RHEL 7 x86_64
- Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le
- Red Hat Virtualization for IBM Power LE 3 ppc64le
Fixes
- BZ - 1473622 - CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine
- BZ - 1482515 - [Tracing] capturing trace data failed [rhel-7.4.z]
- BZ - 1482851 - Requires for the seabios version that support vIOMMU of virtio [rhel-7.4.z]
- BZ - 1482856 - Unable to start vhost if iommu_platform=on but intel_iommu=on not specified in guest [rhel-7.4.z]
CVEs
Red Hat Virtualization 4 for RHEL 7
| SRPM | |
|---|---|
| qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm | SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615 |
| x86_64 | |
| qemu-img-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: 1a9f6f6583532f133f1b3e9f3f13d9bb95dc531644622886f8266fcd9a7c6a73 |
| qemu-kvm-common-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: e06b0f46ff5bb8637b0b98db99a5476aa7d88f0e2d5d030105fd0ff5366ad348 |
| qemu-kvm-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: c31368d3f4ddb9a502d0ec8e35aa624c73ff00742080a9c6f973488fa0ac8b40 |
| qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: a0a8a195a6f373b00a7a6f0bbcd090ae1099d67e26976517cdb8a72089adcb9e |
| qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: 5d69363438b7863bf99d1c5e203a8935e3a474637490237a6504a7bf4f681d5f |
Red Hat Virtualization 3 for RHEL 7
| SRPM | |
|---|---|
| qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm | SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615 |
| x86_64 | |
| qemu-img-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: 1a9f6f6583532f133f1b3e9f3f13d9bb95dc531644622886f8266fcd9a7c6a73 |
| qemu-kvm-common-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: e06b0f46ff5bb8637b0b98db99a5476aa7d88f0e2d5d030105fd0ff5366ad348 |
| qemu-kvm-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: c31368d3f4ddb9a502d0ec8e35aa624c73ff00742080a9c6f973488fa0ac8b40 |
| qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: a0a8a195a6f373b00a7a6f0bbcd090ae1099d67e26976517cdb8a72089adcb9e |
| qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.x86_64.rpm | SHA-256: 5d69363438b7863bf99d1c5e203a8935e3a474637490237a6504a7bf4f681d5f |
Red Hat Virtualization for IBM Power LE 4 for RHEL 7
| SRPM | |
|---|---|
| qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm | SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615 |
| ppc64le | |
| qemu-img-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 37041f0534410eeb226b714289543a00666463bb0ce6dceeac965c0689578e73 |
| qemu-kvm-common-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: e58e68fd5609ecc7387273140e3abd91db6935c196212f09ab8934e0a9bff54c |
| qemu-kvm-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 06d60efb52f8eabecc433656dfc5e57afb763023d3fc06dba8c51ed19cf2451a |
| qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 7ace2fdbf27a111d7f882a0c8564f8fc4101b5f90bfedd9d4d850fd136ed2eca |
| qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 769c4853ae7a2a4dc4186e2ddfd84ef41e095b6b1c0b4499c53ba471128dbb99 |
Red Hat Virtualization for IBM Power LE 3
| SRPM | |
|---|---|
| qemu-kvm-rhev-2.9.0-16.el7_4.5.src.rpm | SHA-256: c79fc7227a7c1e480d856c9a6603be041e9aecfe03600ccad23be827061c4615 |
| ppc64le | |
| qemu-img-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 37041f0534410eeb226b714289543a00666463bb0ce6dceeac965c0689578e73 |
| qemu-kvm-common-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: e58e68fd5609ecc7387273140e3abd91db6935c196212f09ab8934e0a9bff54c |
| qemu-kvm-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 06d60efb52f8eabecc433656dfc5e57afb763023d3fc06dba8c51ed19cf2451a |
| qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 7ace2fdbf27a111d7f882a0c8564f8fc4101b5f90bfedd9d4d850fd136ed2eca |
| qemu-kvm-tools-rhev-2.9.0-16.el7_4.5.ppc64le.rpm | SHA-256: 769c4853ae7a2a4dc4186e2ddfd84ef41e095b6b1c0b4499c53ba471128dbb99 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.