- Issued:
- 2018-05-10
- Updated:
- 2018-05-10
RHSA-2018:1369 - Security Advisory
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
- QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550)
- QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Cyrille Chatras (Orange.com) and CERT-CC (Orange.com) for reporting CVE-2018-7550 and Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858.
Bug Fix(es):
- In certain Red Hat Virtualization (RHV) guest configurations, virtual pass-through devices could not be removed properly. A reference count leak in the QEMU emulator has been removed, and the affected devices are now removed reliably. (BZ#1555213)
- Previously, a raw disk image that was using the "--preallocation=full" option in some cases could not be resized. This problem has been fixed and no longer occurs. (BZ#1566587)
- Due to race conditions in the virtio-blk and virtio-scsi services, the QEMU emulator sometimes terminated unexpectedly when shutting down. The race conditions have been removed, and QEMU now exits gracefully. (BZ#1566586)
- Prior to this update, deleting guest snapshots using the RHV GUI in some cases failed due to an incorrect image-seeking algorithm. This update fixes the underlying code, and guest snapshots in RHV can now be deleted successfully. (BZ#1566369)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Products
- Red Hat Virtualization 4 x86_64
- Red Hat Virtualization for IBM Power LE 4 ppc64le
Fixes
- BZ - 1549798 - CVE-2018-7550 QEMU: i386: multiboot OOB access while loading kernel image
- BZ - 1553402 - CVE-2018-7858 QEMU: cirrus: OOB access when updating VGA display
- BZ - 1555213 - [Q35] "DEVICE_DELETED" event didn't return after delete the second passthrough vf device [rhel-7.5.z]
- BZ - 1566369 - qemu-img commit fails with "block/file-posix.c:1774: find_allocation: Assertion `offs >= start' failed" [rhel-7.5.z]
- BZ - 1566586 - Occurred core dump with multi-object when quitted qemu during doing IO [rhel-7.5.z]
- BZ - 1566587 - Unable to resize image with preallocation=full mode [rhel-7.5.z]
CVEs
References
Red Hat Virtualization 4
| SRPM | |
|---|---|
| qemu-kvm-rhev-2.10.0-21.el7_5.2.src.rpm | SHA-256: 234fe2afcedb33a903081ef15109c80dcde3281c55a874e89a966dd14a56018b |
| x86_64 | |
| qemu-img-rhev-2.10.0-21.el7_5.2.x86_64.rpm | SHA-256: e595db1d47aa26dd2833c96c2f7f1206265f63a00e6b6abece6a15756ce7e857 |
| qemu-kvm-common-rhev-2.10.0-21.el7_5.2.x86_64.rpm | SHA-256: 1e71bec0e4caec86e4c05c4f368b0e1e45ca01e2a2d73346e413028755d10561 |
| qemu-kvm-rhev-2.10.0-21.el7_5.2.x86_64.rpm | SHA-256: e8119684b2ac9040a7a5f92ecdf4ac245fb6cda14421dd1c97a3fe5774a62c3a |
| qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.2.x86_64.rpm | SHA-256: fb4ad634b046630c77c1a5d2e5487c9d5c3179bf76a9a90e42f63263bb884007 |
| qemu-kvm-tools-rhev-2.10.0-21.el7_5.2.x86_64.rpm | SHA-256: 3d17bca9db06d6aae69dcec32e7719cd64f1d732fe34a72ba1232c0131028e1e |
Red Hat Virtualization for IBM Power LE 4
| SRPM | |
|---|---|
| qemu-kvm-rhev-2.10.0-21.el7_5.2.src.rpm | SHA-256: 234fe2afcedb33a903081ef15109c80dcde3281c55a874e89a966dd14a56018b |
| ppc64le | |
| qemu-img-rhev-2.10.0-21.el7_5.2.ppc64le.rpm | SHA-256: d7a8c572b1580afca454432d5a85b58c9593257eda33887730ca133282e90b80 |
| qemu-kvm-common-rhev-2.10.0-21.el7_5.2.ppc64le.rpm | SHA-256: 970a0c9a5d18d4dfc7767980e9b7737daddd0d971c781e3dc454e3297fb8e89a |
| qemu-kvm-rhev-2.10.0-21.el7_5.2.ppc64le.rpm | SHA-256: cfb897d94df43966a95bff50bc1280336837ced287228610ab6c086b021d33df |
| qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.2.ppc64le.rpm | SHA-256: e85ec75be3571d74d7567e9e29ced33b44928b1b159de58044537e5dcfeca849 |
| qemu-kvm-tools-rhev-2.10.0-21.el7_5.2.ppc64le.rpm | SHA-256: a09e0e52467bb582ca9a312a6bc187a2587c818511a0daa60dc8da81cdd79910 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.