Issued:
2018-05-21
Updated:
2018-05-21

RHSA-2018:1675 - Security Advisory

Synopsis

Important: vdsm security update

Type/Severity

Security Advisory: Important

Topic

An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This is the VDSM side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Virtualization 4.3 x86_64
  • Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

CVEs

References

Red Hat Virtualization 4.3

SRPM
x86_64
vdsm-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: 772f0e2b19031ac0401af748046b2cdda002506dc7c1f7791be5b2a0ce83e103
vdsm-api-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 642283738ef2c7112e3b2c7838376b4b40f667728a6e56c5760f7dc9de529897
vdsm-client-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 469a789f4257eef92ae6a82c32110bf9361e241bca5a8ebd406d539e73df5ef0
vdsm-common-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 664dd2b980026d7953325c5747c9981e45db5787fa136e40d78572576de07789
vdsm-hook-checkips-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: bb992e2ea121922faa6e8df2111506ab16be9e0e5b7ad1d0690705705217ba8a
vdsm-hook-cpuflags-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 218c1dd59fa7d5715ce632529bf50e2a9833e4e758e1edab131f342b2e96a4bc
vdsm-hook-ethtool-options-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 02422a5fe599d5681215a02c5c4ebd0fd0c844cd35a23bc4ee6a5500755eccc6
vdsm-hook-extra-ipv4-addrs-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: 79724c4670fe92953cf24bf8472d0aabb94f04fab4a79914f2672512d379b2a2
vdsm-hook-fcoe-4.20.27.2-1.el7ev.noarch.rpm SHA-256: debafa402bcb9c357cb326f6e370e641613b879083e5c7c3b942961ed0cf60e3
vdsm-hook-localdisk-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 85167b8110b85c9ab0826caf1aacdff00d6d7c66377b6535199b56ebf3fbde4b
vdsm-hook-macspoof-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 341ac0c733295d596c3ed7601bfbe67c8e662fd7c03423d9b2b25b06b6ebeea0
vdsm-hook-nestedvt-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 66eefe7a92ab853564b42cbdc7fb317936ea147ebfeee4ccc9e36da6758a047e
vdsm-hook-openstacknet-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 5010a4aac623229f5fffaa35c00dcf2b9a76fc177d335539ab0ab088af5d6465
vdsm-hook-vfio-mdev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: cf422f52caf96612ed35a102de2f85f2a7c0b76b68b5e2f7f4f5a2360ad8721c
vdsm-hook-vhostmd-4.20.27.2-1.el7ev.noarch.rpm SHA-256: ce2d87505dcfe157a7fbbeb3bf5e90bf90e581f09756a021100fb72b8f31633b
vdsm-hook-vmfex-dev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: d4136b45a5a595e0c8db6d6290462b9d128cd33032fa143c56061af831356894
vdsm-http-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 17f9b7a802b3f61b3759b27dc13fc3641d4751ca67453406aab83d5fe88805b8
vdsm-jsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: baeb34c26d7380030cfed298971376c873c72f1582f504abc94265b9f2b78a40
vdsm-network-4.20.27.2-1.el7ev.x86_64.rpm SHA-256: 2822c304c63a6ce55a62091ef184f0355f2e4875453cbd2a2d86938caf7d800d
vdsm-python-4.20.27.2-1.el7ev.noarch.rpm SHA-256: b615f59cc0eb574bb1e27bf7ea3d6a3eef5cf34705ca68732acb55020c1aaa9f
vdsm-yajsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 1528d35ce6ada8fa95eb30111c344f097084c3084ac8bf4366657dedde318203

Red Hat Virtualization 4 for RHEL 7

SRPM
vdsm-4.20.27.2-1.el7ev.src.rpm SHA-256: b682fc6d93f59b93d6f7ede58ef8a46619a92b4ad4569236091a1d2a10fd223b
x86_64

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
vdsm-4.20.27.2-1.el7ev.src.rpm SHA-256: b682fc6d93f59b93d6f7ede58ef8a46619a92b4ad4569236091a1d2a10fd223b
ppc64le
vdsm-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: d84a8e14d297a7386764be5439deb1d9252d2743896a16b6e463e9204f698de4
vdsm-api-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 642283738ef2c7112e3b2c7838376b4b40f667728a6e56c5760f7dc9de529897
vdsm-client-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 469a789f4257eef92ae6a82c32110bf9361e241bca5a8ebd406d539e73df5ef0
vdsm-common-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 664dd2b980026d7953325c5747c9981e45db5787fa136e40d78572576de07789
vdsm-hook-checkips-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: a31fe4ca9ad94167f1066aaa3bb9da3ee78af162978381bf1468badd570bedcf
vdsm-hook-cpuflags-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 218c1dd59fa7d5715ce632529bf50e2a9833e4e758e1edab131f342b2e96a4bc
vdsm-hook-ethtool-options-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 02422a5fe599d5681215a02c5c4ebd0fd0c844cd35a23bc4ee6a5500755eccc6
vdsm-hook-extra-ipv4-addrs-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: 082bdea31b73e4d5990cac3748df41f636623cfc3a14171b5a8e279776b8c4d8
vdsm-hook-fcoe-4.20.27.2-1.el7ev.noarch.rpm SHA-256: debafa402bcb9c357cb326f6e370e641613b879083e5c7c3b942961ed0cf60e3
vdsm-hook-localdisk-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 85167b8110b85c9ab0826caf1aacdff00d6d7c66377b6535199b56ebf3fbde4b
vdsm-hook-macspoof-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 341ac0c733295d596c3ed7601bfbe67c8e662fd7c03423d9b2b25b06b6ebeea0
vdsm-hook-nestedvt-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 66eefe7a92ab853564b42cbdc7fb317936ea147ebfeee4ccc9e36da6758a047e
vdsm-hook-openstacknet-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 5010a4aac623229f5fffaa35c00dcf2b9a76fc177d335539ab0ab088af5d6465
vdsm-hook-vfio-mdev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: cf422f52caf96612ed35a102de2f85f2a7c0b76b68b5e2f7f4f5a2360ad8721c
vdsm-hook-vhostmd-4.20.27.2-1.el7ev.noarch.rpm SHA-256: ce2d87505dcfe157a7fbbeb3bf5e90bf90e581f09756a021100fb72b8f31633b
vdsm-hook-vmfex-dev-4.20.27.2-1.el7ev.noarch.rpm SHA-256: d4136b45a5a595e0c8db6d6290462b9d128cd33032fa143c56061af831356894
vdsm-http-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 17f9b7a802b3f61b3759b27dc13fc3641d4751ca67453406aab83d5fe88805b8
vdsm-jsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: baeb34c26d7380030cfed298971376c873c72f1582f504abc94265b9f2b78a40
vdsm-network-4.20.27.2-1.el7ev.ppc64le.rpm SHA-256: ba743f7748385fa1070885716e85a115656b8f686d1b6cad59d7982d52a4d316
vdsm-python-4.20.27.2-1.el7ev.noarch.rpm SHA-256: b615f59cc0eb574bb1e27bf7ea3d6a3eef5cf34705ca68732acb55020c1aaa9f
vdsm-yajsonrpc-4.20.27.2-1.el7ev.noarch.rpm SHA-256: 1528d35ce6ada8fa95eb30111c344f097084c3084ac8bf4366657dedde318203

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.