Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Topic

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

• QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Jskz - Zero Day Initiative (trendmicro.com) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

• Red Hat Virtualization 4.2 x86_64
• Red Hat Virtualization for IBM Power LE 4 for RHEL 7 ppc64le

Fixes

• BZ - 1586245 - CVE-2018-11806 QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams
• BZ - 1619128 - VM doesn't boot from HD [rhel-7.5.z]

CVEs

• CVE-2018-11806

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Virtualization 4.2

SRPM
x86_64
qemu-img-rhev-2.10.0-21.el7_5.7.x86_64.rpm	SHA-256: 5ebc7c4554c0aa03bd6eb3020ab67e6e9bd3f09d00e8a1f282f7a4dcca811714
qemu-kvm-common-rhev-2.10.0-21.el7_5.7.x86_64.rpm	SHA-256: da48ff5c3ec774bd3a39ff7adcd3b7714ed74a4a57178987689984565153199a
qemu-kvm-rhev-2.10.0-21.el7_5.7.x86_64.rpm	SHA-256: 48c3b9e8898dc670a571e9fa06e899eeff2e0b8610363a23bf79add4258ef037
qemu-kvm-tools-rhev-2.10.0-21.el7_5.7.x86_64.rpm	SHA-256: 816fbd6c80b6dca74fafaa252fb89d2333b185c168a03798618daefdf65dc2a7

Red Hat Virtualization 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.10.0-21.el7_5.7.src.rpm	SHA-256: a39e456654ced955c30160d0585b5f66c4f053add2313ed0b65fa92d5b3a39a4
x86_64
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.7.x86_64.rpm	SHA-256: 4c6a628a7d82e46a8502a7e2450bc70d0d98f4a7c7a24c704b85a9bb2391ec59

Red Hat Virtualization for IBM Power LE 4 for RHEL 7

SRPM
qemu-kvm-rhev-2.10.0-21.el7_5.7.src.rpm	SHA-256: a39e456654ced955c30160d0585b5f66c4f053add2313ed0b65fa92d5b3a39a4
ppc64le
qemu-img-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 6c23e1d9c77539b1408c98d69785616f55384e57377936d4a54e67491c018c41
qemu-img-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 6c23e1d9c77539b1408c98d69785616f55384e57377936d4a54e67491c018c41
qemu-kvm-common-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: bd4a533b167132dae946bca7dd5b4b643c937b5dfd25d9da48e6dae15974a79e
qemu-kvm-common-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: bd4a533b167132dae946bca7dd5b4b643c937b5dfd25d9da48e6dae15974a79e
qemu-kvm-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 1456650d19e49e2c41e8f31d508731dff6103c29ebddc0abfe01c0d22f506611
qemu-kvm-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 1456650d19e49e2c41e8f31d508731dff6103c29ebddc0abfe01c0d22f506611
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 5ac612654ff926f3f512a288f78d114162cbe8b8f6ab395663ed21dd0faa5821
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 5ac612654ff926f3f512a288f78d114162cbe8b8f6ab395663ed21dd0faa5821
qemu-kvm-tools-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 747e06e2e495c3291f511c953b20bba26af37b1021dfddff9d17581ee3c88a94
qemu-kvm-tools-rhev-2.10.0-21.el7_5.7.ppc64le.rpm	SHA-256: 747e06e2e495c3291f511c953b20bba26af37b1021dfddff9d17581ee3c88a94