Red Hat Product Errata RHSA-2018:3062 - Security Advisory
Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3062 - Security Advisory

Synopsis

Low: qemu-kvm-ma security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.

The following packages have been upgraded to a later upstream version: qemu-kvm-ma (2.12.0). (BZ#1562219)

Security Fix(es):

  • Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Daniel Berrange (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1525195 - CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request message in VNC server
  • BZ - 1549079 - Migrate during reboot occasionally hangs in firmware with virtio-scsi:setup:inquiry...
  • BZ - 1553775 - incorrect locking (possible use-after-free) with bug 1481593 fix
  • BZ - 1554650 - [Regression] Cannot delete VM's snapshot
  • BZ - 1572554 - [7.4-Alt] Unable to execute QEMU command 'dump-guest-memory': dump: failed to save memory
  • BZ - 1595715 - Add ppa15/bpb to the default cpu model for z196 and higher in the 7.6 s390-ccw-virtio machine

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
s390x
qemu-img-ma-2.12.0-18.el7.s390x.rpm SHA-256: 589f390f49a8dee2f27a253c4c4a322fb18bdb84a2e170dfa8adc7a41a592a05
qemu-kvm-common-ma-2.12.0-18.el7.s390x.rpm SHA-256: 4335612793251dc2387e8494c8e661303b0834b57dc2bff46acadb1c31488233
qemu-kvm-ma-2.12.0-18.el7.s390x.rpm SHA-256: 03a2f5c3aaf4df18e4101351c04038fc7599a4c7745792c64251308044265258
qemu-kvm-ma-debuginfo-2.12.0-18.el7.s390x.rpm SHA-256: 6595a3d362e23c8ea7b6331773ddda60a6e713c0740be85e5d47da98f7b95a72
qemu-kvm-tools-ma-2.12.0-18.el7.s390x.rpm SHA-256: a8a9ac76e6c77ab488598c61b28d22309f166f58df8eadb334610c9e60e4c42e

Red Hat Enterprise Linux for Power, big endian 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
ppc64
qemu-img-ma-2.12.0-18.el7.ppc64.rpm SHA-256: b03bc6e446af1c4ffe9fd6dad8d0f843a4ec46d052790c9ca80286003a9a72c0
qemu-kvm-common-ma-2.12.0-18.el7.ppc64.rpm SHA-256: 59473e7d0b707374a479fbdb44d75273ec0aeba9a858358bf31edbec2c5b3d9e
qemu-kvm-ma-2.12.0-18.el7.ppc64.rpm SHA-256: b9611258ddcccb31e417532b6de05e1643bde589e61b0f603489d67e1039fd27
qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64.rpm SHA-256: 68bcecb460caca9661332849f93ad67da7757fbda0e1a5a9d4d6f079b095398e
qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64.rpm SHA-256: 68bcecb460caca9661332849f93ad67da7757fbda0e1a5a9d4d6f079b095398e
qemu-kvm-tools-ma-2.12.0-18.el7.ppc64.rpm SHA-256: 2fb9c38de27d288bf6f69b4c28b9a3ed64277ee3e4038fcba2186ff1ba5b54b4

Red Hat Enterprise Linux for Power, little endian 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
ppc64le
qemu-img-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 4ec104612d4cbfa2e4889e4616f0a3a9d8a85269097a26fd55a809f9eceabd22
qemu-kvm-common-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 412bd8b70dc8caa355f5011b09a32674d6b7f35272519bef2332d6592a80a780
qemu-kvm-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 82036b430199e9b7e186c1b85597f54a547e5ff10205593d7d30ccab5f6baf33
qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64le.rpm SHA-256: 38af7478eccfe8bdf4af894eff4dd0affff5605b75903fc251dd3c467c1bf3b2
qemu-kvm-tools-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: adb53d0319e4911a0c75acd734d299f30deaa86ccb0473e829bbd9e365d49421

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
s390x
qemu-img-ma-2.12.0-18.el7.s390x.rpm SHA-256: 589f390f49a8dee2f27a253c4c4a322fb18bdb84a2e170dfa8adc7a41a592a05
qemu-kvm-common-ma-2.12.0-18.el7.s390x.rpm SHA-256: 4335612793251dc2387e8494c8e661303b0834b57dc2bff46acadb1c31488233
qemu-kvm-ma-2.12.0-18.el7.s390x.rpm SHA-256: 03a2f5c3aaf4df18e4101351c04038fc7599a4c7745792c64251308044265258
qemu-kvm-ma-debuginfo-2.12.0-18.el7.s390x.rpm SHA-256: 6595a3d362e23c8ea7b6331773ddda60a6e713c0740be85e5d47da98f7b95a72
qemu-kvm-tools-ma-2.12.0-18.el7.s390x.rpm SHA-256: a8a9ac76e6c77ab488598c61b28d22309f166f58df8eadb334610c9e60e4c42e

Red Hat Enterprise Linux for ARM 64 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
aarch64
qemu-img-ma-2.12.0-18.el7.aarch64.rpm SHA-256: 94a571d6106af08f4bca64a1d5cd3f80dbd140256269de831c4a04306b8c810a
qemu-kvm-common-ma-2.12.0-18.el7.aarch64.rpm SHA-256: b43f1aa633c2ef4aed70e32d50eb74172f0ee9c4249f78caef143f3a8b7f9fa3
qemu-kvm-ma-2.12.0-18.el7.aarch64.rpm SHA-256: 8c3d9d4486fafec69439aad0f8263a63bf0a18cf14dfc799fd0917516c860b36
qemu-kvm-ma-debuginfo-2.12.0-18.el7.aarch64.rpm SHA-256: da7b21760d1bdcd69c3232a04791dc03cd43ed3af11465feb1897cdb0a6d3d1b
qemu-kvm-tools-ma-2.12.0-18.el7.aarch64.rpm SHA-256: cd81b9436462938206263210728c435d9a9f64585883d1b147ae95ac72517886

Red Hat Enterprise Linux for Power 9 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
ppc64le
qemu-img-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 4ec104612d4cbfa2e4889e4616f0a3a9d8a85269097a26fd55a809f9eceabd22
qemu-kvm-common-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 412bd8b70dc8caa355f5011b09a32674d6b7f35272519bef2332d6592a80a780
qemu-kvm-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 82036b430199e9b7e186c1b85597f54a547e5ff10205593d7d30ccab5f6baf33
qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64le.rpm SHA-256: 38af7478eccfe8bdf4af894eff4dd0affff5605b75903fc251dd3c467c1bf3b2
qemu-kvm-tools-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: adb53d0319e4911a0c75acd734d299f30deaa86ccb0473e829bbd9e365d49421

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
s390x
qemu-img-ma-2.12.0-18.el7.s390x.rpm SHA-256: 589f390f49a8dee2f27a253c4c4a322fb18bdb84a2e170dfa8adc7a41a592a05
qemu-kvm-common-ma-2.12.0-18.el7.s390x.rpm SHA-256: 4335612793251dc2387e8494c8e661303b0834b57dc2bff46acadb1c31488233
qemu-kvm-ma-2.12.0-18.el7.s390x.rpm SHA-256: 03a2f5c3aaf4df18e4101351c04038fc7599a4c7745792c64251308044265258
qemu-kvm-ma-debuginfo-2.12.0-18.el7.s390x.rpm SHA-256: 6595a3d362e23c8ea7b6331773ddda60a6e713c0740be85e5d47da98f7b95a72
qemu-kvm-tools-ma-2.12.0-18.el7.s390x.rpm SHA-256: a8a9ac76e6c77ab488598c61b28d22309f166f58df8eadb334610c9e60e4c42e

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
ppc64
qemu-img-ma-2.12.0-18.el7.ppc64.rpm SHA-256: b03bc6e446af1c4ffe9fd6dad8d0f843a4ec46d052790c9ca80286003a9a72c0
qemu-kvm-common-ma-2.12.0-18.el7.ppc64.rpm SHA-256: 59473e7d0b707374a479fbdb44d75273ec0aeba9a858358bf31edbec2c5b3d9e
qemu-kvm-ma-2.12.0-18.el7.ppc64.rpm SHA-256: b9611258ddcccb31e417532b6de05e1643bde589e61b0f603489d67e1039fd27
qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64.rpm SHA-256: 68bcecb460caca9661332849f93ad67da7757fbda0e1a5a9d4d6f079b095398e
qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64.rpm SHA-256: 68bcecb460caca9661332849f93ad67da7757fbda0e1a5a9d4d6f079b095398e
qemu-kvm-tools-ma-2.12.0-18.el7.ppc64.rpm SHA-256: 2fb9c38de27d288bf6f69b4c28b9a3ed64277ee3e4038fcba2186ff1ba5b54b4

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
qemu-kvm-ma-2.12.0-18.el7.src.rpm SHA-256: ef8ac9481cab9ca2c65dfc8b13f9e481f3e8a475459b7b5aebe7c6ca9ab5c497
ppc64le
qemu-img-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 4ec104612d4cbfa2e4889e4616f0a3a9d8a85269097a26fd55a809f9eceabd22
qemu-kvm-common-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 412bd8b70dc8caa355f5011b09a32674d6b7f35272519bef2332d6592a80a780
qemu-kvm-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: 82036b430199e9b7e186c1b85597f54a547e5ff10205593d7d30ccab5f6baf33
qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64le.rpm SHA-256: 38af7478eccfe8bdf4af894eff4dd0affff5605b75903fc251dd3c467c1bf3b2
qemu-kvm-tools-ma-2.12.0-18.el7.ppc64le.rpm SHA-256: adb53d0319e4911a0c75acd734d299f30deaa86ccb0473e829bbd9e365d49421

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.