Red Hat Product Errata RHSA-2020:0730 - Security Advisory
Issued:
2020-03-05
Updated:
2020-03-05

RHSA-2020:0730 - Security Advisory

Synopsis

Important: qemu-kvm-rhev security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-rhev is now available for Red Hat Virtualization Engine 4.2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

  • hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
  • QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [Intel 7.6.z Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm-rhev (BZ#1730601)
  • qemu-kvm-rhev: backport cpuidle-haltpoll support (BZ#1746281)

Enhancement(s):

  • [Intel 7.7 FEAT] MDS_NO exposure to guest - qemu-kvm-rhev (BZ#1743632)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Virtualization Manager 4.2 x86_64

Fixes

  • BZ - 1746281 - qemu-kvm-rhev: backport cpuidle-haltpoll support [rhel-7.6.z]
  • BZ - 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)
  • BZ - 1794290 - CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server

Red Hat Virtualization Manager 4.2

SRPM
qemu-kvm-rhev-2.12.0-18.el7_6.9.src.rpm SHA-256: 26ba5b3ca9cc94d4a30dc23e8ca5826517a0e07a319d5329478d191c654107f9
x86_64
qemu-img-rhev-2.12.0-18.el7_6.9.x86_64.rpm SHA-256: 03ff77096d0f11ed590cd075e1009af2ccaec0dfdeb2a7c2d70b6e8924c8f2bd
qemu-kvm-common-rhev-2.12.0-18.el7_6.9.x86_64.rpm SHA-256: d8c516a94d83befaa6c6975c3a4da4ea8de1becb82357ee74083f978e9223f05
qemu-kvm-rhev-2.12.0-18.el7_6.9.x86_64.rpm SHA-256: 7d6aab710cd0df0750a0f3afbd2d105814911d60f18ceafbd0e454c088c8b2b7
qemu-kvm-rhev-debuginfo-2.12.0-18.el7_6.9.x86_64.rpm SHA-256: c4197df89e157d01cec18cdf3c1d0b8be0660ff39a0d55ec7c5bfe7c4bc15628
qemu-kvm-tools-rhev-2.12.0-18.el7_6.9.x86_64.rpm SHA-256: 5ed0da65a8127143c8bbe10a051d492da826c64780df4dadcf0933d995b3b0a6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.