Issued:
2020-03-10
Updated:
2020-03-10

RHSA-2020:0775 - Security Advisory

Synopsis

Important: qemu-kvm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

  • QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)
  • QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)
  • QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1734745 - CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly
  • BZ - 1749716 - CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly
  • BZ - 1791551 - CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()

Red Hat Enterprise Linux Server 6

SRPM
qemu-kvm-0.12.1.2-2.506.el6_10.6.src.rpm SHA-256: 2f1472c90f5ba1cd19125de95b6f7e0b198eb76331274774e83ab6b89f49bbca
x86_64
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 590665c7fd47c1861b1993137580a9fc49b846638a78955eeb06a865fa7cc683
qemu-img-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: e68884d8fe63970d6e6828763d78c261350c088622d944efa1802180761103b4
qemu-kvm-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 8b4764935ebf769b5c848fa348879b21454335f344059499f996dc63e207f433
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 5d00a9205f00184559fe592908bde7eb1df1e77f482c43e3e5b35e2a18f5ad8b
qemu-kvm-tools-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 94670756961fce832b615badc47333c79a2d8e1c1e7fa245a4f13b2dbf36981a
i386
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: 5724f6cb765f1606e87d74c2a8d19c66301da943a2a5a386066715038c60d125
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: ce331a675c507d739a1c8c1d1c1efb965c6e63fa8c949dd7155fe2e4974642cb

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
qemu-kvm-0.12.1.2-2.506.el6_10.6.src.rpm SHA-256: 2f1472c90f5ba1cd19125de95b6f7e0b198eb76331274774e83ab6b89f49bbca
x86_64
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 590665c7fd47c1861b1993137580a9fc49b846638a78955eeb06a865fa7cc683
qemu-img-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: e68884d8fe63970d6e6828763d78c261350c088622d944efa1802180761103b4
qemu-kvm-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 8b4764935ebf769b5c848fa348879b21454335f344059499f996dc63e207f433
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 5d00a9205f00184559fe592908bde7eb1df1e77f482c43e3e5b35e2a18f5ad8b
qemu-kvm-tools-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 94670756961fce832b615badc47333c79a2d8e1c1e7fa245a4f13b2dbf36981a
i386
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: 5724f6cb765f1606e87d74c2a8d19c66301da943a2a5a386066715038c60d125
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: ce331a675c507d739a1c8c1d1c1efb965c6e63fa8c949dd7155fe2e4974642cb

Red Hat Enterprise Linux Workstation 6

SRPM
qemu-kvm-0.12.1.2-2.506.el6_10.6.src.rpm SHA-256: 2f1472c90f5ba1cd19125de95b6f7e0b198eb76331274774e83ab6b89f49bbca
x86_64
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 590665c7fd47c1861b1993137580a9fc49b846638a78955eeb06a865fa7cc683
qemu-img-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: e68884d8fe63970d6e6828763d78c261350c088622d944efa1802180761103b4
qemu-kvm-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 8b4764935ebf769b5c848fa348879b21454335f344059499f996dc63e207f433
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 5d00a9205f00184559fe592908bde7eb1df1e77f482c43e3e5b35e2a18f5ad8b
qemu-kvm-tools-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 94670756961fce832b615badc47333c79a2d8e1c1e7fa245a4f13b2dbf36981a
i386
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: 5724f6cb765f1606e87d74c2a8d19c66301da943a2a5a386066715038c60d125
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: ce331a675c507d739a1c8c1d1c1efb965c6e63fa8c949dd7155fe2e4974642cb

Red Hat Enterprise Linux Desktop 6

SRPM
qemu-kvm-0.12.1.2-2.506.el6_10.6.src.rpm SHA-256: 2f1472c90f5ba1cd19125de95b6f7e0b198eb76331274774e83ab6b89f49bbca
x86_64
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 590665c7fd47c1861b1993137580a9fc49b846638a78955eeb06a865fa7cc683
qemu-img-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: e68884d8fe63970d6e6828763d78c261350c088622d944efa1802180761103b4
qemu-kvm-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 8b4764935ebf769b5c848fa348879b21454335f344059499f996dc63e207f433
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 5d00a9205f00184559fe592908bde7eb1df1e77f482c43e3e5b35e2a18f5ad8b
qemu-kvm-tools-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 94670756961fce832b615badc47333c79a2d8e1c1e7fa245a4f13b2dbf36981a
i386
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: 5724f6cb765f1606e87d74c2a8d19c66301da943a2a5a386066715038c60d125
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.i686.rpm SHA-256: ce331a675c507d739a1c8c1d1c1efb965c6e63fa8c949dd7155fe2e4974642cb

Red Hat Enterprise Linux for Power, big endian 6

SRPM
qemu-kvm-0.12.1.2-2.506.el6_10.6.src.rpm SHA-256: 2f1472c90f5ba1cd19125de95b6f7e0b198eb76331274774e83ab6b89f49bbca
ppc64
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.ppc64.rpm SHA-256: 4526f65ac87331493d110c87363d921a801e6bfaf19ed386fec8fcf504bf5da7
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.ppc64.rpm SHA-256: 7c5f28a8a8769686a0d46dcc3107f09bc480d09cadad6d183fda0641571d8671

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
qemu-kvm-0.12.1.2-2.506.el6_10.6.src.rpm SHA-256: 2f1472c90f5ba1cd19125de95b6f7e0b198eb76331274774e83ab6b89f49bbca
x86_64
qemu-guest-agent-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 590665c7fd47c1861b1993137580a9fc49b846638a78955eeb06a865fa7cc683
qemu-img-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: e68884d8fe63970d6e6828763d78c261350c088622d944efa1802180761103b4
qemu-kvm-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 8b4764935ebf769b5c848fa348879b21454335f344059499f996dc63e207f433
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 5d00a9205f00184559fe592908bde7eb1df1e77f482c43e3e5b35e2a18f5ad8b
qemu-kvm-tools-0.12.1.2-2.506.el6_10.6.x86_64.rpm SHA-256: 94670756961fce832b615badc47333c79a2d8e1c1e7fa245a4f13b2dbf36981a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.