Issued:: 2020-06-24
Updated:: 2020-06-24

RHSA-2020:2730 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
13 (Queens).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

Slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)
Slirp: potential OOB access due to unsafe snprintf() usages

(CVE-2020-8608)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack for IBM Power 13 ppc64le
Red Hat OpenStack 13 x86_64

Fixes

BZ - 1791551 - CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
BZ - 1798453 - CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 13

SRPM
qemu-kvm-rhev-2.12.0-44.el7_8.1.src.rpm	SHA-256: 811041d6c09ff245b3a3cc0f86531b01b32976ac0e1d68b68f1c9ea561df36f3
ppc64le
qemu-img-rhev-2.12.0-44.el7_8.1.ppc64le.rpm	SHA-256: 2c3a126fb61d9b0ae6ddfea2568f3ce00c70c67d1fe3edbc217503278cea7246
qemu-kvm-common-rhev-2.12.0-44.el7_8.1.ppc64le.rpm	SHA-256: 326d80f862e5d553db65ff1e48e5ba4a2ee3fb5116969329fe9f050e3e143a6a
qemu-kvm-rhev-2.12.0-44.el7_8.1.ppc64le.rpm	SHA-256: 9ddf7cf4204fd6823afd85d1d4a847a1bda6dd2548d88276a5dfd88e4fd62703
qemu-kvm-rhev-debuginfo-2.12.0-44.el7_8.1.ppc64le.rpm	SHA-256: a4533831f8e68d9dc281e47459e3d09b99c9c54864c480eb776c76ad678fdcb9
qemu-kvm-tools-rhev-2.12.0-44.el7_8.1.ppc64le.rpm	SHA-256: bfe1155368df3d85d9f908a59c49a82798cf041fdb9f5f98c0aaa68390ce320d

Red Hat OpenStack 13

SRPM
qemu-kvm-rhev-2.12.0-44.el7_8.1.src.rpm	SHA-256: 811041d6c09ff245b3a3cc0f86531b01b32976ac0e1d68b68f1c9ea561df36f3
x86_64
qemu-img-rhev-2.12.0-44.el7_8.1.x86_64.rpm	SHA-256: 46529603ec6149847789ae1954079259e0a6e32a2d572ca33cb698079f81612f
qemu-kvm-common-rhev-2.12.0-44.el7_8.1.x86_64.rpm	SHA-256: 934c5f58ddf8871e17cc410db0d2bf365c4286bf3a9c97b8d85a78f5444b0500
qemu-kvm-rhev-2.12.0-44.el7_8.1.x86_64.rpm	SHA-256: a4e0b70912c2c62914d08802ae0eb3bb72afae652b282082c933a7c89d1170ee
qemu-kvm-rhev-debuginfo-2.12.0-44.el7_8.1.x86_64.rpm	SHA-256: b1ebed00326c37b3847988838ee135614e3cc054465d7f0bc5c683b5450257a8
qemu-kvm-tools-rhev-2.12.0-44.el7_8.1.x86_64.rpm	SHA-256: eed8957a0647dfdd4cf293b06f429506e9183d10d1fd969a477beb75963e4f9f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation