Red Hat Product Errata RHSA-2020:3907 - Security Advisory
Issued:
2020-09-29
Updated:
2020-09-29

RHSA-2020:3907 - Security Advisory

Synopsis

Low: qemu-kvm-ma security update

Type/Severity

Security Advisory: Low

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.

Security Fix(es):

  • QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746)
  • QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1615637 - CVE-2018-15746 QEMU: seccomp: blacklist is not applied to all threads
  • BZ - 1810390 - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
qemu-kvm-ma-2.12.0-48.el7.src.rpm SHA-256: 7a70fcac017ea06597e068dfcff7682ab860de37fe663efcd566596d7614423f
s390x
qemu-img-ma-2.12.0-48.el7.s390x.rpm SHA-256: c06e589a0c3f996fcc6c35cf5057907ade0b9075a1e2da70da145825a0ed4e5c
qemu-kvm-common-ma-2.12.0-48.el7.s390x.rpm SHA-256: 5d0e5fb72d1129fe476b13d6fd147c02e065291201d0d79e724398564d0f7083
qemu-kvm-ma-2.12.0-48.el7.s390x.rpm SHA-256: 2f5db7d8112c1ee5025a1a56f905cef36966b3df774d153d42b7e510eaa7ec4b
qemu-kvm-ma-debuginfo-2.12.0-48.el7.s390x.rpm SHA-256: e25e57e1f96062c3b0c3dc2e293cb9c77e1a32627819fa5c360141173b786a59
qemu-kvm-tools-ma-2.12.0-48.el7.s390x.rpm SHA-256: 267d2b2b8205b0187eef9f847d57f52bec97fcc2f3f87d385538c610fd14f317

Red Hat Enterprise Linux for Power, big endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7.src.rpm SHA-256: 7a70fcac017ea06597e068dfcff7682ab860de37fe663efcd566596d7614423f
ppc64
qemu-img-ma-2.12.0-48.el7.ppc64.rpm SHA-256: e1fd6e29b440615c530043cf3224474a91471e0ac569162c43b201fe13c679c1
qemu-kvm-common-ma-2.12.0-48.el7.ppc64.rpm SHA-256: 78ac378b03476d0688813dcaf0736094648fcefeefabfd83c2738c02c5f80e4a
qemu-kvm-ma-2.12.0-48.el7.ppc64.rpm SHA-256: 41d8a0c7bcf4092c5c5981df37978ef9c41c6efa4d3b3bedee4cc391007052fb
qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm SHA-256: b4661789b2b29fe2682f25adf6432d14b321229939383f0aeb686a64307a20d5
qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm SHA-256: b4661789b2b29fe2682f25adf6432d14b321229939383f0aeb686a64307a20d5
qemu-kvm-tools-ma-2.12.0-48.el7.ppc64.rpm SHA-256: 6d5ea6c9f9fee663308545d57f40c1e3045261509fa4129a3bfe52a27cfa5b6b

Red Hat Enterprise Linux for Power, little endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7.src.rpm SHA-256: 7a70fcac017ea06597e068dfcff7682ab860de37fe663efcd566596d7614423f
ppc64le
qemu-img-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: 73443f4235ca6034f56e45f8475dafd0ac4045fddc1818796274f2bb0e2a55aa
qemu-kvm-common-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: e50d56248c823fa85c535a3c69f0171596104d5d9a9b752d8218f676ddb1e903
qemu-kvm-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: 99925cd52a69d8bc6b0b548b4f79d774a39a883e36971a440d9543b1724ead76
qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64le.rpm SHA-256: 64530de043b6905029c56d9811aa0a6a3ba1ceb94bdb663317da4f41f0882123
qemu-kvm-tools-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: be1395662192dc0bc6d10a4cc22df0e84f85a0da43d9233685dba9cd49ab243b

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
qemu-kvm-ma-2.12.0-48.el7.src.rpm SHA-256: 7a70fcac017ea06597e068dfcff7682ab860de37fe663efcd566596d7614423f
s390x
qemu-img-ma-2.12.0-48.el7.s390x.rpm SHA-256: c06e589a0c3f996fcc6c35cf5057907ade0b9075a1e2da70da145825a0ed4e5c
qemu-kvm-common-ma-2.12.0-48.el7.s390x.rpm SHA-256: 5d0e5fb72d1129fe476b13d6fd147c02e065291201d0d79e724398564d0f7083
qemu-kvm-ma-2.12.0-48.el7.s390x.rpm SHA-256: 2f5db7d8112c1ee5025a1a56f905cef36966b3df774d153d42b7e510eaa7ec4b
qemu-kvm-ma-debuginfo-2.12.0-48.el7.s390x.rpm SHA-256: e25e57e1f96062c3b0c3dc2e293cb9c77e1a32627819fa5c360141173b786a59
qemu-kvm-tools-ma-2.12.0-48.el7.s390x.rpm SHA-256: 267d2b2b8205b0187eef9f847d57f52bec97fcc2f3f87d385538c610fd14f317

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7.src.rpm SHA-256: 7a70fcac017ea06597e068dfcff7682ab860de37fe663efcd566596d7614423f
ppc64
qemu-img-ma-2.12.0-48.el7.ppc64.rpm SHA-256: e1fd6e29b440615c530043cf3224474a91471e0ac569162c43b201fe13c679c1
qemu-kvm-common-ma-2.12.0-48.el7.ppc64.rpm SHA-256: 78ac378b03476d0688813dcaf0736094648fcefeefabfd83c2738c02c5f80e4a
qemu-kvm-ma-2.12.0-48.el7.ppc64.rpm SHA-256: 41d8a0c7bcf4092c5c5981df37978ef9c41c6efa4d3b3bedee4cc391007052fb
qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm SHA-256: b4661789b2b29fe2682f25adf6432d14b321229939383f0aeb686a64307a20d5
qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm SHA-256: b4661789b2b29fe2682f25adf6432d14b321229939383f0aeb686a64307a20d5
qemu-kvm-tools-ma-2.12.0-48.el7.ppc64.rpm SHA-256: 6d5ea6c9f9fee663308545d57f40c1e3045261509fa4129a3bfe52a27cfa5b6b

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7.src.rpm SHA-256: 7a70fcac017ea06597e068dfcff7682ab860de37fe663efcd566596d7614423f
ppc64le
qemu-img-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: 73443f4235ca6034f56e45f8475dafd0ac4045fddc1818796274f2bb0e2a55aa
qemu-kvm-common-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: e50d56248c823fa85c535a3c69f0171596104d5d9a9b752d8218f676ddb1e903
qemu-kvm-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: 99925cd52a69d8bc6b0b548b4f79d774a39a883e36971a440d9543b1724ead76
qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64le.rpm SHA-256: 64530de043b6905029c56d9811aa0a6a3ba1ceb94bdb663317da4f41f0882123
qemu-kvm-tools-ma-2.12.0-48.el7.ppc64le.rpm SHA-256: be1395662192dc0bc6d10a4cc22df0e84f85a0da43d9233685dba9cd49ab243b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.