Issued:: 2020-10-05
Updated:: 2020-10-05

RHSA-2020:4176 - Security Advisory

Overview
Updated Packages

Synopsis

Important: qemu-kvm-rhev security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
10 (Newton).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

usb: out-of-bounds r/w access issue while processing usb packets

(CVE-2020-14364)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 10 x86_64

Fixes

BZ - 1869201 - CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets

CVEs

CVE-2020-14364

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 10

SRPM
qemu-kvm-rhev-2.12.0-33.el7_7.12.src.rpm	SHA-256: 80e8e93254871c7cc8db9408dea2f6f23209154f6aa341d5ceea54d9316e8d10
x86_64
qemu-img-rhev-2.12.0-33.el7_7.12.x86_64.rpm	SHA-256: 7eccfa74d20afc56abddb663a58ec18da8056c480a289a5f88e23769ab8638a7
qemu-kvm-common-rhev-2.12.0-33.el7_7.12.x86_64.rpm	SHA-256: 06ca459e1738033fef6b58260540435c1152412e985e863cba2ebd8f18018ea9
qemu-kvm-rhev-2.12.0-33.el7_7.12.x86_64.rpm	SHA-256: 641aab2bd2561c7bf09154b5025c18ddfeed529dca922f1a5bb38e0923f997d3
qemu-kvm-rhev-debuginfo-2.12.0-33.el7_7.12.x86_64.rpm	SHA-256: d0ac23864621f5d88e0254c57704f8a9fe1fcdad3f1854e9e20feb85edfb9dca
qemu-kvm-tools-rhev-2.12.0-33.el7_7.12.x86_64.rpm	SHA-256: 728a3b80840276b7971e20ac89320aa892c5354d018fae78aa7cb62ce0334b1f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest