Red Hat Product Errata RHSA-2021:0346 - Security Advisory
Issued:
2021-02-02
Updated:
2021-02-02

RHSA-2021:0346 - Security Advisory

Synopsis

Moderate: qemu-kvm-ma security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.

Security Fix(es):

  • QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983)
  • QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1829825 - CVE-2020-1983 QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
  • BZ - 1860283 - CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
qemu-kvm-ma-2.12.0-48.el7_9.2.src.rpm SHA-256: e2a586c95dc8adcb1c76006bd6838f4185e1fed7001bb53ebd3acd5a4fddfbd7
s390x
qemu-img-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 314c435a2210f4a1d6e08d9bf11b9b03c10d876c9cbd5b98ab3d44a694e267c2
qemu-kvm-common-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 3f9fa7f90c03c759b774a156753c3bd5e2894adfb6e458e5eed5399188aa80d5
qemu-kvm-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 856eaa3862aed889b06ca28da031f30ce97770911ef5e2b01f50fd6f0523239e
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.s390x.rpm SHA-256: d801fb2671c600edbc14363c82db300665888f26d550b9e7841383afb8df00db
qemu-kvm-tools-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 106f337e5880408da88c4709a87e9a7a40f92bc23fe12336e2892829ce287a61

Red Hat Enterprise Linux for Power, big endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7_9.2.src.rpm SHA-256: e2a586c95dc8adcb1c76006bd6838f4185e1fed7001bb53ebd3acd5a4fddfbd7
ppc64
qemu-img-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: ad0816c675b867d27f99b9892d094e814b9fdc08aa4192afe5edd502b80b1ad8
qemu-kvm-common-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: ad134b7c2c89b229e1f02e379f644a4a44191d5f4f89255ba4b855e9e3494583
qemu-kvm-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: f91198f5d3688f09988955498af435c2ca8c1886a765af24863e51291a6ed6dc
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: 4aef23f5d9b9aab360d1ac87d0eda3cd321bf31a05ab0cfc29d0c67b01d188c6
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: 4aef23f5d9b9aab360d1ac87d0eda3cd321bf31a05ab0cfc29d0c67b01d188c6
qemu-kvm-tools-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: 2e19d562677fc4d24b876b003555729d427c440f237e711deecf5a7c13aafdb3

Red Hat Enterprise Linux for Power, little endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7_9.2.src.rpm SHA-256: e2a586c95dc8adcb1c76006bd6838f4185e1fed7001bb53ebd3acd5a4fddfbd7
ppc64le
qemu-img-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 1a79ba29f7fa033e0c8afde0c926e7c7895622781f678eae483abd1408f4f9dd
qemu-kvm-common-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: eaa188c784f87040f6daf0de8be5bf06e173ce644d72903583941929a747143e
qemu-kvm-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 05f798f2e2e7e75707dfb50eb31eba47b830c12e3df59605985b4b95109f02dc
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 5f58032f7615446d57ab8b645d8cc11b123bbbf40bf4c97e23ae3567fe5fb262
qemu-kvm-tools-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 01662897930ce2818de8b91c6c6ed9455f21de412b1053378121d6a9ca553862

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
qemu-kvm-ma-2.12.0-48.el7_9.2.src.rpm SHA-256: e2a586c95dc8adcb1c76006bd6838f4185e1fed7001bb53ebd3acd5a4fddfbd7
s390x
qemu-img-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 314c435a2210f4a1d6e08d9bf11b9b03c10d876c9cbd5b98ab3d44a694e267c2
qemu-kvm-common-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 3f9fa7f90c03c759b774a156753c3bd5e2894adfb6e458e5eed5399188aa80d5
qemu-kvm-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 856eaa3862aed889b06ca28da031f30ce97770911ef5e2b01f50fd6f0523239e
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.s390x.rpm SHA-256: d801fb2671c600edbc14363c82db300665888f26d550b9e7841383afb8df00db
qemu-kvm-tools-ma-2.12.0-48.el7_9.2.s390x.rpm SHA-256: 106f337e5880408da88c4709a87e9a7a40f92bc23fe12336e2892829ce287a61

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7_9.2.src.rpm SHA-256: e2a586c95dc8adcb1c76006bd6838f4185e1fed7001bb53ebd3acd5a4fddfbd7
ppc64
qemu-img-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: ad0816c675b867d27f99b9892d094e814b9fdc08aa4192afe5edd502b80b1ad8
qemu-kvm-common-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: ad134b7c2c89b229e1f02e379f644a4a44191d5f4f89255ba4b855e9e3494583
qemu-kvm-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: f91198f5d3688f09988955498af435c2ca8c1886a765af24863e51291a6ed6dc
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: 4aef23f5d9b9aab360d1ac87d0eda3cd321bf31a05ab0cfc29d0c67b01d188c6
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: 4aef23f5d9b9aab360d1ac87d0eda3cd321bf31a05ab0cfc29d0c67b01d188c6
qemu-kvm-tools-ma-2.12.0-48.el7_9.2.ppc64.rpm SHA-256: 2e19d562677fc4d24b876b003555729d427c440f237e711deecf5a7c13aafdb3

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
qemu-kvm-ma-2.12.0-48.el7_9.2.src.rpm SHA-256: e2a586c95dc8adcb1c76006bd6838f4185e1fed7001bb53ebd3acd5a4fddfbd7
ppc64le
qemu-img-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 1a79ba29f7fa033e0c8afde0c926e7c7895622781f678eae483abd1408f4f9dd
qemu-kvm-common-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: eaa188c784f87040f6daf0de8be5bf06e173ce644d72903583941929a747143e
qemu-kvm-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 05f798f2e2e7e75707dfb50eb31eba47b830c12e3df59605985b4b95109f02dc
qemu-kvm-ma-debuginfo-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 5f58032f7615446d57ab8b645d8cc11b123bbbf40bf4c97e23ae3567fe5fb262
qemu-kvm-tools-ma-2.12.0-48.el7_9.2.ppc64le.rpm SHA-256: 01662897930ce2818de8b91c6c6ed9455f21de412b1053378121d6a9ca553862

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.