Red Hat Product Errata RHSA-2021:0347 - Security Advisory
Issued:
2021-02-02
Updated:
2021-02-02

RHSA-2021:0347 - Security Advisory

Synopsis

Moderate: qemu-kvm security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

  • QEMU: loader: OOB access while loading registered ROM may lead to code execution (CVE-2020-13765)
  • QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • qemu-kvm FTBFS on rhel7.9 (BZ#1884997)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64

Fixes

  • BZ - 1842912 - CVE-2020-13765 QEMU: loader: OOB access while loading registered ROM may lead to code execution
  • BZ - 1860283 - CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c
  • BZ - 1884997 - qemu-kvm FTBFS on rhel7.9

Red Hat Enterprise Linux Server 7

SRPM
qemu-kvm-1.5.3-175.el7_9.3.src.rpm SHA-256: 44f67d01b1a879feae35e882019a55143bec73f300f6c6a0ac3d4f889ade0025
x86_64
qemu-img-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 88bf465eaad5d294f61343cd280c91d1c0a2bd79e3e3c14fae180796a38b5022
qemu-kvm-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: db2c5c86eb45748ed099ae5f029d6c83369ff125d01b2bfaf6190aaa2da18918
qemu-kvm-common-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 413545d76d373f0ae91f8354ac020b13b86f224b974b823261d7252c84d35ae3
qemu-kvm-debuginfo-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: efb9a390ea0a5850aed984a5a2212f8d7e5b61dea9635ca0a15af65728d62b92
qemu-kvm-tools-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: f60062fae52748a927b3cbd2c2b64b27f453ab2452dd3c34f8f3e99d4c2ffdd9

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
qemu-kvm-1.5.3-175.el7_9.3.src.rpm SHA-256: 44f67d01b1a879feae35e882019a55143bec73f300f6c6a0ac3d4f889ade0025
x86_64
qemu-img-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 88bf465eaad5d294f61343cd280c91d1c0a2bd79e3e3c14fae180796a38b5022
qemu-kvm-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: db2c5c86eb45748ed099ae5f029d6c83369ff125d01b2bfaf6190aaa2da18918
qemu-kvm-common-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 413545d76d373f0ae91f8354ac020b13b86f224b974b823261d7252c84d35ae3
qemu-kvm-debuginfo-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: efb9a390ea0a5850aed984a5a2212f8d7e5b61dea9635ca0a15af65728d62b92
qemu-kvm-tools-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: f60062fae52748a927b3cbd2c2b64b27f453ab2452dd3c34f8f3e99d4c2ffdd9

Red Hat Enterprise Linux Workstation 7

SRPM
qemu-kvm-1.5.3-175.el7_9.3.src.rpm SHA-256: 44f67d01b1a879feae35e882019a55143bec73f300f6c6a0ac3d4f889ade0025
x86_64
qemu-img-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 88bf465eaad5d294f61343cd280c91d1c0a2bd79e3e3c14fae180796a38b5022
qemu-kvm-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: db2c5c86eb45748ed099ae5f029d6c83369ff125d01b2bfaf6190aaa2da18918
qemu-kvm-common-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 413545d76d373f0ae91f8354ac020b13b86f224b974b823261d7252c84d35ae3
qemu-kvm-debuginfo-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: efb9a390ea0a5850aed984a5a2212f8d7e5b61dea9635ca0a15af65728d62b92
qemu-kvm-tools-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: f60062fae52748a927b3cbd2c2b64b27f453ab2452dd3c34f8f3e99d4c2ffdd9

Red Hat Enterprise Linux Desktop 7

SRPM
qemu-kvm-1.5.3-175.el7_9.3.src.rpm SHA-256: 44f67d01b1a879feae35e882019a55143bec73f300f6c6a0ac3d4f889ade0025
x86_64
qemu-img-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 88bf465eaad5d294f61343cd280c91d1c0a2bd79e3e3c14fae180796a38b5022
qemu-kvm-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: db2c5c86eb45748ed099ae5f029d6c83369ff125d01b2bfaf6190aaa2da18918
qemu-kvm-common-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 413545d76d373f0ae91f8354ac020b13b86f224b974b823261d7252c84d35ae3
qemu-kvm-debuginfo-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: efb9a390ea0a5850aed984a5a2212f8d7e5b61dea9635ca0a15af65728d62b92
qemu-kvm-tools-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: f60062fae52748a927b3cbd2c2b64b27f453ab2452dd3c34f8f3e99d4c2ffdd9

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
qemu-kvm-1.5.3-175.el7_9.3.src.rpm SHA-256: 44f67d01b1a879feae35e882019a55143bec73f300f6c6a0ac3d4f889ade0025
x86_64
qemu-img-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 88bf465eaad5d294f61343cd280c91d1c0a2bd79e3e3c14fae180796a38b5022
qemu-kvm-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: db2c5c86eb45748ed099ae5f029d6c83369ff125d01b2bfaf6190aaa2da18918
qemu-kvm-common-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: 413545d76d373f0ae91f8354ac020b13b86f224b974b823261d7252c84d35ae3
qemu-kvm-debuginfo-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: efb9a390ea0a5850aed984a5a2212f8d7e5b61dea9635ca0a15af65728d62b92
qemu-kvm-tools-1.5.3-175.el7_9.3.x86_64.rpm SHA-256: f60062fae52748a927b3cbd2c2b64b27f453ab2452dd3c34f8f3e99d4c2ffdd9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.