- Issued:
- 2016-08-03
- Updated:
- 2016-08-03
RHBA-2016:1556 - Bug Fix Advisory
Synopsis
qemu-kvm-rhev bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization.
Description
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
An out-of-bounds read/write access flaw was found in the way QEMU's VGA
emulation with VESA BIOS Extensions (VBE) support performed read/write
operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Products
- Red Hat Virtualization 3 for RHEL 6 x86_64
Fixes
(none)CVEs
(none)
Red Hat Virtualization 3 for RHEL 6
SRPM | |
---|---|
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.2.src.rpm | SHA-256: 870ac77842846533aa8c1bbc9ff11bd8278a58f4f1a1b1b70de328ac415ca6cb |
x86_64 | |
qemu-img-rhev-0.12.1.2-2.491.el6_8.2.x86_64.rpm | SHA-256: ecd50eab27fe0eac8919ee12ba68ab2199ea92ddda718bb6b91dc13c9395e1bc |
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.2.x86_64.rpm | SHA-256: e80f3108dcfbc373b5be8ad08245b356ef5f57991e448a162777468359f20d9a |
qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.2.x86_64.rpm | SHA-256: b1773eca0ee96c916740a2f56ade2df9ba8f7e05e8468eb17bcd28f39225ac95 |
qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.2.x86_64.rpm | SHA-256: e62284b1fbfd1f21e2454fb335f24de0c3e81e676037b740572f97017f883c40 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.