Skip to navigation

Security Advisory Moderate: qemu-kvm security and bug fix update

Advisory: RHSA-2013:0896-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-06-03
Last updated on: 2013-06-03
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-2007

Details

Updated qemu-kvm packages that fix one security issue and two bugs are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM.

It was found that QEMU Guest Agent (the "qemu-ga" service) created
certain files with world-writable permissions when run in daemon mode
(the default mode). An unprivileged guest user could use this flaw to
consume all free space on the partition containing the qemu-ga log file, or
modify the contents of the log. When a UNIX domain socket transport was
explicitly configured to be used (not the default), an unprivileged guest
user could potentially use this flaw to escalate their privileges in the
guest. This update requires manual action. Refer below for details.
(CVE-2013-2007)

This update does not change the permissions of the existing log file or
the UNIX domain socket. For these to be changed, stop the qemu-ga service,
and then manually remove all "group" and "other" permissions on the
affected files, or remove the files.

Note that after installing this update, files created by the
guest-file-open QEMU Monitor Protocol (QMP) command will still continue to
be created with world-writable permissions for backwards compatibility.

This issue was discovered by Laszlo Ersek of Red Hat.

This update also fixes the following bugs:

* Previously, due to integer overflow in code calculations, the qemu-kvm
utility was reporting incorrect memory size on QMP events when using the
virtio balloon driver with more than 4 GB of memory. This update fixes the
overflow in the code and qemu-kvm works as expected in the described
scenario. (BZ#958750)

* When the set_link flag is set to "off" to change the status of a network
card, the status is changed to "down" on the respective guest. Previously,
with certain network cards, when such a guest was restarted, the status of
the network card was unexpectedly reset to "up", even though the network
was unavailable. A patch has been provided to address this bug and the link
status change is now preserved across restarts for all network cards.
(BZ#927591)

All users of qemu-kvm should upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 65651df930001a18ffd18d2966e949d7
SHA-256: bb5a31ead4d3765eacaecab26e67e220b9dc78e23577f16aacc58e89999108e6
 
IA-32:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: a17d20ede811920db887a13b44485a3b
SHA-256: 5f8d3eb41f50ecf5a12680922b8355fcc59689a77a1175808d81149b83dc0812
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: 19c76d23a505749c75d21db335cb236a
SHA-256: baa0efb6d688db910168686fe9f8cb6f9328595c5d83a5faf6e0f65847411be0
 
x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6ef60e12add5e6b78998df66726d2ccc
SHA-256: 6a1080d38ff7a5b89ae9c324f714113e1d4d391b2ec88d7baacd934ff143aa61
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 9dceb0107cf81f8b235694fccc664ecc
SHA-256: 2cc409abbeb2a11f4913a7b7352510b486f8cf617cbea5c3a4f3b22b676d5fff
qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b800e405a2df5bac771f20ad3c7b3a6b
SHA-256: ac459d07552458393420ba2575214f54df120fb2c669deaa12e636ab2f0857fe
qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: a0ed76a27ca24a7c50e1014e206f03a1
SHA-256: f5f9bd266dd1c46d1c85bb6bd386a5f0cbe3bcc897391a081a8ccb03501afc8b
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 617b544ff181279a8e4fff3c91d33903
SHA-256: d59f635ccd0b2efc5065a0454c78cd67a11b5ffc29682d466bbaef91c088108b
qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 928b083681822aa5e463b63078d20013
SHA-256: bb1810ce529ab3d63d8e47ab889b58e2cded1288130ad7f5e71f940f91f69023
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 65651df930001a18ffd18d2966e949d7
SHA-256: bb5a31ead4d3765eacaecab26e67e220b9dc78e23577f16aacc58e89999108e6
 
x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6ef60e12add5e6b78998df66726d2ccc
SHA-256: 6a1080d38ff7a5b89ae9c324f714113e1d4d391b2ec88d7baacd934ff143aa61
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 9dceb0107cf81f8b235694fccc664ecc
SHA-256: 2cc409abbeb2a11f4913a7b7352510b486f8cf617cbea5c3a4f3b22b676d5fff
qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b800e405a2df5bac771f20ad3c7b3a6b
SHA-256: ac459d07552458393420ba2575214f54df120fb2c669deaa12e636ab2f0857fe
qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: a0ed76a27ca24a7c50e1014e206f03a1
SHA-256: f5f9bd266dd1c46d1c85bb6bd386a5f0cbe3bcc897391a081a8ccb03501afc8b
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 617b544ff181279a8e4fff3c91d33903
SHA-256: d59f635ccd0b2efc5065a0454c78cd67a11b5ffc29682d466bbaef91c088108b
qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 928b083681822aa5e463b63078d20013
SHA-256: bb1810ce529ab3d63d8e47ab889b58e2cded1288130ad7f5e71f940f91f69023
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 65651df930001a18ffd18d2966e949d7
SHA-256: bb5a31ead4d3765eacaecab26e67e220b9dc78e23577f16aacc58e89999108e6
 
IA-32:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: a17d20ede811920db887a13b44485a3b
SHA-256: 5f8d3eb41f50ecf5a12680922b8355fcc59689a77a1175808d81149b83dc0812
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: 19c76d23a505749c75d21db335cb236a
SHA-256: baa0efb6d688db910168686fe9f8cb6f9328595c5d83a5faf6e0f65847411be0
 
x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6ef60e12add5e6b78998df66726d2ccc
SHA-256: 6a1080d38ff7a5b89ae9c324f714113e1d4d391b2ec88d7baacd934ff143aa61
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 9dceb0107cf81f8b235694fccc664ecc
SHA-256: 2cc409abbeb2a11f4913a7b7352510b486f8cf617cbea5c3a4f3b22b676d5fff
qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b800e405a2df5bac771f20ad3c7b3a6b
SHA-256: ac459d07552458393420ba2575214f54df120fb2c669deaa12e636ab2f0857fe
qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: a0ed76a27ca24a7c50e1014e206f03a1
SHA-256: f5f9bd266dd1c46d1c85bb6bd386a5f0cbe3bcc897391a081a8ccb03501afc8b
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 617b544ff181279a8e4fff3c91d33903
SHA-256: d59f635ccd0b2efc5065a0454c78cd67a11b5ffc29682d466bbaef91c088108b
qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 928b083681822aa5e463b63078d20013
SHA-256: bb1810ce529ab3d63d8e47ab889b58e2cded1288130ad7f5e71f940f91f69023
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 65651df930001a18ffd18d2966e949d7
SHA-256: bb5a31ead4d3765eacaecab26e67e220b9dc78e23577f16aacc58e89999108e6
 
x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 6ef60e12add5e6b78998df66726d2ccc
SHA-256: 6a1080d38ff7a5b89ae9c324f714113e1d4d391b2ec88d7baacd934ff143aa61
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 9dceb0107cf81f8b235694fccc664ecc
SHA-256: 2cc409abbeb2a11f4913a7b7352510b486f8cf617cbea5c3a4f3b22b676d5fff
qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: b800e405a2df5bac771f20ad3c7b3a6b
SHA-256: ac459d07552458393420ba2575214f54df120fb2c669deaa12e636ab2f0857fe
qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: a0ed76a27ca24a7c50e1014e206f03a1
SHA-256: f5f9bd266dd1c46d1c85bb6bd386a5f0cbe3bcc897391a081a8ccb03501afc8b
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 617b544ff181279a8e4fff3c91d33903
SHA-256: d59f635ccd0b2efc5065a0454c78cd67a11b5ffc29682d466bbaef91c088108b
qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 928b083681822aa5e463b63078d20013
SHA-256: bb1810ce529ab3d63d8e47ab889b58e2cded1288130ad7f5e71f940f91f69023
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 65651df930001a18ffd18d2966e949d7
SHA-256: bb5a31ead4d3765eacaecab26e67e220b9dc78e23577f16aacc58e89999108e6
 
IA-32:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2013:1401
    MD5: a17d20ede811920db887a13b44485a3b
SHA-256: 5f8d3eb41f50ecf5a12680922b8355fcc59689a77a1175808d81149b83dc0812
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2013:1401
    MD5: 19c76d23a505749c75d21db335cb236a
SHA-256: baa0efb6d688db910168686fe9f8cb6f9328595c5d83a5faf6e0f65847411be0
 
x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 6ef60e12add5e6b78998df66726d2ccc
SHA-256: 6a1080d38ff7a5b89ae9c324f714113e1d4d391b2ec88d7baacd934ff143aa61
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 9dceb0107cf81f8b235694fccc664ecc
SHA-256: 2cc409abbeb2a11f4913a7b7352510b486f8cf617cbea5c3a4f3b22b676d5fff
qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: b800e405a2df5bac771f20ad3c7b3a6b
SHA-256: ac459d07552458393420ba2575214f54df120fb2c669deaa12e636ab2f0857fe
qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: a0ed76a27ca24a7c50e1014e206f03a1
SHA-256: f5f9bd266dd1c46d1c85bb6bd386a5f0cbe3bcc897391a081a8ccb03501afc8b
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 617b544ff181279a8e4fff3c91d33903
SHA-256: d59f635ccd0b2efc5065a0454c78cd67a11b5ffc29682d466bbaef91c088108b
qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 928b083681822aa5e463b63078d20013
SHA-256: bb1810ce529ab3d63d8e47ab889b58e2cded1288130ad7f5e71f940f91f69023
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 65651df930001a18ffd18d2966e949d7
SHA-256: bb5a31ead4d3765eacaecab26e67e220b9dc78e23577f16aacc58e89999108e6
 
IA-32:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: a17d20ede811920db887a13b44485a3b
SHA-256: 5f8d3eb41f50ecf5a12680922b8355fcc59689a77a1175808d81149b83dc0812
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: 19c76d23a505749c75d21db335cb236a
SHA-256: baa0efb6d688db910168686fe9f8cb6f9328595c5d83a5faf6e0f65847411be0
 
x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6ef60e12add5e6b78998df66726d2ccc
SHA-256: 6a1080d38ff7a5b89ae9c324f714113e1d4d391b2ec88d7baacd934ff143aa61
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 9dceb0107cf81f8b235694fccc664ecc
SHA-256: 2cc409abbeb2a11f4913a7b7352510b486f8cf617cbea5c3a4f3b22b676d5fff
qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b800e405a2df5bac771f20ad3c7b3a6b
SHA-256: ac459d07552458393420ba2575214f54df120fb2c669deaa12e636ab2f0857fe
qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: a0ed76a27ca24a7c50e1014e206f03a1
SHA-256: f5f9bd266dd1c46d1c85bb6bd386a5f0cbe3bcc897391a081a8ccb03501afc8b
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2013:1401
    MD5: 617b544ff181279a8e4fff3c91d33903
SHA-256: d59f635ccd0b2efc5065a0454c78cd67a11b5ffc29682d466bbaef91c088108b
qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 928b083681822aa5e463b63078d20013
SHA-256: bb1810ce529ab3d63d8e47ab889b58e2cded1288130ad7f5e71f940f91f69023
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

927591 - use set_link to change rtl8139 and e1000 network card's status but fail to make effectively after reboot guest
956082 - CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/