Skip to navigation

Security Advisory Important: qemu-kvm security, bug fix, and enhancement update

Advisory: RHSA-2013:1553-2
Type: Security Advisory
Severity: Important
Issued on: 2013-11-21
Last updated on: 2013-11-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-4344

Details

Updated qemu-kvm packages that fix one security issue, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat
Enterprise Linux kernel. The qemu-kvm packages form the user-space
component for running virtual machines using KVM.

A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT
LUNS" command when more than 256 LUNs were specified for a single SCSI
target. A privileged guest user could use this flaw to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)

This issue was discovered by Asias He of Red Hat.

These updated qemu-kvm packages include numerous bug fixes and various
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. After installing this update, shut down all running virtual
machines. Once all virtual machines have shut down, start them again for
this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.415.el6.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 18b0519155c507896ed21a68f109b58e
SHA-256: 6e724b39e26d0f4f9ae1d52274d25a1087e6c9872ce8b3872ebe16c9a7970b25
 
IA-32:
qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: 8131e95df3268b8de804e1e983044f76
SHA-256: b386a6b3129352f8fbc21cfe5461b4d1ac16d577922479d0c4be56dd7bd06e4d
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: afa1ccab8094ffbd316e7275043258e1
SHA-256: bc87dd3087c8f93aba942ed053b2f99e9bb665d2a39f56493cc9cc7ea4e98497
 
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6aca7e4a8363a894c9b5f596367c9b3b
SHA-256: 195c4e559052279963b9ecee9da53f1e9312739ccaab58e87594d32cc324b879
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b27bc6a5d010c80de0ac4bc3a5358eea
SHA-256: 23452c579cc2d862feb3c417f1bc408994b9a7428eec2cb23a72e6b342e4af28
qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ffe561a3f8eef8c0a3566302d837a8cb
SHA-256: 9d23af444b895cac0a5693933c524a9f9909dd3cc5f106300f60e5c2317b5626
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f3a096e7b8a00fdef76af567d1a58b26
SHA-256: 2109f76339e79773f6763446b5649b62243c428d48d3dcd0ad10d1e8dc94be6b
qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: c450f59480bf79f326560c6d77907421
SHA-256: 4cc933121c550d7ffbbbb8815c497b307160448190d2ec4b45d9003d34f3b37f
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.415.el6.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 18b0519155c507896ed21a68f109b58e
SHA-256: 6e724b39e26d0f4f9ae1d52274d25a1087e6c9872ce8b3872ebe16c9a7970b25
 
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6aca7e4a8363a894c9b5f596367c9b3b
SHA-256: 195c4e559052279963b9ecee9da53f1e9312739ccaab58e87594d32cc324b879
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b27bc6a5d010c80de0ac4bc3a5358eea
SHA-256: 23452c579cc2d862feb3c417f1bc408994b9a7428eec2cb23a72e6b342e4af28
qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ffe561a3f8eef8c0a3566302d837a8cb
SHA-256: 9d23af444b895cac0a5693933c524a9f9909dd3cc5f106300f60e5c2317b5626
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f3a096e7b8a00fdef76af567d1a58b26
SHA-256: 2109f76339e79773f6763446b5649b62243c428d48d3dcd0ad10d1e8dc94be6b
qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: c450f59480bf79f326560c6d77907421
SHA-256: 4cc933121c550d7ffbbbb8815c497b307160448190d2ec4b45d9003d34f3b37f
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.415.el6.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 18b0519155c507896ed21a68f109b58e
SHA-256: 6e724b39e26d0f4f9ae1d52274d25a1087e6c9872ce8b3872ebe16c9a7970b25
 
IA-32:
qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: 8131e95df3268b8de804e1e983044f76
SHA-256: b386a6b3129352f8fbc21cfe5461b4d1ac16d577922479d0c4be56dd7bd06e4d
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: afa1ccab8094ffbd316e7275043258e1
SHA-256: bc87dd3087c8f93aba942ed053b2f99e9bb665d2a39f56493cc9cc7ea4e98497
 
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6aca7e4a8363a894c9b5f596367c9b3b
SHA-256: 195c4e559052279963b9ecee9da53f1e9312739ccaab58e87594d32cc324b879
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b27bc6a5d010c80de0ac4bc3a5358eea
SHA-256: 23452c579cc2d862feb3c417f1bc408994b9a7428eec2cb23a72e6b342e4af28
qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ffe561a3f8eef8c0a3566302d837a8cb
SHA-256: 9d23af444b895cac0a5693933c524a9f9909dd3cc5f106300f60e5c2317b5626
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f3a096e7b8a00fdef76af567d1a58b26
SHA-256: 2109f76339e79773f6763446b5649b62243c428d48d3dcd0ad10d1e8dc94be6b
qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: c450f59480bf79f326560c6d77907421
SHA-256: 4cc933121c550d7ffbbbb8815c497b307160448190d2ec4b45d9003d34f3b37f
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.415.el6.src.rpm
File outdated by:  RHBA-2014:0360
    MD5: 18b0519155c507896ed21a68f109b58e
SHA-256: 6e724b39e26d0f4f9ae1d52274d25a1087e6c9872ce8b3872ebe16c9a7970b25
 
IA-32:
qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: 8131e95df3268b8de804e1e983044f76
SHA-256: b386a6b3129352f8fbc21cfe5461b4d1ac16d577922479d0c4be56dd7bd06e4d
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm
File outdated by:  RHBA-2014:0360
    MD5: afa1ccab8094ffbd316e7275043258e1
SHA-256: bc87dd3087c8f93aba942ed053b2f99e9bb665d2a39f56493cc9cc7ea4e98497
 
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 6aca7e4a8363a894c9b5f596367c9b3b
SHA-256: 195c4e559052279963b9ecee9da53f1e9312739ccaab58e87594d32cc324b879
qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: b27bc6a5d010c80de0ac4bc3a5358eea
SHA-256: 23452c579cc2d862feb3c417f1bc408994b9a7428eec2cb23a72e6b342e4af28
qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ffe561a3f8eef8c0a3566302d837a8cb
SHA-256: 9d23af444b895cac0a5693933c524a9f9909dd3cc5f106300f60e5c2317b5626
qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f3a096e7b8a00fdef76af567d1a58b26
SHA-256: 2109f76339e79773f6763446b5649b62243c428d48d3dcd0ad10d1e8dc94be6b
qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: c450f59480bf79f326560c6d77907421
SHA-256: 4cc933121c550d7ffbbbb8815c497b307160448190d2ec4b45d9003d34f3b37f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1002888 - usb hub doesn't work properly (win2012 sees downstream port #1 only)
1003232 - qemu-kvm core dumped when hot plug virtio-serial and transfer character [TestOnly]
1007224 - Introduce bs->zero_beyond_eof
1007330 - CVE-2013-4344 qemu: buffer overflow in scsi_target_emulate_report_luns
1010610 - Backport option "--output=json|human" to qemu-img info command
1013478 - -device usb-storage,serial=... crashes with SCSI generic drive
1016736 - CPU migration data has version_id 12 but version 11 format
1022821 - live-migration from RHEL6.5 to RHEL6.4.z fails with "error while loading state for instance 0x0 of device 'cpu'"
670162 - [RFE] Removing the backing file using qemu-img re-base
796011 - Prompt error of trigger blkdebug: BLKDBG_CLUSTER_FREE event is not the same as expected
817066 - QEMU should disable VNC password auth when in FIPS 140-2 mode
821741 - (re-)enable SEP flag on CPU models
843797 - qemu-kvm core dumps when virtio-net(w/ tx=timer and vhost=on) RHEL.6(w/ msi-x enabled) guest shutting down
848070 - [RHEL 6.5] Add glusterfs support to qemu
856505 - Missing error message in bdrv_commit to read-only backing file
864378 - qemu-img convert fails with Floating Point Exception with zero length source image
869496 - screendump wont save PPM image file if qemu-kvm booted with '-S'
869586 - core dump happens when quitting qemu via monitor
879096 - qemu should disable hot-unplug usb-ehci controller and give a prompt if not support
882834 - no warning while check the lacked cpuid_7_0_ebx_feature_name flag
884590 - ovs-ifup affect but ovs-ifdown not affect when run a guest with a wrong netdriver(e.g. ... -device virtio-pci-net,...)
886080 - Qemu segmentation fault when resume VM from stop at rebooting process after do some hot-plug/unplug and S3
886878 - atapi: tray statuses (locked and open) are not reset on boot/reboot of guest
888008 - RFE: qemu-img should be able to report the amount of space used by a qcow2 image stored on a block device
888297 - qemu-ga should be enabled right after installation
889135 - core trace/dump if specify the value of physical_block_size/logical_block_size is not multiple of 512 bytes
889255 - Monitor command acl_remove messes up the ACL
890011 - flooding with 'scsi-generic: execute_command: read failed !' error if eject the pass-through SCSI CD-ROM
890265 - change the mac of virtio_net device temporary but will effect forever after reboot guest
892996 - qemu-ga leaks fds to exec()ed processes [TestOnly]
893344 - "info qtree" output for qxl-vga does not match between rhel6.0 host and rhel6.4 host with -M rhel6.0.0
895399 - Fail to boot win7 guest with x-data-plane=on for the system disk
895402 - Fail to install windows guest with 'Setup was unable to create a new system partiotion or locate an existing system partition' error
902688 - incorrect committed_memory if set_process_name=1
903123 - The value of steal time in "top" command always is "0.0% st" after guest migration
903204 - don't boot from un-selected devices (add a boot option 'strict' to qemu)
903454 - kvm guest crash after long stop/cont cycle
905851 - Fail to start guest which contains more than 51 usbs disk with multifunction
907397 - Patch "e1000: no need auto-negotiation if link was down" may break e1000 guest
907716 - use set_link to change rtl8139 and e1000 network card's status but fail to make effectively after reboot guest
909059 - Switch to upstream solution for chardev flow control
914802 - Support backup vendors in qemu to access qcow disk readonly (qemu-img metadata dump)
917860 - Smartcard emulation with Windows guest fails
924165 - qemu-img convert -s is silently ignored
925170 - MSI routing for 1553 card to guest stops working
927336 - QMP event shows incorrect balloon value when balloon size is grater than or equal to 4G
947416 - fail to specify the serial number for usb storage device
952240 - hot-plugging multi-func devices caused: qemu: hardware error: register_ioport_write: invalid opaque
952873 - [RH Engineering 6.5 FEAT] Synchronize qemu guest agent with upstream
953108 - qemu-img man page still mentions host_device
956929 - /usr/libexec/qemu-kvm was killed by signal 6 (SIGABRT) when SCSI inquiry is sent to unsupported page inside the KVM guest
957319 - Guest w/ vhost=on over virtio-net-pci, under hmp, 'set_link $id_of_netdev off', then migrate, migrate failed, src qemu-kvm process core dumped
961850 - RFE: add -spice disable-agent-file-transfer cmdline option
962669 - Windows guest agent service failed to be started
963420 - [RHEL-6.5] Backport support for vhd(x) image format
963773 - scsi-cd: tray statuses (locked and open) are not reset on boot/reboot of guest
970159 - qemu-kvm-rhevm [race]: vm pauses with 'block I/O error in device '': No medium found (123)' when hounplug a disk and cannot be resumed
970516 - Monitor command acl_add can't insert before last list element
972314 - Every upgrade starts 'ksmd' due to broken initscript 'status' function
974617 - qcow2 corruption bug in cluster allocation code
977760 - fail to boot guest attaching with vmdk format data disk(virito/virtio-scsi interface)
977767 - there is wrong backing file specified for making external snapshot with vmdk format disk
981235 - RFE: Request detail migration statistics output for live migration on RHEL6.5
983635 - QMP: bad input crashes QEMU
985205 - QEMU core dumped when do hot-unplug virtio serial port during transfer file between host to guest with virtio serial through TCP socket
985334 - query mem info from monitor would cause qemu-kvm hang [RHEL-6.5]
987025 - enable MSI-X for virtio-scsi
989585 - crash command can not read the dump-guest-memory file when paging=false [RHEL-6]
990225 - [RHEV/RHEL] Integrate dynamic offloads into virtio-net device
990237 - qemu-kvm exits when hotplugging a cpu with --no-acpi
990316 - QMP: possible memory leaks on commands failure
994374 - boot up guest failed, hung in "booting from hard disk"
994804 - qemu-kvm should verify image header fields before opening VMDK
994891 - duplicate chardev reported after chardev-remove
995341 - hot-unplug chardev with pty backend caused qemu Segmentation fault
995530 - dataplane: refuse to start if device is already in use
996814 - boot image with gluster native mode cant work with attach another device from local file system
996829 - qemu-kvm segmentation fault while boot guest from glusterfs with wrong host name
997220 - Race in gluster_finish_aiocb
999358 - do live migration with used VMDK format disk should fail with a friendly message prompt
999779 - Add vpc file format support in qemu-kvm
999788 - qemu should give a more friendly prompt when didn't specify read-only for VMDK format disk


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/