Security Advisory Moderate: qemu-kvm security update

Advisory: RHSA-2015:1833-1
Type: Security Advisory
Severity: Moderate
Issued on: 2015-09-22
Last updated on: 2015-09-22
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.7.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2015-5165

Details

Updated qemu-kvm packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.

An information leak flaw was found in the way QEMU's RTL8139 emulation
implementation processed network packets under RTL8139 controller's C+ mode
of operation. An unprivileged guest user could use this flaw to read up to
65 KB of uninitialized QEMU heap memory. (CVE-2015-5165)

Red Hat would like to thank the Xen project for reporting this issue.
Upstream acknowledges Donghai Zhu of Alibaba as the original reporter.

All qemu-kvm users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.1.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 9903bbac38e6d55a8220a5d7fe8b28f7
SHA-256: 65b66bee37fce93e54c8d187e13a943fb962d52f3050bee62b6098bf88edf9e3
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: a38d411b8fbc02790191c108e7212c02
SHA-256: d0d435013978a04bad88ba0cf60ff8b28e843e658d51fc224cd3eacdb557bb6b
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: 4bc85e0dcf9cb67d0c6b39b33ca2f9f6
SHA-256: 6d38b371ab22d5e0c7ca6d540f903732e05cdd440db158f75b133b409adae864
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 08950d56c3c370768e2d2606a534a513
SHA-256: f111b0e8d9610c7051c653141021aee58fb6328aeebec212cbb3d34531a8ccbe
qemu-img-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 073f549d8150446b21ad23500f11814e
SHA-256: 646e42f8f71140918c0a28ab0012874c735f361aa801055570afa7e94abe2057
qemu-kvm-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 2e9edd2157f9f94a123f6d1d3a1e7670
SHA-256: 27a84de98d7bf394717f8a34a59e0f201da8833616ab42ca033dad39322a8c78
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: bc48a37b676fbb6e212d6f7218dd3d9e
SHA-256: 08110a29adeab09a205bc1aab0c98423b211ad8170d22ade64354edcfa1e6316
qemu-kvm-tools-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: e76c35485db00971021d3229c2f1752c
SHA-256: a37291a863661480f64e4421c1b0c5ee0aaebd711380780f6335f0d98f6744bf
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.1.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 9903bbac38e6d55a8220a5d7fe8b28f7
SHA-256: 65b66bee37fce93e54c8d187e13a943fb962d52f3050bee62b6098bf88edf9e3
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 08950d56c3c370768e2d2606a534a513
SHA-256: f111b0e8d9610c7051c653141021aee58fb6328aeebec212cbb3d34531a8ccbe
qemu-img-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 073f549d8150446b21ad23500f11814e
SHA-256: 646e42f8f71140918c0a28ab0012874c735f361aa801055570afa7e94abe2057
qemu-kvm-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 2e9edd2157f9f94a123f6d1d3a1e7670
SHA-256: 27a84de98d7bf394717f8a34a59e0f201da8833616ab42ca033dad39322a8c78
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: bc48a37b676fbb6e212d6f7218dd3d9e
SHA-256: 08110a29adeab09a205bc1aab0c98423b211ad8170d22ade64354edcfa1e6316
qemu-kvm-tools-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: e76c35485db00971021d3229c2f1752c
SHA-256: a37291a863661480f64e4421c1b0c5ee0aaebd711380780f6335f0d98f6744bf
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.1.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 9903bbac38e6d55a8220a5d7fe8b28f7
SHA-256: 65b66bee37fce93e54c8d187e13a943fb962d52f3050bee62b6098bf88edf9e3
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: a38d411b8fbc02790191c108e7212c02
SHA-256: d0d435013978a04bad88ba0cf60ff8b28e843e658d51fc224cd3eacdb557bb6b
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: 4bc85e0dcf9cb67d0c6b39b33ca2f9f6
SHA-256: 6d38b371ab22d5e0c7ca6d540f903732e05cdd440db158f75b133b409adae864
 
PPC:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.ppc64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 5d8e82890c57eda9648f247a70c1afc7
SHA-256: 5724fd2864b9db292c9039c06fa929deb4cedc2de087b2121a865a5a49e46f97
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.ppc64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 9c2ffc3f5c2c04df9fc6a80ae5387db8
SHA-256: f56f21e44cc5de575e1353880deffa621120c9af258facba39adddd78cf54d13
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 08950d56c3c370768e2d2606a534a513
SHA-256: f111b0e8d9610c7051c653141021aee58fb6328aeebec212cbb3d34531a8ccbe
qemu-img-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 073f549d8150446b21ad23500f11814e
SHA-256: 646e42f8f71140918c0a28ab0012874c735f361aa801055570afa7e94abe2057
qemu-kvm-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 2e9edd2157f9f94a123f6d1d3a1e7670
SHA-256: 27a84de98d7bf394717f8a34a59e0f201da8833616ab42ca033dad39322a8c78
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: bc48a37b676fbb6e212d6f7218dd3d9e
SHA-256: 08110a29adeab09a205bc1aab0c98423b211ad8170d22ade64354edcfa1e6316
qemu-kvm-tools-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: e76c35485db00971021d3229c2f1752c
SHA-256: a37291a863661480f64e4421c1b0c5ee0aaebd711380780f6335f0d98f6744bf
 
Red Hat Enterprise Linux Server EUS (v. 6.7.z)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.1.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 9903bbac38e6d55a8220a5d7fe8b28f7
SHA-256: 65b66bee37fce93e54c8d187e13a943fb962d52f3050bee62b6098bf88edf9e3
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2016:0082
    MD5: a38d411b8fbc02790191c108e7212c02
SHA-256: d0d435013978a04bad88ba0cf60ff8b28e843e658d51fc224cd3eacdb557bb6b
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2016:0082
    MD5: 4bc85e0dcf9cb67d0c6b39b33ca2f9f6
SHA-256: 6d38b371ab22d5e0c7ca6d540f903732e05cdd440db158f75b133b409adae864
 
PPC:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.ppc64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 5d8e82890c57eda9648f247a70c1afc7
SHA-256: 5724fd2864b9db292c9039c06fa929deb4cedc2de087b2121a865a5a49e46f97
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.ppc64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 9c2ffc3f5c2c04df9fc6a80ae5387db8
SHA-256: f56f21e44cc5de575e1353880deffa621120c9af258facba39adddd78cf54d13
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 08950d56c3c370768e2d2606a534a513
SHA-256: f111b0e8d9610c7051c653141021aee58fb6328aeebec212cbb3d34531a8ccbe
qemu-img-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 073f549d8150446b21ad23500f11814e
SHA-256: 646e42f8f71140918c0a28ab0012874c735f361aa801055570afa7e94abe2057
qemu-kvm-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 2e9edd2157f9f94a123f6d1d3a1e7670
SHA-256: 27a84de98d7bf394717f8a34a59e0f201da8833616ab42ca033dad39322a8c78
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: bc48a37b676fbb6e212d6f7218dd3d9e
SHA-256: 08110a29adeab09a205bc1aab0c98423b211ad8170d22ade64354edcfa1e6316
qemu-kvm-tools-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: e76c35485db00971021d3229c2f1752c
SHA-256: a37291a863661480f64e4421c1b0c5ee0aaebd711380780f6335f0d98f6744bf
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.1.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 9903bbac38e6d55a8220a5d7fe8b28f7
SHA-256: 65b66bee37fce93e54c8d187e13a943fb962d52f3050bee62b6098bf88edf9e3
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: a38d411b8fbc02790191c108e7212c02
SHA-256: d0d435013978a04bad88ba0cf60ff8b28e843e658d51fc224cd3eacdb557bb6b
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: 4bc85e0dcf9cb67d0c6b39b33ca2f9f6
SHA-256: 6d38b371ab22d5e0c7ca6d540f903732e05cdd440db158f75b133b409adae864
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 08950d56c3c370768e2d2606a534a513
SHA-256: f111b0e8d9610c7051c653141021aee58fb6328aeebec212cbb3d34531a8ccbe
qemu-img-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 073f549d8150446b21ad23500f11814e
SHA-256: 646e42f8f71140918c0a28ab0012874c735f361aa801055570afa7e94abe2057
qemu-kvm-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 2e9edd2157f9f94a123f6d1d3a1e7670
SHA-256: 27a84de98d7bf394717f8a34a59e0f201da8833616ab42ca033dad39322a8c78
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: bc48a37b676fbb6e212d6f7218dd3d9e
SHA-256: 08110a29adeab09a205bc1aab0c98423b211ad8170d22ade64354edcfa1e6316
qemu-kvm-tools-0.12.1.2-2.479.el6_7.1.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: e76c35485db00971021d3229c2f1752c
SHA-256: a37291a863661480f64e4421c1b0c5ee0aaebd711380780f6335f0d98f6744bf
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/