Red Hat Customer Portal

Skip to main content

Security Advisory Important: qemu-kvm-rhev security update

Advisory: RHSA-2016:0081-1
Type: Security Advisory
Severity: Important
Issued on: 2016-01-28
Last updated on: 2016-01-28
Affected Products: Red Hat Enterprise Virtualization 3
CVEs (cve.mitre.org): CVE-2016-1714

Details

Updated qemu-kvm-rhev packages that fix one security issue are now
available for Red Hat Enterprise Virtualization.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM.

An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware
Configuration device emulation processed certain firmware configurations.
A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the
QEMU process instance or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2016-1714)

Red Hat would like to thank Donghai Zhu of Alibaba for reporting this
issue.

All qemu-kvm-rhev users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, shut down all running virtual machines. Once all virtual
machines have shut down, start them again for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Virtualization 3

SRPMS:
qemu-kvm-rhev-0.12.1.2-2.479.el6_7.4.src.rpm
File outdated by:  RHSA-2016:1586
    MD5: 82c0d345ecb9e875c62e9ecfcd2b1ddf
SHA-256: 76fca2d185df9bb7891d9da7d26d3137ccf258dacb221c1831417f47337b074b
 
x86_64:
qemu-img-rhev-0.12.1.2-2.479.el6_7.4.x86_64.rpm
File outdated by:  RHSA-2016:1586
    MD5: 69179a6b6269ab0a16cf82b927dcdc50
SHA-256: 96882cc0e419838e92fb3c9989c06b8498821eb1be199ac62eb3d9c16abd1b04
qemu-kvm-rhev-0.12.1.2-2.479.el6_7.4.x86_64.rpm
File outdated by:  RHSA-2016:1586
    MD5: 6862c868af9b5707dcc870ffaaea6c86
SHA-256: bbad41249b409cd21d00d2b90aec96cf397b2b1625adf635dad9306f78b44826
qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.4.x86_64.rpm
File outdated by:  RHSA-2016:1586
    MD5: d3053c69c1e141423b12be6906626e12
SHA-256: 3c7836fa5d4390baeb0612672dee80354eef89758ff5c12d0d1f5ab2c4adf681
qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.4.x86_64.rpm
File outdated by:  RHSA-2016:1586
    MD5: 0d27cfde944db7086eeb35c750ea1032
SHA-256: efab3d39f9e0e97634d904cdc1e9c9478f0b7bfdee141c849f60c05416734ede
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1296060 - CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/