Security Advisory Important: qemu-kvm security update

Advisory: RHSA-2015:0998-1
Type: Security Advisory
Severity: Important
Issued on: 2015-05-13
Last updated on: 2015-05-13
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.6)
Red Hat Enterprise Linux Server EUS (v. 6.6.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2015-3456

Details

Updated qemu-kvm packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.

An out-of-bounds memory access flaw was found in the way QEMU's virtual
Floppy Disk Controller (FDC) handled FIFO buffer access while processing
certain FDC commands. A privileged guest user could use this flaw to crash
the guest or, potentially, execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest.
(CVE-2015-3456)

Red Hat would like to thank Jason Geffner of CrowdStrike for reporting
this issue.

All qemu-kvm users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm
File outdated by:  RHSA-2016:1585
    MD5: 4b66646b62d2b8bf1c768b7a80a0fbeb
SHA-256: 2eb95cecba24ecdddd325f0d69949cb29bb736eae272fc6b475b1eb785ca505e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2016:1585
    MD5: 129ef84ca3fff3021dcc520bf2ea994d
SHA-256: 4cc58e3fb1c5719b7599ba0736625fa2b6eef6a00a012d8dc57a7fca083913c7
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2016:1585
    MD5: 7cf12f7d4e1fc2ad02ec50834fbc2cc9
SHA-256: 349591a12f40774d3ee4b074f8ecaa5e7446a87ca335cbd6be07bc90c19cc5c8
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a970e3298d2accc267495aa233c06261
SHA-256: 1115c57c00d087511962d9ff3ae7180468fd9c24317244153f30c295877ad297
qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: c2f1b73b1024b177dd5318bfa9c113c6
SHA-256: 3af9b21ea9bd7954cee40999561a60a4031afe0f30676a3c30a62b98ea986c53
qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a4752eb0e4fd347391cc00f909158097
SHA-256: 779ceb5c9804fa51e40ad75dfc81ae0a33b097099a396d988d1444a04fecf517
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: 9a262f3fee3077391a4a3f9eb179b830
SHA-256: 1626f7e216eacce4f646a168a3146a4a6ec0fea5fe0fc82a3b2da1274267f1fb
qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: b80549d166632f7ee2943e9c2f5d64e8
SHA-256: b6371b1882e3c79259c36d2296be2e24b0eefc48856ee71cfafa38694cc9a91b
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm
File outdated by:  RHSA-2016:1585
    MD5: 4b66646b62d2b8bf1c768b7a80a0fbeb
SHA-256: 2eb95cecba24ecdddd325f0d69949cb29bb736eae272fc6b475b1eb785ca505e
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a970e3298d2accc267495aa233c06261
SHA-256: 1115c57c00d087511962d9ff3ae7180468fd9c24317244153f30c295877ad297
qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: c2f1b73b1024b177dd5318bfa9c113c6
SHA-256: 3af9b21ea9bd7954cee40999561a60a4031afe0f30676a3c30a62b98ea986c53
qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a4752eb0e4fd347391cc00f909158097
SHA-256: 779ceb5c9804fa51e40ad75dfc81ae0a33b097099a396d988d1444a04fecf517
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: 9a262f3fee3077391a4a3f9eb179b830
SHA-256: 1626f7e216eacce4f646a168a3146a4a6ec0fea5fe0fc82a3b2da1274267f1fb
qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: b80549d166632f7ee2943e9c2f5d64e8
SHA-256: b6371b1882e3c79259c36d2296be2e24b0eefc48856ee71cfafa38694cc9a91b
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm
File outdated by:  RHSA-2016:1585
    MD5: 4b66646b62d2b8bf1c768b7a80a0fbeb
SHA-256: 2eb95cecba24ecdddd325f0d69949cb29bb736eae272fc6b475b1eb785ca505e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2016:1585
    MD5: 129ef84ca3fff3021dcc520bf2ea994d
SHA-256: 4cc58e3fb1c5719b7599ba0736625fa2b6eef6a00a012d8dc57a7fca083913c7
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2016:1585
    MD5: 7cf12f7d4e1fc2ad02ec50834fbc2cc9
SHA-256: 349591a12f40774d3ee4b074f8ecaa5e7446a87ca335cbd6be07bc90c19cc5c8
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a970e3298d2accc267495aa233c06261
SHA-256: 1115c57c00d087511962d9ff3ae7180468fd9c24317244153f30c295877ad297
qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: c2f1b73b1024b177dd5318bfa9c113c6
SHA-256: 3af9b21ea9bd7954cee40999561a60a4031afe0f30676a3c30a62b98ea986c53
qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a4752eb0e4fd347391cc00f909158097
SHA-256: 779ceb5c9804fa51e40ad75dfc81ae0a33b097099a396d988d1444a04fecf517
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: 9a262f3fee3077391a4a3f9eb179b830
SHA-256: 1626f7e216eacce4f646a168a3146a4a6ec0fea5fe0fc82a3b2da1274267f1fb
qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: b80549d166632f7ee2943e9c2f5d64e8
SHA-256: b6371b1882e3c79259c36d2296be2e24b0eefc48856ee71cfafa38694cc9a91b
 
Red Hat Enterprise Linux Server AUS (v. 6.6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm
File outdated by:  RHSA-2016:1585
    MD5: 4b66646b62d2b8bf1c768b7a80a0fbeb
SHA-256: 2eb95cecba24ecdddd325f0d69949cb29bb736eae272fc6b475b1eb785ca505e
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: a970e3298d2accc267495aa233c06261
SHA-256: 1115c57c00d087511962d9ff3ae7180468fd9c24317244153f30c295877ad297
qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: c2f1b73b1024b177dd5318bfa9c113c6
SHA-256: 3af9b21ea9bd7954cee40999561a60a4031afe0f30676a3c30a62b98ea986c53
qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: a4752eb0e4fd347391cc00f909158097
SHA-256: 779ceb5c9804fa51e40ad75dfc81ae0a33b097099a396d988d1444a04fecf517
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: 9a262f3fee3077391a4a3f9eb179b830
SHA-256: 1626f7e216eacce4f646a168a3146a4a6ec0fea5fe0fc82a3b2da1274267f1fb
qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: b80549d166632f7ee2943e9c2f5d64e8
SHA-256: b6371b1882e3c79259c36d2296be2e24b0eefc48856ee71cfafa38694cc9a91b
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm
File outdated by:  RHSA-2016:1585
    MD5: 4b66646b62d2b8bf1c768b7a80a0fbeb
SHA-256: 2eb95cecba24ecdddd325f0d69949cb29bb736eae272fc6b475b1eb785ca505e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2015:1087
    MD5: 129ef84ca3fff3021dcc520bf2ea994d
SHA-256: 4cc58e3fb1c5719b7599ba0736625fa2b6eef6a00a012d8dc57a7fca083913c7
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2015:1087
    MD5: 7cf12f7d4e1fc2ad02ec50834fbc2cc9
SHA-256: 349591a12f40774d3ee4b074f8ecaa5e7446a87ca335cbd6be07bc90c19cc5c8
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: a970e3298d2accc267495aa233c06261
SHA-256: 1115c57c00d087511962d9ff3ae7180468fd9c24317244153f30c295877ad297
qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: c2f1b73b1024b177dd5318bfa9c113c6
SHA-256: 3af9b21ea9bd7954cee40999561a60a4031afe0f30676a3c30a62b98ea986c53
qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: a4752eb0e4fd347391cc00f909158097
SHA-256: 779ceb5c9804fa51e40ad75dfc81ae0a33b097099a396d988d1444a04fecf517
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: 9a262f3fee3077391a4a3f9eb179b830
SHA-256: 1626f7e216eacce4f646a168a3146a4a6ec0fea5fe0fc82a3b2da1274267f1fb
qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2015:1087
    MD5: b80549d166632f7ee2943e9c2f5d64e8
SHA-256: b6371b1882e3c79259c36d2296be2e24b0eefc48856ee71cfafa38694cc9a91b
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.3.src.rpm
File outdated by:  RHSA-2016:1585
    MD5: 4b66646b62d2b8bf1c768b7a80a0fbeb
SHA-256: 2eb95cecba24ecdddd325f0d69949cb29bb736eae272fc6b475b1eb785ca505e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2016:1585
    MD5: 129ef84ca3fff3021dcc520bf2ea994d
SHA-256: 4cc58e3fb1c5719b7599ba0736625fa2b6eef6a00a012d8dc57a7fca083913c7
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.i686.rpm
File outdated by:  RHSA-2016:1585
    MD5: 7cf12f7d4e1fc2ad02ec50834fbc2cc9
SHA-256: 349591a12f40774d3ee4b074f8ecaa5e7446a87ca335cbd6be07bc90c19cc5c8
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a970e3298d2accc267495aa233c06261
SHA-256: 1115c57c00d087511962d9ff3ae7180468fd9c24317244153f30c295877ad297
qemu-img-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: c2f1b73b1024b177dd5318bfa9c113c6
SHA-256: 3af9b21ea9bd7954cee40999561a60a4031afe0f30676a3c30a62b98ea986c53
qemu-kvm-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: a4752eb0e4fd347391cc00f909158097
SHA-256: 779ceb5c9804fa51e40ad75dfc81ae0a33b097099a396d988d1444a04fecf517
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: 9a262f3fee3077391a4a3f9eb179b830
SHA-256: 1626f7e216eacce4f646a168a3146a4a6ec0fea5fe0fc82a3b2da1274267f1fb
qemu-kvm-tools-0.12.1.2-2.448.el6_6.3.x86_64.rpm
File outdated by:  RHSA-2016:1585
    MD5: b80549d166632f7ee2943e9c2f5d64e8
SHA-256: b6371b1882e3c79259c36d2296be2e24b0eefc48856ee71cfafa38694cc9a91b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/