Security Advisory Important: qemu-kvm security update

Advisory: RHSA-2015:2694-1
Type: Security Advisory
Severity: Important
Issued on: 2015-12-22
Last updated on: 2015-12-22
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.7.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2015-7504
CVE-2015-7512

Details

Updated qemu-kvm packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD
PC-Net II Ethernet Controller emulation received certain packets in
loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside
a guest could use this flaw to crash the host QEMU process (resulting in
denial of service) or, potentially, execute arbitrary code with privileges
of the host QEMU process. (CVE-2015-7504)

A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation
validated certain received packets from a remote host in non-loopback mode.
A remote, unprivileged attacker could potentially use this flaw to execute
arbitrary code on the host with the privileges of the QEMU process.
Note that to exploit this flaw, the guest network interface must have a
large MTU limit. (CVE-2015-7512)

Red Hat would like to thank Qinghao Tang of QIHU 360 Marvel Team and Ling
Liu of Qihoo 360 Inc. for reporting the CVE-2015-7504 issue, and Ling Liu
of Qihoo 360 Inc. for reporting the CVE-2015-7512 issue. The CVE-2015-7512
issue was independently discovered by Jason Wang of Red Hat.

All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.3.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 852a95ad3fef5aceaa961c440914ae5a
SHA-256: a9afe4f9680db596a5ed85ba714e6a3088d352695cedc42cfd9e93ff8393d761
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: 7beae83db2177987b2ef02168e969fc5
SHA-256: 3dbefffd9f3b5a8d5672aeae6297b104c04882536c869d9d69dafce77892c303
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: cfd4380599e7e16caedb077dbdb27733
SHA-256: cb10ce481d032132da9c0cffe8d39e2413b70e094b4c8cfed28375d753f96881
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 838473228c0a3c401284db529157c4c1
SHA-256: 6bd7495a879182ce0a2dc67cae1d576388c8b5e16a44707709da967613d23c58
qemu-img-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 11dbdcde81ebb77886f1837c9f39b2b1
SHA-256: 0b09481bb16a129f6f87f8496a6e781b3e5879d37876e889e7b008bffc194673
qemu-kvm-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0aec0e173b6e48fe9ced71746eb2a928
SHA-256: af16129db4cccbc391e7fbf1cdfc7b47a638ec9355a0f4924971c17a494e3bac
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 99e0a3d735fda49f3ada480a6c24bdbc
SHA-256: 71feadc8214d7b11b88e642a5f355e12f52a282c2ae2a06a4b94924d37fa5d73
qemu-kvm-tools-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0adfe850f8886c4915d97f16a8d8016a
SHA-256: 5c9884692cdbdd57b16e5a0652aa4dfce96251c56ca586bbb176e6bbdc92e430
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.3.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 852a95ad3fef5aceaa961c440914ae5a
SHA-256: a9afe4f9680db596a5ed85ba714e6a3088d352695cedc42cfd9e93ff8393d761
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 838473228c0a3c401284db529157c4c1
SHA-256: 6bd7495a879182ce0a2dc67cae1d576388c8b5e16a44707709da967613d23c58
qemu-img-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 11dbdcde81ebb77886f1837c9f39b2b1
SHA-256: 0b09481bb16a129f6f87f8496a6e781b3e5879d37876e889e7b008bffc194673
qemu-kvm-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0aec0e173b6e48fe9ced71746eb2a928
SHA-256: af16129db4cccbc391e7fbf1cdfc7b47a638ec9355a0f4924971c17a494e3bac
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 99e0a3d735fda49f3ada480a6c24bdbc
SHA-256: 71feadc8214d7b11b88e642a5f355e12f52a282c2ae2a06a4b94924d37fa5d73
qemu-kvm-tools-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0adfe850f8886c4915d97f16a8d8016a
SHA-256: 5c9884692cdbdd57b16e5a0652aa4dfce96251c56ca586bbb176e6bbdc92e430
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.3.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 852a95ad3fef5aceaa961c440914ae5a
SHA-256: a9afe4f9680db596a5ed85ba714e6a3088d352695cedc42cfd9e93ff8393d761
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: 7beae83db2177987b2ef02168e969fc5
SHA-256: 3dbefffd9f3b5a8d5672aeae6297b104c04882536c869d9d69dafce77892c303
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: cfd4380599e7e16caedb077dbdb27733
SHA-256: cb10ce481d032132da9c0cffe8d39e2413b70e094b4c8cfed28375d753f96881
 
PPC:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.ppc64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 79b9a27e356efb4d7bcdfa829016ea92
SHA-256: 3050a39983406a4f756c6d53d079cb86df2b2a147cd905a91b21107028a63d00
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.ppc64.rpm
File outdated by:  RHSA-2017:1206
    MD5: e566be75c6ee2cf4d419b99f81d694b7
SHA-256: 303ea6f6aa0f3de0d0f4221461129438bdc7ea83fd638e473b55a82212f74fdb
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 838473228c0a3c401284db529157c4c1
SHA-256: 6bd7495a879182ce0a2dc67cae1d576388c8b5e16a44707709da967613d23c58
qemu-img-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 11dbdcde81ebb77886f1837c9f39b2b1
SHA-256: 0b09481bb16a129f6f87f8496a6e781b3e5879d37876e889e7b008bffc194673
qemu-kvm-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0aec0e173b6e48fe9ced71746eb2a928
SHA-256: af16129db4cccbc391e7fbf1cdfc7b47a638ec9355a0f4924971c17a494e3bac
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 99e0a3d735fda49f3ada480a6c24bdbc
SHA-256: 71feadc8214d7b11b88e642a5f355e12f52a282c2ae2a06a4b94924d37fa5d73
qemu-kvm-tools-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0adfe850f8886c4915d97f16a8d8016a
SHA-256: 5c9884692cdbdd57b16e5a0652aa4dfce96251c56ca586bbb176e6bbdc92e430
 
Red Hat Enterprise Linux Server EUS (v. 6.7.z)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.3.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 852a95ad3fef5aceaa961c440914ae5a
SHA-256: a9afe4f9680db596a5ed85ba714e6a3088d352695cedc42cfd9e93ff8393d761
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2016:0082
    MD5: 7beae83db2177987b2ef02168e969fc5
SHA-256: 3dbefffd9f3b5a8d5672aeae6297b104c04882536c869d9d69dafce77892c303
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2016:0082
    MD5: cfd4380599e7e16caedb077dbdb27733
SHA-256: cb10ce481d032132da9c0cffe8d39e2413b70e094b4c8cfed28375d753f96881
 
PPC:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.ppc64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 79b9a27e356efb4d7bcdfa829016ea92
SHA-256: 3050a39983406a4f756c6d53d079cb86df2b2a147cd905a91b21107028a63d00
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.ppc64.rpm
File outdated by:  RHSA-2016:0082
    MD5: e566be75c6ee2cf4d419b99f81d694b7
SHA-256: 303ea6f6aa0f3de0d0f4221461129438bdc7ea83fd638e473b55a82212f74fdb
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 838473228c0a3c401284db529157c4c1
SHA-256: 6bd7495a879182ce0a2dc67cae1d576388c8b5e16a44707709da967613d23c58
qemu-img-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 11dbdcde81ebb77886f1837c9f39b2b1
SHA-256: 0b09481bb16a129f6f87f8496a6e781b3e5879d37876e889e7b008bffc194673
qemu-kvm-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 0aec0e173b6e48fe9ced71746eb2a928
SHA-256: af16129db4cccbc391e7fbf1cdfc7b47a638ec9355a0f4924971c17a494e3bac
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 99e0a3d735fda49f3ada480a6c24bdbc
SHA-256: 71feadc8214d7b11b88e642a5f355e12f52a282c2ae2a06a4b94924d37fa5d73
qemu-kvm-tools-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2016:0082
    MD5: 0adfe850f8886c4915d97f16a8d8016a
SHA-256: 5c9884692cdbdd57b16e5a0652aa4dfce96251c56ca586bbb176e6bbdc92e430
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.479.el6_7.3.src.rpm
File outdated by:  RHSA-2017:1206
    MD5: 852a95ad3fef5aceaa961c440914ae5a
SHA-256: a9afe4f9680db596a5ed85ba714e6a3088d352695cedc42cfd9e93ff8393d761
 
IA-32:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: 7beae83db2177987b2ef02168e969fc5
SHA-256: 3dbefffd9f3b5a8d5672aeae6297b104c04882536c869d9d69dafce77892c303
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.i686.rpm
File outdated by:  RHSA-2017:1206
    MD5: cfd4380599e7e16caedb077dbdb27733
SHA-256: cb10ce481d032132da9c0cffe8d39e2413b70e094b4c8cfed28375d753f96881
 
x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 838473228c0a3c401284db529157c4c1
SHA-256: 6bd7495a879182ce0a2dc67cae1d576388c8b5e16a44707709da967613d23c58
qemu-img-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 11dbdcde81ebb77886f1837c9f39b2b1
SHA-256: 0b09481bb16a129f6f87f8496a6e781b3e5879d37876e889e7b008bffc194673
qemu-kvm-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0aec0e173b6e48fe9ced71746eb2a928
SHA-256: af16129db4cccbc391e7fbf1cdfc7b47a638ec9355a0f4924971c17a494e3bac
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 99e0a3d735fda49f3ada480a6c24bdbc
SHA-256: 71feadc8214d7b11b88e642a5f355e12f52a282c2ae2a06a4b94924d37fa5d73
qemu-kvm-tools-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1206
    MD5: 0adfe850f8886c4915d97f16a8d8016a
SHA-256: 5c9884692cdbdd57b16e5a0652aa4dfce96251c56ca586bbb176e6bbdc92e430
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1261461 - CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive
1285061 - CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/