Security Advisory Important: qemu-kvm-rhev security update

Advisory: RHSA-2015:2695-1
Type: Security Advisory
Severity: Important
Issued on: 2015-12-22
Last updated on: 2015-12-22
Affected Products: Red Hat OpenStack 5.0 for RHEL 6
CVEs (cve.mitre.org): CVE-2015-7504
CVE-2015-7512

Details

Updated qemu-kvm-rhev packages that fix two security issues are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat
Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM.

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD
PC-Net II Ethernet Controller emulation received certain packets in
loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside
a guest could use this flaw to crash the host QEMU process (resulting in
denial of service) or, potentially, execute arbitrary code with privileges
of the host QEMU process. (CVE-2015-7504)

A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation
validated certain received packets from a remote host in non-loopback mode.
A remote, unprivileged attacker could potentially use this flaw to execute
arbitrary code on the host with the privileges of the QEMU process.
Note that to exploit this flaw, the guest network interface must have a
large MTU limit. (CVE-2015-7512)

Red Hat would like to thank Qinghao Tang of QIHU 360 Marvel Team and Ling
Liu of Qihoo 360 Inc. for reporting the CVE-2015-7504 issue, and Ling Liu
of Qihoo 360 Inc. for reporting the CVE-2015-7512 issue. The CVE-2015-7512
issue was independently discovered by Jason Wang of Red Hat.

All qemu-kvm-rhev users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
this update, shut down all running virtual machines. Once all virtual
machines have shut down, start them again for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat OpenStack 5.0 for RHEL 6

SRPMS:
qemu-kvm-rhev-0.12.1.2-2.479.el6_7.3.src.rpm
File outdated by:  RHSA-2017:1441
    MD5: 51eebf515804457d8df263905e1cc36c
SHA-256: 68f733a300a36a943013bd8b641ba17cf9ae62fb77cbf535b79eb601cfe26409
 
x86_64:
qemu-img-rhev-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1441
    MD5: cb7216d1bb04413c8bfcf21968185272
SHA-256: 1d4abd01f50cabab49b82333b171bc73d995dcccf80054dd77de2fde06b6c50b
qemu-kvm-rhev-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1441
    MD5: 0ac7e57b446bc6a45eb4117757410896
SHA-256: db725f0fdb5b88fb5366d5ac429f07192a6f20c0678dfcffee025492aee2f103
qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1441
    MD5: dfafe814301426bba75d6adf879732b7
SHA-256: ca9013afa8521f802806bd7729b604f2a4c2fb3593ec1480c64dba243c84de04
qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.3.x86_64.rpm
File outdated by:  RHSA-2017:1441
    MD5: c4e3f28f795fbda16266c99e8f6e389c
SHA-256: 79c8a95ac7a61f8f53f57479fabaa4623dfc19d85b89070c8ae61ba85f16ba1f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1261461 - CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive
1285061 - CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/