Security Advisory Moderate: qemu-kvm security and bug fix update

Advisory: RHSA-2017:0621-1
Type: Security Advisory
Severity: Moderate
Issued on: 2017-03-21
Last updated on: 2017-03-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2016-3712

Details

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux
on a variety of architectures. The qemu-kvm packages provide the user-space
component for running virtual machines that use KVM.

Security Fix(es):

* An integer overflow flaw and an out-of-bounds read flaw were found in the way
QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged
guest user could use this flaw to crash the QEMU process instance.
(CVE-2016-3712)

Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked
from the References section.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all
virtual machines have shut down, start them again for this update to take
effect.

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.503.el6.src.rpm     MD5: da7021b1f01a3e5fe11f7e1dcc424942
SHA-256: c795bd236c96ab77d8ae54f610cafb99fc0290b12a424c91071e30e579ed9542
 
IA-32:
qemu-guest-agent-0.12.1.2-2.503.el6.i686.rpm     MD5: ef78c00eaeb2cd90bb0022f2945635d5
SHA-256: 6b6fb679ab057954f008b879b746d3b3ad650a032e9d90010309fe21bcacf711
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.i686.rpm     MD5: e15c39674360b9952a061642d36390f1
SHA-256: 687c0631c82a4f331390f318eb46facb55fb80597201f5259f41b2f44da76770
 
x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6.x86_64.rpm     MD5: a2c8e68671ef6086c5e24d0783a5b98e
SHA-256: 55ee151779f3499b1b69ae0d65fd5d5e075c91943a24ed8cd4362d2e771030f7
qemu-img-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 1726afdf3a27a26f567c0d7b9f919388
SHA-256: 3000dcd73b557865313935354432c24d364bcb8fd5272e318598e7eb7114949f
qemu-kvm-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 6d756cd2544634beb95929f73eb64105
SHA-256: 741ddd5e29a460f2701e35f3b4415552c831b62b438063a64ee79bcc503f099b
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 8886aa024525cf0a6a5a3f10531c09c2
SHA-256: f2412df421e4080bd0aa865373f67dd5c34e2067573801352094c401aea47c22
qemu-kvm-tools-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 7e1a9f0ebbc1c8ba5f6d579b0d7f49d9
SHA-256: 01600f8e2e2a02f270a0c058c8a8e71a9127c505b7c7ce1155745da634ab9af3
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.503.el6.src.rpm     MD5: da7021b1f01a3e5fe11f7e1dcc424942
SHA-256: c795bd236c96ab77d8ae54f610cafb99fc0290b12a424c91071e30e579ed9542
 
x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6.x86_64.rpm     MD5: a2c8e68671ef6086c5e24d0783a5b98e
SHA-256: 55ee151779f3499b1b69ae0d65fd5d5e075c91943a24ed8cd4362d2e771030f7
qemu-img-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 1726afdf3a27a26f567c0d7b9f919388
SHA-256: 3000dcd73b557865313935354432c24d364bcb8fd5272e318598e7eb7114949f
qemu-kvm-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 6d756cd2544634beb95929f73eb64105
SHA-256: 741ddd5e29a460f2701e35f3b4415552c831b62b438063a64ee79bcc503f099b
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 8886aa024525cf0a6a5a3f10531c09c2
SHA-256: f2412df421e4080bd0aa865373f67dd5c34e2067573801352094c401aea47c22
qemu-kvm-tools-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 7e1a9f0ebbc1c8ba5f6d579b0d7f49d9
SHA-256: 01600f8e2e2a02f270a0c058c8a8e71a9127c505b7c7ce1155745da634ab9af3
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.503.el6.src.rpm     MD5: da7021b1f01a3e5fe11f7e1dcc424942
SHA-256: c795bd236c96ab77d8ae54f610cafb99fc0290b12a424c91071e30e579ed9542
 
IA-32:
qemu-guest-agent-0.12.1.2-2.503.el6.i686.rpm     MD5: ef78c00eaeb2cd90bb0022f2945635d5
SHA-256: 6b6fb679ab057954f008b879b746d3b3ad650a032e9d90010309fe21bcacf711
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.i686.rpm     MD5: e15c39674360b9952a061642d36390f1
SHA-256: 687c0631c82a4f331390f318eb46facb55fb80597201f5259f41b2f44da76770
 
PPC:
qemu-guest-agent-0.12.1.2-2.503.el6.ppc64.rpm     MD5: 65378245b51d9cd636dd3628f3f5e640
SHA-256: a5126df131b30ea01aa8d6b0c4d5c8136fd07f24bf63da58a6db70c338c2f678
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.ppc64.rpm     MD5: addd55c949f587935f2632afcf820b5b
SHA-256: 5ac05ff9d8d73d89abd861aa35b547e407af2b56854c25a9d8495506817eef8f
 
x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6.x86_64.rpm     MD5: a2c8e68671ef6086c5e24d0783a5b98e
SHA-256: 55ee151779f3499b1b69ae0d65fd5d5e075c91943a24ed8cd4362d2e771030f7
qemu-img-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 1726afdf3a27a26f567c0d7b9f919388
SHA-256: 3000dcd73b557865313935354432c24d364bcb8fd5272e318598e7eb7114949f
qemu-kvm-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 6d756cd2544634beb95929f73eb64105
SHA-256: 741ddd5e29a460f2701e35f3b4415552c831b62b438063a64ee79bcc503f099b
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 8886aa024525cf0a6a5a3f10531c09c2
SHA-256: f2412df421e4080bd0aa865373f67dd5c34e2067573801352094c401aea47c22
qemu-kvm-tools-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 7e1a9f0ebbc1c8ba5f6d579b0d7f49d9
SHA-256: 01600f8e2e2a02f270a0c058c8a8e71a9127c505b7c7ce1155745da634ab9af3
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.503.el6.src.rpm     MD5: da7021b1f01a3e5fe11f7e1dcc424942
SHA-256: c795bd236c96ab77d8ae54f610cafb99fc0290b12a424c91071e30e579ed9542
 
IA-32:
qemu-guest-agent-0.12.1.2-2.503.el6.i686.rpm     MD5: ef78c00eaeb2cd90bb0022f2945635d5
SHA-256: 6b6fb679ab057954f008b879b746d3b3ad650a032e9d90010309fe21bcacf711
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.i686.rpm     MD5: e15c39674360b9952a061642d36390f1
SHA-256: 687c0631c82a4f331390f318eb46facb55fb80597201f5259f41b2f44da76770
 
x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6.x86_64.rpm     MD5: a2c8e68671ef6086c5e24d0783a5b98e
SHA-256: 55ee151779f3499b1b69ae0d65fd5d5e075c91943a24ed8cd4362d2e771030f7
qemu-img-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 1726afdf3a27a26f567c0d7b9f919388
SHA-256: 3000dcd73b557865313935354432c24d364bcb8fd5272e318598e7eb7114949f
qemu-kvm-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 6d756cd2544634beb95929f73eb64105
SHA-256: 741ddd5e29a460f2701e35f3b4415552c831b62b438063a64ee79bcc503f099b
qemu-kvm-debuginfo-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 8886aa024525cf0a6a5a3f10531c09c2
SHA-256: f2412df421e4080bd0aa865373f67dd5c34e2067573801352094c401aea47c22
qemu-kvm-tools-0.12.1.2-2.503.el6.x86_64.rpm     MD5: 7e1a9f0ebbc1c8ba5f6d579b0d7f49d9
SHA-256: 01600f8e2e2a02f270a0c058c8a8e71a9127c505b7c7ce1155745da634ab9af3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1281713 - system_reset should clear pending request for error (IDE)
1292678 - Qemu should report error when cmdline set threads=2 in amd host
1294941 - QEMU crash on snapshot revert when using Cirrus
1297653 - "qemu-img convert" can't create a fully allocated image passed a "-S 0" option
1300626 - e1000/rtl8139: qemu mac address can not be changed via set the hardware address in guest
1318712 - CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface
1320066 - Qemu should not report error when cmdline set threads=2 in Intel host
1333697 - qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/virtio-scsi.c:724: virtio_scsi_push_event: Assertion `event == 0' failed
1346981 - Regression from CVE-2016-3712: windows installer fails to start [rhel-6.9]
1356924 - rtl8139 driver hangs in widows guests
1361490 - system_reset should clear pending request for error (virtio-blk)
1392287 - Core dump occurs when query qtree after migration with "-vga cirrus"
1392520 - [RHEL6.9] KVM guest shuts itself down after 128th reboot
876993 - qemu-kvm: vm's become non-responsive during migrate disk load from 2 domains to a 3ed


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/