RedHat: RHSA-2018-1369:01 Moderate: qemu-kvm-rhev security and bug fix
Summary
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.
Security Fix(es):
* QEMU: i386: multiboot OOB access while loading kernel image
(CVE-2018-7550)
* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Cyrille Chatras (Orange.com) and CERT-CC
(Orange.com) for reporting CVE-2018-7550 and Ross Lagerwall (Citrix.com)
for reporting CVE-2018-7858.
Bug Fix(es):
* In certain Red Hat Virtualization (RHV) guest configurations, virtual
pass-through devices could not be removed properly. A reference count leak
in the QEMU emulator has been removed, and the affected devices are now
removed reliably. (BZ#1555213)
* Previously, a raw disk image that was using the "--preallocation=full"
option in some cases could not be resized. This problem has been fixed and
no longer occurs. (BZ#1566587)
* Due to race conditions in the virtio-blk and virtio-scsi services, the
QEMU emulator sometimes terminated unexpectedly when shutting down. The
race conditions have been removed, and QEMU now exits gracefully.
(BZ#1566586)
* Prior to this update, deleting guest snapshots using the RHV GUI in some
cases failed due to an incorrect image-seeking algorithm. This update fixes
the underlying code, and guest snapshots in RHV can now be deleted
successfully. (BZ#1566369)
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
References
https://access.redhat.com/security/cve/CVE-2018-7550 https://access.redhat.com/security/cve/CVE-2018-7858 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source:
qemu-kvm-rhev-2.10.0-21.el7_5.2.src.rpm
ppc64le:
qemu-img-rhev-2.10.0-21.el7_5.2.ppc64le.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.2.ppc64le.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.2.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.2.ppc64le.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.2.ppc64le.rpm
x86_64:
qemu-img-rhev-2.10.0-21.el7_5.2.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.2.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.2.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.2.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64
Bugs Fixed
1549798 - CVE-2018-7550 QEMU: i386: multiboot OOB access while loading kernel image
1553402 - CVE-2018-7858 QEMU: cirrus: OOB access when updating VGA display
1555213 - [Q35] "DEVICE_DELETED" event didn't return after delete the second passthrough vf device [rhel-7.5.z]
1566369 - qemu-img commit fails with "block/file-posix.c:1774: find_allocation: Assertion `offs >= start' failed" [rhel-7.5.z]
1566586 - Occurred core dump with multi-object when quitted qemu during doing IO [rhel-7.5.z]
1566587 - Unable to resize image with preallocation=full mode [rhel-7.5.z]