news 28 Posted March 7, 2017 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2017:0454-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0454.html Issue date: 2017-03-07 CVE Names: CVE-2017-2615 CVE-2017-2620 ===================================================================== 1. Summary: An update for kvm is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Multi OS (v. 5 client) - x86_64 Red Hat Enterprise Linux Virtualization (v. 5 server) - x86_64 3. Description: KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Note: The procedure in the Solution section must be performed before this update will take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 1420484 - CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo 6. Package List: Red Hat Enterprise Linux Desktop Multi OS (v. 5 client): Source: kvm-83-277.el5_11.src.rpm x86_64: kmod-kvm-83-277.el5_11.x86_64.rpm kmod-kvm-debug-83-277.el5_11.x86_64.rpm kvm-83-277.el5_11.x86_64.rpm kvm-debuginfo-83-277.el5_11.x86_64.rpm kvm-qemu-img-83-277.el5_11.x86_64.rpm kvm-tools-83-277.el5_11.x86_64.rpm Red Hat Enterprise Linux Virtualization (v. 5 server): Source: kvm-83-277.el5_11.src.rpm x86_64: kmod-kvm-83-277.el5_11.x86_64.rpm kmod-kvm-debug-83-277.el5_11.x86_64.rpm kvm-83-277.el5_11.x86_64.rpm kvm-debuginfo-83-277.el5_11.x86_64.rpm kvm-qemu-img-83-277.el5_11.x86_64.rpm kvm-tools-83-277.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2615 https://access.redhat.com/security/cve/CVE-2017-2620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYvpbiXlSAg2UNWIIRApHSAJ9IfMJsxpXxxdsUI0NFoMcuBYBZtQCfZt2X tHRNJqedRPYZzgtRGRNtzSU= =8TuI -----END PGP SIGNATURE----- -- Share this post Link to post
