Moderate CentOS qemu-kvm Security Update

Metadata

high
7.5
libcacard-1.5.3-60.el7_0.5.i686.rpm, libcacard-1.5.3-60.el7_0.5.x86_64.rpm, libcacard-devel-1.5.3-60.el7_0.5.i686.rpm, libcacard-devel-1.5.3-60.el7_0.5.x86_64.rpm, libcacard-tools-1.5.3-60.el7_0.5.x86_64.rpm, qemu-guest-agent-1.5.3-60.el7_0.5.x86_64.rpm, qemu-img-1.5.3-60.el7_0.5.x86_64.rpm, qemu-kvm-1.5.3-60.el7_0.5.src.rpm, qemu-kvm-1.5.3-60.el7_0.5.x86_64.rpm, qemu-kvm-common-1.5.3-60.el7_0.5.x86_64.rpm, qemu-kvm-tools-1.5.3-60.el7_0.5.x86_64.rpm
CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461
access.redhat.com, lists.centos.org
2014-07-25
2017-07-27 19:07
Moderate CentOS qemu-kvm Update
Moderate CentOS qemu-kvm Update
CVE-2013-4148 xen
CVE-2014-0222 xen
CVE-2013-4529 qemu
CVE-2014-0223 qemu-kvm
CVE-2014-0222 qemu-kvm
CVE-2013-4151 qemu
CVE-2013-4529 qemu-kvm
CVE-2013-4149 qemu-kvm
CVE-2013-4542 qemu-kvm
CVE-2013-6399 qemu-kvm
CVE-2014-0222 qemu
CVE-2013-4149 qemu
CVE-2013-4542 qemu
CVE-2014-3461 qemu
CVE-2014-0223 qemu
CVE-2013-6399 qemu
CVE-2013-4542 xen
CVE-2013-4150 qemu
CVE-2013-4541 qemu-kvm
CVE-2014-3461 qemu-kvm
CVE-2013-4536 qemu
CVE-2013-4151 qemu-kvm
CVE-2014-0182 qemu-kvm
CVE-2013-4150 qemu-kvm
CVE-2013-4148 qemu-kvm
CVE-2014-0223 xen
CVE-2013-6399 xen
CVE-2013-4151 xen
CVE-2013-4541 qemu
CVE-2013-4535 qemu
CVE-2013-4527 qemu
CVE-2013-4148 qemu
CVE-2013-4527 qemu-kvm
CVE-2013-4535 qemu-kvm
CVE-2013-4536 qemu-kvm
CVE-2014-0182 qemu
CVE-2014-0182
CVE-2013-4151
CVE-2013-4529
CVE-2013-4148
CVE-2014-0223
CVE-2014-3461
CVE-2013-4541
CVE-2013-4536
CVE-2013-4535
CVE-2013-4527
CVE-2013-6399
CVE-2013-4149
CVE-2013-4542
CVE-2013-4150
CVE-2014-0222
2017-04-01 19:08
2017-01-05 20:12

Description


Updated qemu-kvm packages that fix multiple security issues and various
bugs are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.

Two integer overflow flaws were found in the QEMU block driver for QCOW
version 1 disk images. A user able to alter the QEMU disk image files
loaded by a guest could use either of these flaws to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2014-0222, CVE-2014-0223)

Multiple buffer overflow, input validation, and out-of-bounds write flaws
were found in the way virtio, virtio-net, virtio-scsi, usb, and hpet
drivers of QEMU handled state loading after migration. A user able to alter
the savevm data (either on the disk or over the wire during migration)
could use either of these flaws to corrupt QEMU process memory on the
(destination) host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527,
CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542,
CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)

These issues were discovered by Michael S. Tsirkin, Anthony Liguori and
Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,
CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536,
CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and
CVE-2014-3461.

This update also fixes the following bugs:

* Previously, QEMU did not free pre-allocated zero clusters correctly and
the clusters under some circumstances leaked. With this update,
pre-allocated zero clusters are freed appropriately and the cluster leaks
no longer occur. (BZ#1110188)

* Prior to this update, the QEMU command interface did not properly handle
resizing of cache memory during guest migration, causing QEMU to terminate
unexpectedly with a segmentation fault and QEMU to fail. This update fixes
the related code and QEMU no longer crashes in the described situation.
(BZ#1110191)

* Previously, when a guest device was hot unplugged, QEMU correctly removed
the corresponding file descriptor watch but did not re-create it after the
device was re-connected. As a consequence, the guest became unable to
receive any data from the host over this device. With this update, the file
descriptor's watch is re-created and the guest in the above scenario can
communicate with the host as expected. (BZ#1110219)

* Previously, the QEMU migration code did not account for the gaps caused
by hot unplugged devices and thus expected more memory to be transferred
during migrations. As a consequence, guest migration failed to complete
after multiple devices were hot unplugged. In addition, the migration info
text displayed erroneous values for the "remaining ram" item. With this
update, QEMU calculates memory after a device has been unplugged correctly,
and any subsequent guest migrations proceed as expected. (BZ#1110189)

All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 libcacard libcacard-1.5.3-60.el7_0.5.i686.rpm
libcacard libcacard-1.5.3-60.el7_0.5.x86_64.rpm
libcacard-devel libcacard-devel-1.5.3-60.el7_0.5.i686.rpm
libcacard-devel libcacard-devel-1.5.3-60.el7_0.5.x86_64.rpm
libcacard-tools libcacard-tools-1.5.3-60.el7_0.5.x86_64.rpm
qemu-guest-agent qemu-guest-agent-1.5.3-60.el7_0.5.x86_64.rpm
qemu-img qemu-img-1.5.3-60.el7_0.5.x86_64.rpm
qemu-kvm qemu-kvm-1.5.3-60.el7_0.5.src.rpm
qemu-kvm qemu-kvm-1.5.3-60.el7_0.5.x86_64.rpm
qemu-kvm-common qemu-kvm-common-1.5.3-60.el7_0.5.x86_64.rpm
qemu-kvm-tools qemu-kvm-tools-1.5.3-60.el7_0.5.x86_64.rpm