[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:1856-01 -- Redhat qemu-kvm

ID: oval:org.secpod.oval:def:502096Date: (C)2017-08-04   (M)2024-01-29
Class: PATCHFamily: unix




Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * An out-of-bounds memory access issue was found in Quick Emulator in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the "vnc_refresh_server_surface". A user inside a guest could use this flaw to crash the QEMU process. * An integer overflow flaw was found in Quick Emulator in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. * An information exposure flaw was found in Quick Emulator in Task Priority Register optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. Red Hat would like to thank Li Qiang for reporting CVE-2017-5898 and Donghai Zdh for reporting CVE-2016-4020. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed : 1151859 - [RFE] Allow the libgfapi logging level to be controlled. 1299875 - system_reset should clear pending request for error 1313686 - CVE-2016-4020 Qemu: i386: leakage of stack memory to guest in kvmvapic.c 1342489 - Flickering Fedora 24 Login Screen on RHEL 7 1361488 - system_reset should clear pending request for error 1375507 - threads option is overwritten if both sockets and cores is set on -smp 1377087 - shutdown rhel 5.11 guest failed and stop at system halted 1377977 - qemu-kvm coredump in vnc_raw_send_framebuffer_update [rhel-7.4] 1378541 - QEMU: update package summary and description 1419699 - CVE-2017-5898 Qemu: usb: integer overflow in emulated_apdu_from_guest 1419898 - Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add

Platform:
Red Hat Enterprise Linux 7
Product:
qemu-kvm
qemu-img
Reference:
RHSA-2017:1856-01
CVE-2016-4020
CVE-2017-2633
CVE-2017-5898
CVE    3
CVE-2016-4020
CVE-2017-5898
CVE-2017-2633
CPE    3
cpe:/a:kvm_group:qemu-kvm
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:7.0

© SecPod Technologies