Moderate: qemu-kvm-rhev security and bug fix update

Synopsis

Moderate: qemu-kvm-rhev security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

• QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550)
  
• QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Cyrille Chatras (Orange.com) and CERT-CC (Orange.com) for reporting CVE-2018-7550 and Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858.

Bug Fix(es):

• In certain Red Hat Virtualization (RHV) guest configurations, virtual pass-through devices could not be removed properly. A reference count leak in the QEMU emulator has been removed, and the affected devices are now removed reliably. (BZ#1555213)
  
• Previously, a raw disk image that was using the "--preallocation=full" option in some cases could not be resized. This problem has been fixed and no longer occurs. (BZ#1566587)
  
• Due to race conditions in the virtio-blk and virtio-scsi services, the QEMU emulator sometimes terminated unexpectedly when shutting down. The race conditions have been removed, and QEMU now exits gracefully. (BZ#1566586)
  
• Prior to this update, deleting guest snapshots using the RHV GUI in some cases failed due to an incorrect image-seeking algorithm. This update fixes the underlying code, and guest snapshots in RHV can now be deleted successfully. (BZ#1566369)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

Affected Products

• Red Hat Virtualization 4 x86_64
• Red Hat Virtualization for IBM Power LE 4 ppc64le

Fixes

• BZ - 1549798 - CVE-2018-7550 QEMU: i386: multiboot OOB access while loading kernel image
• BZ - 1553402 - CVE-2018-7858 QEMU: cirrus: OOB access when updating VGA display
• BZ - 1555213 - [Q35] "DEVICE_DELETED" event didn't return after delete the second passthrough vf device [rhel-7.5.z]
• BZ - 1566369 - qemu-img commit fails with "block/file-posix.c:1774: find_allocation: Assertion `offs >= start' failed" [rhel-7.5.z]
• BZ - 1566586 - Occurred core dump with multi-object when quitted qemu during doing IO [rhel-7.5.z]
• BZ - 1566587 - Unable to resize image with preallocation=full mode [rhel-7.5.z]

CVEs

• CVE-2018-7550
• CVE-2018-7858

References

• https://access.redhat.com/security/updates/classification/#moderate