Scientific Linux alert SLSA-2017:0396-1 (qemu-kvm)
| From: | Pat Riehecky <riehecky@fnal.gov> | |
| To: | <scientific-linux-errata@listserv.fnal.gov> | |
| Subject: | Security ERRATA Important: qemu-kvm on SL7.x x86_64 | |
| Date: | Thu, 2 Mar 2017 19:30:15 +0000 | |
| Message-ID: | <20170302193015.3515.43153@slpackages.fnal.gov> |
Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: SLSA-2017:0396-1 Issue Date: 2017-03-02 CVE Numbers: CVE-2017-2615 CVE-2017-2620 -- Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Bug Fix(es): * When using the virtio-blk driver on a guest virtual machine with no space on the virtual hard drive, the guest terminated unexpectedly with a "block I/O error in device" message and the qemu-kvm process exited with a segmentation fault. This update fixes how the system_reset QEMU signal is handled in the above scenario. As a result, if a guest crashes due to no space left on the device, qemu-kvm continues running and the guest can be reset as expected. -- SL7 x86_64 qemu-img-1.5.3-126.el7_3.5.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.5.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.5.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.5.x86_64.rpm - Scientific Linux Development Team