qemu-kvm-1.5.3-126.el7.5

エラータID: AXSA:2017-1328:02

リリース日: 
2017/03/03 Friday - 02:23
題名: 
qemu-kvm-1.5.3-126.el7.5
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

qemu-kvm is an open source virtualizer that provides hardware emulation for
the KVM hypervisor. qemu-kvm acts as a virtual machine monitor together with
the KVM kernel modules, and emulates the hardware for a full system such as
a PC and its assocated peripherals.

As qemu-kvm requires no host kernel patches to run, it is safe and easy to use.

Security issues fixed with this release:

CVE-2017-2615
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-2620
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Fixed bugs:

* When using the virtio-blk driver on a guest virtual machine with no space on the virtual hard drive, the guest terminated unexpectedly with a "block I/O error in device" message and the qemu-kvm process exited with a segmentation fault. This update fixes how the system_reset QEMU signal is handled in the above scenario. As a result, if a guest crashes due to no space left on the device, qemu-kvm continues running and the guest can be reset as expected.

解決策: 

Update package.

CVE: 
CVE-2017-2615
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
CVE-2017-2620
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. qemu-kvm-1.5.3-126.el7.5.src.rpm
    MD5: 200618ce63e146080abb7e6d3411be10
    SHA-256: 73793ff64de71a4d7f729e036f3efb16e97a0890b7dfd0859d12bd006e3ce11f
    Size: 14.49 MB

Asianux Server 7 for x86_64
  1. qemu-img-1.5.3-126.el7.5.x86_64.rpm
    MD5: c761374aaeabe5bb0e2c3fa3baeb77af
    SHA-256: 30db4c96dd4fa9aef34a4d24d2ce825fef324ffaae7c522040be01c231328fef
    Size: 670.35 kB
  2. qemu-kvm-1.5.3-126.el7.5.x86_64.rpm
    MD5: e0df56c0e8026726d33cb7309c340e60
    SHA-256: 8a8057065075080177d154405d4e31bc626861900078daa3553239e8891776d4
    Size: 1.87 MB
  3. qemu-kvm-common-1.5.3-126.el7.5.x86_64.rpm
    MD5: a99f2e34e8e4d4dbd6555bc1827539d1
    SHA-256: 4c15e14d2329c27f1f91d48b041079f797756a583cb8c979e2dc0efda7b40ee8
    Size: 404.45 kB
  4. qemu-kvm-tools-1.5.3-126.el7.5.x86_64.rpm
    MD5: 4e070c3d5f0060c5691ede7123c3e26c
    SHA-256: cba136e5ec94df5d95eb885fd84c0ed5de1b28ee150219e2d456ad0e0a5fb887
    Size: 202.57 kB