Updated qemu-kvm-rhev packages that fix one security issue and one bug arenow available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Low securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides theuser-space component for running virtual machines using KVM in environmentsmanaged by Red Hat Enterprise Virtualization Manager.An information leak flaw was found in the way QEMU’s VGA emulator accessedframe buffer memory for high resolution displays. A privileged guest usercould use this flaw to leak memory contents of the host to the guest bysetting the display to use a high resolution in the guest. (CVE-2014-3615)This issue was discovered by Laszlo Ersek of Red Hat.This update also fixes the following bug:* This update fixes a bug that caused the relative path to a backing fileimage to be switched to an absolute path during a live merge(block-commit). (BZ#1122925)All users of qemu-kvm-rhev are advised to upgrade to these updatedpackages, which contain backported patches to correct these issues. Afterinstalling this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Enterprise Virtualization 3

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/qemu-kvm-rhev/1.5.3-60.el7_0.10/SRPMS/qemu-kvm-rhev-1.5.3-60.el7_0.10.src.rpmMissing file
    MD5: 29b4fa553cdb91915fa0f6a82b1a8cefSHA-256: 6a07d6cefa8c173f500f96c73c0a651e30fb6b6a7b34aa35c885634edd3c194c
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/libcacard-devel-rhev/1.5.3-60.el7_0.10/x86_64/libcacard-devel-rhev-1.5.3-60.el7_0.10.x86_64.rpmMissing file
    MD5: 88cfe3bc45a6eff321b24e414a71c599SHA-256: 002ae4ed91ff0792ef04d39c26d72a7af1ee8991a2e0e001e16da1475471761b
ftp://updates.redhat.com/rhn/public/NULL/libcacard-rhev/1.5.3-60.el7_0.10/x86_64/libcacard-rhev-1.5.3-60.el7_0.10.x86_64.rpmMissing file
    MD5: 9de40765e684da1a92799e7d3f0ab5c2SHA-256: 6a770d48d15c09ad9c80381f8968dbebd5d33d9030a19ed5602e88a1ce88d488
ftp://updates.redhat.com/rhn/public/NULL/libcacard-tools-rhev/1.5.3-60.el7_0.10/x86_64/libcacard-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpmMissing file
    MD5: 282231226490ae05b5e62aef31c52b8cSHA-256: 335d911bb549d82cfc184fde3f5e83b6718f3d85ed27081156e25bd595ffd1ac
ftp://updates.redhat.com/rhn/public/NULL/qemu-img-rhev/1.5.3-60.el7_0.10/x86_64/qemu-img-rhev-1.5.3-60.el7_0.10.x86_64.rpmMissing file
    MD5: ab0e68b73c9f3b3544b40a4e08cd33a0SHA-256: 2fc6aa6fbbadc0275f1e0278dff2795b5dae7d5bf4f044bbcbecf70c2319c855
ftp://updates.redhat.com/rhn/public/NULL/qemu-kvm-common-rhev/1.5.3-60.el7_0.10/x86_64/qemu-kvm-common-rhev-1.5.3-60.el7_0.10.x86_64.rpmMissing file
    MD5: b7ac775d1473f73fa837c35a8f2aa5ffSHA-256: 2dae99fb0fccf54315e8938e8ceec94508920af4ac94ca72bd266b948e48a135
ftp://updates.redhat.com/rhn/public/NULL/qemu-kvm-rhev/1.5.3-60.el7_0.10/x86_64/qemu-kvm-rhev-1.5.3-60.el7_0.10.x86_64.rpmMissing file
    MD5: f35cd98c81ddcc2d0e0f0528306c92b4SHA-256: 80afbf06e3e0515eef84a9b6a87155eaf1e6a07ae7703e70b43afb54e9517b0a
ftp://updates.redhat.com/rhn/public/NULL/qemu-kvm-tools-rhev/1.5.3-60.el7_0.10/x86_64/qemu-kvm-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpmMissing file
    MD5: 7b4e202336a40e750a00ba94b1e8dee9SHA-256: d125717c478964a2c546ff7093e5b822b6568acb62f2e8795f33e69a460899db
 

1122925 – Maintain relative path to backing file image during live merge (block-commit)1139115 – CVE-2014-3615 Qemu: information leakage when guest sets high resolution

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply