Updated qemu-kvm-rhev packages that fix one security issue and one bug arenow available for Red Hat Enterprise Virtualization.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.
KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides theuser-space component for running virtual machines using KVM in environmentsmanaged by Red Hat Enterprise Virtualization Manager.It was found that the Cirrus blit region checks were insufficient. Aprivileged guest user could use this flaw to write outside ofVRAM-allocated buffer boundaries in the host’s QEMU process address spacewith attacker-provided data. (CVE-2014-8106)This issue was discovered by Paolo Bonzini of Red Hat.This update also fixes the following bug:* Previously, the effective downtime during the last phase of a livemigration would sometimes be much higher than the maximum downtimespecified by ‘migration_downtime’ in vdsm.conf. This problem has beencorrected. The value of ‘migration_downtime’ is now honored and themigration is aborted if the downtime cannot be achieved. (BZ#1142756)All users of qemu-kvm-rhev are advised to upgrade to these updatedpackages, which contain a backported patch to correct this issue. Afterinstalling this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Virtualization 3
MD5: 1fb9a36bb9325ce6225555ebc84a8848SHA-256: 7a1442d99ffa8bda8b8f31c3649407a043ca781eaaaddc0554dc3f3dade072a0
MD5: a530d0070d5864f28b9e56a9d3f7c9afSHA-256: 698844f500d9a30a1453d9dd1583b28fba0cae8a0b300fd2a84525caa9494e05
MD5: f4fbd2f6423f7d495ea734de2d21d301SHA-256: a11888aaeeae64bac2daeb0e1b859e35a9a11a929b7421b42fe63ac78befd6ad
MD5: 4c6043407f1e482d3a51771f6698337fSHA-256: d579821c725fe3a7a6a6719c4395b53edc0286acd1b8629054001a2a80526183
MD5: 012592024b06d5d9cbdcbd751821b796SHA-256: 945821d5a5eb8d33bdc16dfa5805f01b48601491c091b0f9b9ab4d9667e4f478
(The unlinked packages above are only available from the Red Hat Network)
1169454 – CVE-2014-8106 qemu: cirrus: insufficient blit region checks
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from: