Updated qemu-kvm-rhev packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 4.0 and 5.0 forRed Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides theuser-space component for running virtual machines using KVM, inenvironments managed by Red Hat Enterprise Linux OpenStack Platform.It was found that the Cirrus blit region checks were insufficient.A privileged guest user could use this flaw to write outside ofVRAM-allocated buffer boundaries in the host’s QEMU process address spacewith attacker-provided data. (CVE-2014-8106)This issue was found by Paolo Bonzini of Red Hat.All users of qemu-kvm-rhev are advised to upgrade to these updatedpackages, which contain a backported patch to correct this issue. Afterinstalling this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat OpenStack 4.0

SRPMS:
qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.src.rpm
    MD5: 1fb9a36bb9325ce6225555ebc84a8848SHA-256: 7a1442d99ffa8bda8b8f31c3649407a043ca781eaaaddc0554dc3f3dade072a0
 
x86_64:
qemu-img-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: a530d0070d5864f28b9e56a9d3f7c9afSHA-256: 698844f500d9a30a1453d9dd1583b28fba0cae8a0b300fd2a84525caa9494e05
qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: f4fbd2f6423f7d495ea734de2d21d301SHA-256: a11888aaeeae64bac2daeb0e1b859e35a9a11a929b7421b42fe63ac78befd6ad
qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: 4c6043407f1e482d3a51771f6698337fSHA-256: d579821c725fe3a7a6a6719c4395b53edc0286acd1b8629054001a2a80526183
qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: 012592024b06d5d9cbdcbd751821b796SHA-256: 945821d5a5eb8d33bdc16dfa5805f01b48601491c091b0f9b9ab4d9667e4f478
 
Red Hat OpenStack 5.0 for RHEL 6

SRPMS:
qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.src.rpm
    MD5: 1fb9a36bb9325ce6225555ebc84a8848SHA-256: 7a1442d99ffa8bda8b8f31c3649407a043ca781eaaaddc0554dc3f3dade072a0
 
x86_64:
qemu-img-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: a530d0070d5864f28b9e56a9d3f7c9afSHA-256: 698844f500d9a30a1453d9dd1583b28fba0cae8a0b300fd2a84525caa9494e05
qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: f4fbd2f6423f7d495ea734de2d21d301SHA-256: a11888aaeeae64bac2daeb0e1b859e35a9a11a929b7421b42fe63ac78befd6ad
qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: 4c6043407f1e482d3a51771f6698337fSHA-256: d579821c725fe3a7a6a6719c4395b53edc0286acd1b8629054001a2a80526183
qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.2.x86_64.rpm
    MD5: 012592024b06d5d9cbdcbd751821b796SHA-256: 945821d5a5eb8d33bdc16dfa5805f01b48601491c091b0f9b9ab4d9667e4f478
 
(The unlinked packages above are only available from the Red Hat Network)
1169454 – CVE-2014-8106 qemu: cirrus: insufficient blit region checks

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply