Updated qemu-kvm packages that fix two security issues and one bug are nowavailable for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides theuser-space component for running virtual machines using KVM.A heap buffer overflow flaw was found in the way QEMU’s IDE subsystemhandled I/O buffer access while processing certain ATAPI commands.A privileged guest user in a guest with the CDROM drive enabled couldpotentially use this flaw to execute arbitrary code on the host with theprivileges of the host’s QEMU process corresponding to the guest.(CVE-2015-5154)An out-of-bounds memory access flaw, leading to memory corruption orpossibly an information leak, was found in QEMU’s pit_ioport_read()function. A privileged guest user in a QEMU guest, which had QEMU PITemulation enabled, could potentially, in rare cases, use this flaw toexecute arbitrary code on the host with the privileges of the hosting QEMUprocess. (CVE-2015-3214)Red Hat would like to thank Matt Tait of Google’s Project Zero securityteam for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue wasdiscovered by Kevin Wolf of Red Hat.This update also fixes the following bug:* Due to an incorrect implementation of portable memory barriers, the QEMUemulator in some cases terminated unexpectedly when a virtual disk wasunder heavy I/O load. This update fixes the implementation in order toachieve correct synchronization between QEMU’s threads. As a result, thedescribed crash no longer occurs. (BZ#1233643)All qemu-kvm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm
    MD5: 84a9e713653572d70aa9fa2da021fd08SHA-256: ecb5131993dcda9ba8579221107e60fde47bfae644ef2491c5cf2c298271aa8a
 
x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
    MD5: a12741e018bc55342ecdb1824cfc0f59SHA-256: 9c4f22257770f40fc66eb86abd385e99966471a6c52ec6f9de149833b450bcf2
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: a9cc1484c7771dc1ce4fbdaa7dff7622SHA-256: 651022dd1247e7332d31a7e66b15beb98cbb3d07409f0bd9822b8a72ce6985ba
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
    MD5: 55257e00b83d2f2ffeb1ec381a5af4c6SHA-256: e4e89d4bfc26761af82c7dc78495352bcf9f3c002bf6ebf9011ed2f39e038802
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 3d1a9becdcc179d6958b05247c47a6ecSHA-256: 2600d341ac18e1c2ab5f0099132e8a59f4138ed49b3c2cb6db2b1a815e08343e
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 366b51879dd8bfd83daf87200be8b575SHA-256: 58ef1319e7f19a9c930e3e4f6337dbb29bf2b9b7c0632924478cac5932efb66f
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: da60a4079ddb8b2e93fd594f02b746b1SHA-256: a9f57db01d41440a187e594ae04509a0467b6a4b7ccba9e16c28b7b90f14f63a
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 44fc60f6522269a8e9936df17c3c4683SHA-256: 4418b94509c55aa8f3fdcf93fc7f466771004c5df9ec7818cce67e6c5ab4bf8a
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 58b0ca4c1127c7ebc2dc6cdefeaa6b0aSHA-256: 9b8b76a95123ca8619cd356ece5e7cec52516ad83c48b4fd54d34864d5ccf48f
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
    MD5: 21d2407a7758664e740db5a84b2afb28SHA-256: 400142024ea9d2cc03d3cafcecaf2d1b2a41538d93900d79b5df7f7b1f3c7ae0
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 1f6d768ae341ed019b8224a8466221a1SHA-256: e263460795db86d097f326361a3707a25d97a0ff3155c0464bd5402d0000f20b
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: c13010b05ec85ecf4e0e6b33e2e88b05SHA-256: 7b3233489676d8cd658fa36e47b284d571f9ce36edf504124a6feada6ea55573
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm
    MD5: 84a9e713653572d70aa9fa2da021fd08SHA-256: ecb5131993dcda9ba8579221107e60fde47bfae644ef2491c5cf2c298271aa8a
 
x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
    MD5: a12741e018bc55342ecdb1824cfc0f59SHA-256: 9c4f22257770f40fc66eb86abd385e99966471a6c52ec6f9de149833b450bcf2
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: a9cc1484c7771dc1ce4fbdaa7dff7622SHA-256: 651022dd1247e7332d31a7e66b15beb98cbb3d07409f0bd9822b8a72ce6985ba
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
    MD5: 55257e00b83d2f2ffeb1ec381a5af4c6SHA-256: e4e89d4bfc26761af82c7dc78495352bcf9f3c002bf6ebf9011ed2f39e038802
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 3d1a9becdcc179d6958b05247c47a6ecSHA-256: 2600d341ac18e1c2ab5f0099132e8a59f4138ed49b3c2cb6db2b1a815e08343e
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 366b51879dd8bfd83daf87200be8b575SHA-256: 58ef1319e7f19a9c930e3e4f6337dbb29bf2b9b7c0632924478cac5932efb66f
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: da60a4079ddb8b2e93fd594f02b746b1SHA-256: a9f57db01d41440a187e594ae04509a0467b6a4b7ccba9e16c28b7b90f14f63a
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 44fc60f6522269a8e9936df17c3c4683SHA-256: 4418b94509c55aa8f3fdcf93fc7f466771004c5df9ec7818cce67e6c5ab4bf8a
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 58b0ca4c1127c7ebc2dc6cdefeaa6b0aSHA-256: 9b8b76a95123ca8619cd356ece5e7cec52516ad83c48b4fd54d34864d5ccf48f
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
    MD5: 21d2407a7758664e740db5a84b2afb28SHA-256: 400142024ea9d2cc03d3cafcecaf2d1b2a41538d93900d79b5df7f7b1f3c7ae0
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 1f6d768ae341ed019b8224a8466221a1SHA-256: e263460795db86d097f326361a3707a25d97a0ff3155c0464bd5402d0000f20b
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: c13010b05ec85ecf4e0e6b33e2e88b05SHA-256: 7b3233489676d8cd658fa36e47b284d571f9ce36edf504124a6feada6ea55573
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm
    MD5: 84a9e713653572d70aa9fa2da021fd08SHA-256: ecb5131993dcda9ba8579221107e60fde47bfae644ef2491c5cf2c298271aa8a
 
PPC:
libcacard-1.5.3-86.el7_1.5.ppc.rpm
    MD5: bce94c703ca70b54c3d08885ff7ffe6aSHA-256: c3cf90473435753438e22ee995aefce45e72f31529df30584d7c7e3eec49fe69
libcacard-1.5.3-86.el7_1.5.ppc64.rpm
    MD5: 1482642112219a2bbfbdb4a18a5a9637SHA-256: a4a992b416018cbacb852a774efc7258cc7b70c16806f35a3a2f4536e03bd48c
libcacard-devel-1.5.3-86.el7_1.5.ppc.rpm
    MD5: ec1dd1240278c9b802d7f1d880e2bc39SHA-256: bbea2cb27842984ed72c8b8d7396c7b5c47a78b8c615fbe6cd63d62a84e8f0c6
libcacard-devel-1.5.3-86.el7_1.5.ppc64.rpm
    MD5: e6914d6006c96620013289332fc20872SHA-256: 134a0c146ab4e8492b9a5ac295246316a311d688364a0cd513af95188b83e221
libcacard-tools-1.5.3-86.el7_1.5.ppc64.rpm
    MD5: f54652c01c8ba7a46a2a0ef43965692bSHA-256: b36957eec4169c61e03538967157ded81e232078b57ffd2ab5ec80aa9035f5be
qemu-img-1.5.3-86.el7_1.5.ppc64.rpm
    MD5: eece05435858bdbc849d4a7075df94f8SHA-256: be6ec01bb8cef7e23bb40b0cb778002afcd35f82391313817e1edcfe069601cf
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc.rpm
    MD5: 0435f8e35fba92d0380d4ee7aa4d5763SHA-256: 03b5000144bbf8b8e856de0bc90565563a19e060794b687229ab4644115d22b8
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm
    MD5: f1ea32e6007676f20ee8a85fda632cfdSHA-256: bc1958952a4f23eec94446d864629550e9a77d6133693be2d934ab5ca6b8bf9b
 
x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
    MD5: a12741e018bc55342ecdb1824cfc0f59SHA-256: 9c4f22257770f40fc66eb86abd385e99966471a6c52ec6f9de149833b450bcf2
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: a9cc1484c7771dc1ce4fbdaa7dff7622SHA-256: 651022dd1247e7332d31a7e66b15beb98cbb3d07409f0bd9822b8a72ce6985ba
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
    MD5: 55257e00b83d2f2ffeb1ec381a5af4c6SHA-256: e4e89d4bfc26761af82c7dc78495352bcf9f3c002bf6ebf9011ed2f39e038802
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 3d1a9becdcc179d6958b05247c47a6ecSHA-256: 2600d341ac18e1c2ab5f0099132e8a59f4138ed49b3c2cb6db2b1a815e08343e
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 366b51879dd8bfd83daf87200be8b575SHA-256: 58ef1319e7f19a9c930e3e4f6337dbb29bf2b9b7c0632924478cac5932efb66f
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: da60a4079ddb8b2e93fd594f02b746b1SHA-256: a9f57db01d41440a187e594ae04509a0467b6a4b7ccba9e16c28b7b90f14f63a
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 44fc60f6522269a8e9936df17c3c4683SHA-256: 4418b94509c55aa8f3fdcf93fc7f466771004c5df9ec7818cce67e6c5ab4bf8a
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 58b0ca4c1127c7ebc2dc6cdefeaa6b0aSHA-256: 9b8b76a95123ca8619cd356ece5e7cec52516ad83c48b4fd54d34864d5ccf48f
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
    MD5: 21d2407a7758664e740db5a84b2afb28SHA-256: 400142024ea9d2cc03d3cafcecaf2d1b2a41538d93900d79b5df7f7b1f3c7ae0
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 1f6d768ae341ed019b8224a8466221a1SHA-256: e263460795db86d097f326361a3707a25d97a0ff3155c0464bd5402d0000f20b
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: c13010b05ec85ecf4e0e6b33e2e88b05SHA-256: 7b3233489676d8cd658fa36e47b284d571f9ce36edf504124a6feada6ea55573
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
qemu-kvm-1.5.3-86.el7_1.5.src.rpm
    MD5: 84a9e713653572d70aa9fa2da021fd08SHA-256: ecb5131993dcda9ba8579221107e60fde47bfae644ef2491c5cf2c298271aa8a
 
x86_64:
libcacard-1.5.3-86.el7_1.5.i686.rpm
    MD5: a12741e018bc55342ecdb1824cfc0f59SHA-256: 9c4f22257770f40fc66eb86abd385e99966471a6c52ec6f9de149833b450bcf2
libcacard-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: a9cc1484c7771dc1ce4fbdaa7dff7622SHA-256: 651022dd1247e7332d31a7e66b15beb98cbb3d07409f0bd9822b8a72ce6985ba
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
    MD5: 55257e00b83d2f2ffeb1ec381a5af4c6SHA-256: e4e89d4bfc26761af82c7dc78495352bcf9f3c002bf6ebf9011ed2f39e038802
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 3d1a9becdcc179d6958b05247c47a6ecSHA-256: 2600d341ac18e1c2ab5f0099132e8a59f4138ed49b3c2cb6db2b1a815e08343e
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 366b51879dd8bfd83daf87200be8b575SHA-256: 58ef1319e7f19a9c930e3e4f6337dbb29bf2b9b7c0632924478cac5932efb66f
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: da60a4079ddb8b2e93fd594f02b746b1SHA-256: a9f57db01d41440a187e594ae04509a0467b6a4b7ccba9e16c28b7b90f14f63a
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 44fc60f6522269a8e9936df17c3c4683SHA-256: 4418b94509c55aa8f3fdcf93fc7f466771004c5df9ec7818cce67e6c5ab4bf8a
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 58b0ca4c1127c7ebc2dc6cdefeaa6b0aSHA-256: 9b8b76a95123ca8619cd356ece5e7cec52516ad83c48b4fd54d34864d5ccf48f
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm
    MD5: 21d2407a7758664e740db5a84b2afb28SHA-256: 400142024ea9d2cc03d3cafcecaf2d1b2a41538d93900d79b5df7f7b1f3c7ae0
qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: 1f6d768ae341ed019b8224a8466221a1SHA-256: e263460795db86d097f326361a3707a25d97a0ff3155c0464bd5402d0000f20b
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
    MD5: c13010b05ec85ecf4e0e6b33e2e88b05SHA-256: 7b3233489676d8cd658fa36e47b284d571f9ce36edf504124a6feada6ea55573
 
(The unlinked packages above are only available from the Red Hat Network)
1229640 – CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function1243563 – CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply