An update for kvm is now available for Red Hat Enterprise Linux 5.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
KVM (for Kernel-based Virtual Machine) is a full virtualization solution forLinux on x86 hardware. Using KVM, one can run multiple virtual machines runningunmodified Linux or Windows images.

Each virtual machine has private virtualizedhardware: a network card, disk, graphics adapter, etc.Security Fix(es):* An out-of-bounds read/write access flaw was found in the way QEMU’s VGAemulation with VESA BIOS Extensions (VBE) support performed read/writeoperations using I/O port methods.

A privileged guest user could use this flawto execute arbitrary code on the host with the privileges of the host’s QEMUprocess. (CVE-2016-3710)* Quick Emulator(QEMU) built with the virtio framework is vulnerable to anunbounded memory allocation issue.
It was found that a malicious guest usercould submit more requests than the virtqueue size permits. Processing a requestallocates a VirtQueueElement results in unbounded memory allocation on the hostcontrolled by the guest. (CVE-2016-5403)Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360Marvel Team) for reporting CVE-2016-3710 and hongzhenhao (Marvel Team) forreporting CVE-2016-5403.
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258Note: The procedure in the Solution section must be performed before this updatewill take effect.RHEL Desktop Multi OS (v. 5 client)

SRPMS:
kvm-83-276.el5_11.src.rpm
    MD5: 184ec1bd563381d705aece55ff297fc9SHA-256: bee01bdf5d0265082a898780154cfdccacdf5c08a77c1fbcc531f86fc0167bd9
 
x86_64:
kmod-kvm-83-276.el5_11.x86_64.rpm
    MD5: 0de0b74e24f36856154c36665a6f2bb2SHA-256: c66d341ccba983fdd9609806746975de54133b6ef8284a8aac343e33219d734a
kmod-kvm-debug-83-276.el5_11.x86_64.rpm
    MD5: 0731d90a6019acaff8f9a9b497ccd711SHA-256: f8efd16e180a182604754d74f56baa86989c66248dfe9539d1a37c5e03828b80
kvm-83-276.el5_11.x86_64.rpm
    MD5: 15239f782cc51109aaa127ca836e6345SHA-256: 0bf2bbdcbe0b8f3dad3533a644eeb3b275087468c1044c46490d5510774108ae
kvm-debuginfo-83-276.el5_11.x86_64.rpm
    MD5: 3a83aa0ff0be3c22abbcab370567cf9dSHA-256: 4bef7af13a7f6bba4cc137211d2d50b082ed66dc6373cc1cea10332a464fda31
kvm-qemu-img-83-276.el5_11.x86_64.rpm
    MD5: 73b60ef46a478029a6521be2731253f3SHA-256: bef7e25d66d9d2363932a464f7e9d9370bc15dc5f247eee02c49455d7bbb36fe
kvm-tools-83-276.el5_11.x86_64.rpm
    MD5: 65f02b3c895cdd864e3d6f3f279a8404SHA-256: e42334787afae25919b24ddba3228aa032ed5adf6b7e54b6ef07686f8883bc92
 
RHEL Virtualization (v. 5 server)

SRPMS:
kvm-83-276.el5_11.src.rpm
    MD5: 184ec1bd563381d705aece55ff297fc9SHA-256: bee01bdf5d0265082a898780154cfdccacdf5c08a77c1fbcc531f86fc0167bd9
 
x86_64:
kmod-kvm-83-276.el5_11.x86_64.rpm
    MD5: 0de0b74e24f36856154c36665a6f2bb2SHA-256: c66d341ccba983fdd9609806746975de54133b6ef8284a8aac343e33219d734a
kmod-kvm-debug-83-276.el5_11.x86_64.rpm
    MD5: 0731d90a6019acaff8f9a9b497ccd711SHA-256: f8efd16e180a182604754d74f56baa86989c66248dfe9539d1a37c5e03828b80
kvm-83-276.el5_11.x86_64.rpm
    MD5: 15239f782cc51109aaa127ca836e6345SHA-256: 0bf2bbdcbe0b8f3dad3533a644eeb3b275087468c1044c46490d5510774108ae
kvm-debuginfo-83-276.el5_11.x86_64.rpm
    MD5: 3a83aa0ff0be3c22abbcab370567cf9dSHA-256: 4bef7af13a7f6bba4cc137211d2d50b082ed66dc6373cc1cea10332a464fda31
kvm-qemu-img-83-276.el5_11.x86_64.rpm
    MD5: 73b60ef46a478029a6521be2731253f3SHA-256: bef7e25d66d9d2363932a464f7e9d9370bc15dc5f247eee02c49455d7bbb36fe
kvm-tools-83-276.el5_11.x86_64.rpm
    MD5: 65f02b3c895cdd864e3d6f3f279a8404SHA-256: e42334787afae25919b24ddba3228aa032ed5adf6b7e54b6ef07686f8883bc92
 
(The unlinked packages above are only available from the Red Hat Network)

1331401 – CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module1358359 – CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply