An update for qemu-kvm-rhev is now available for Red Hat Enterprise LinuxOpenStack Platform 5.0 (Icehouse) for RHEL 7.Red Hat Product Security has rated this update as having a security impact ofModerate.
A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.
The qemu-kvm-rhev package provides the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.The following packages have been upgraded to a newer upstream version:qemu-kvm-rhev (2.6.0). (BZ#1386377)Security Fix(es):* An out-of-bounds flaw was found in the QEMU emulator built using’address_space_translate’ to map an address to a MemoryRegionSection.
The flawcould occur while doing pci_dma_read/write calls, resulting in an out-of-boundsread-write access error.
A privileged user inside a guest could use this flaw tocrash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting thisissue.
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.Red Hat OpenStack 5.0 for RHEL 7
MD5: 68f8819216de7dfc31abca02226674b6SHA-256: 20aad33d141692928891c56232f3baffe1d66537bbe1826403b10db59a6975ac
MD5: 2f21167afc58a1676d72ccd04d8a4dd1SHA-256: 4d9f9fb6de67fb7c7cc4ed9d170a435322afe6db52ff18422b627c1ddefbafa8
MD5: 583b2e68d65b2ea53fb3497c4c31c529SHA-256: c58f599922c46931e8f3af3c2e7736c1af3f5f983ce2b428db7fc19892ea9506
MD5: aca20204b6bd76fd61d76bd640dd4389SHA-256: b4f5a77f325bf93a73980a00af141571c7ff6b4b37fd35dc3ccd1f776191c132
MD5: c3e9e6c49388170a38d9e7e65300a9b7SHA-256: 4c6f8edd188dda53e1c69cdffae86b92ea8abb9268002c54436a164f5aaa9d9f
MD5: 07eb4578de7d2f3399ea9eef0abcea2fSHA-256: d8677214a68f0d4cffc40342e0eb34c5b4adb991a97413749bbc4592b2dcc346
(The unlinked packages above are only available from the Red Hat Network)
1300771 – CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault1374369 – RHSA-2016-1756 breaks migration of instances [OSP5-EL7]1386377 – Rebase qemu-kvm-rhev to 2.6.0
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: