Home Tags KVM

Tag: KVM

RHEA-2017:0181-1: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.10

Attention: RHN Hosted will reach the end of its service life on July 31, 2017.Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.Learn more here Advisory: RHEA-2017:0181-1 Type: Product Enhancement Advisory Severity: N/A Issued on: 2017-01-24 Last updated on: 2017-01-24 Affected Products: Red Hat Enterprise Virtualization 3 Details An updated rhev-hypervisor package is now available. The rhev-hypervisor package provides a Red Hat Enterprise VirtualizationHypervisor ISO disk image.

The Red Hat Enterprise Virtualization Hypervisor is adedicated Kernel-based Virtual Machine (KVM) hypervisor.
It includes everythingnecessary to run and manage virtual machines: A subset of theRed Hat Enterprise Linux operating environment and the Red Hat EnterpriseVirtualization Agent.Note: Red Hat Enterprise Virtualization Hypervisor is only available for theIntel 64 and AMD64 architectures with virtualization extensions. Solution Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258 Updated packages Red Hat Enterprise Virtualization 3 SRPMS: rhev-hypervisor7-7.3-20170118.0.el6ev.src.rpm     MD5: 1a77910d2286bfcc6d5becb6a94cff33SHA-256: da885432e4969c0a5e54255e6d4ec1f6e0ff846ad492a1f0c50f2e695a3ff319   x86_64: rhev-hypervisor7-7.3-20170118.0.el6ev.noarch.rpm     MD5: 19179cf4d8654d36ba65d887b12d2fd1SHA-256: 8b2483b016aacc7893e63547b4df317b4b8fd7f26fd7e08d60498e8dc1f0ae44   (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1369400 - RHEV-H 3.6 on RHEL 7.3 tracker1379264 - RHEVH 3.6 7.3 should be with the latest rhel 7.3 beta snapshot 51379271 - Include wrong qemu-kvm-rhev package1381112 - [Errno 2] No such file or directory: '/etc/selinux/targeted/contexts/files These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/

RHBA-2017:0115-2: qemu-kvm-rhev bug fix update

Updated qemu-kvm-rhev packages that fix several bugs are now available for RedHat Virtualization Hypervisor 7. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev packages prov...

RHBA-2017:0071-1: qemu-kvm bug fix update

Updated qemu-kvm packages that fix two bugs are now available for Red HatEnterprise Linux 7. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-spacecomponent for running virtual machines using KVM.This update fixes the following bugs:* Previously, Red Hat Enterprise Linux 5.11 guests failed to shut down, andstopped at the "system halted" status. A patch has been applied to fix this bug,and Red Hat Enterprise Linux 5.11 guests shut down as expected. (BZ#1392027)* Previously, using the qemu-kvm system_reset utility when no space was left onon the host caused the qemu-kvm service to terminate with a segmentation fault.The underlying source code has been modified to fix this bug. As a result, theqemu-kvm process stays active, and guest systems can be reset without an error.(BZ#1393042)Users of qemu-kvm are advised to upgrade to these updated packages, which fixthese bugs. After installing this update, shut down all running virtualmachines. Once all virtual machines have shut down, start them again for thisupdate to take effect. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux Server (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   PPC: qemu-img-1.5.3-126.el7_3.1.ppc64.rpmFile outdated by:  RHSA-2017:0083     MD5: d464baa9ee046b6c5d9e8d4aed4a7ddfSHA-256: 54816ab4ab5df9b5e6e50f4e99fc6a21f49706f3fe6cd0392bfc541d416afa95 qemu-kvm-debuginfo-1.5.3-126.el7_3.1.ppc64.rpmFile outdated by:  RHSA-2017:0083     MD5: dba1c8f2f0c9378ec056d8003d0f135bSHA-256: fda38f948a9a0859d1c205eb9963989df12766d205c546ac22e38701a1d930cb   PPC64LE: qemu-img-1.5.3-126.el7_3.1.ppc64le.rpmFile outdated by:  RHSA-2017:0083     MD5: 6ea2e38bcf6b05c2a0505ec2abe8aea3SHA-256: 835afd80efecb6d78c13a3a2f15ef6ae7a325a2a05dee9e5fa2105e2c4aa250b qemu-kvm-debuginfo-1.5.3-126.el7_3.1.ppc64le.rpmFile outdated by:  RHSA-2017:0083     MD5: cd307d65d1c92d3eec94a790cf9f20c8SHA-256: 5f15dd8d762e579f922d8cd348bdb956d2554772814a700aa27ef55dcdfdc0c8   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   (The unlinked packages above are only available from the Red Hat Network) 1392027 - shutdown rhel 5.11 guest failed and stop at "system halted"1393042 - system_reset should clear pending request for error (IDE) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Google reveals its servers all contain custom security silicon

Even the servers it colocates (!) says new docu revealing Alphabet sub's security secrets Google has published a Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. Revealed last Friday, the document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary's operations, none more so than the revelation that “We also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals.

These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level.” That silicon works alongside cryptographic signatures employed “over low-level components like the BIOS, bootloader, kernel, and base operating system image.” “These signatures can be validated during each boot or update,” the document says, adding that “The components are all Google-controlled, built, and hardened. With each new generation of hardware we strive to continually improve security: for example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a microcontroller running Google-written security code, or the above mentioned Google-designed security chip. Another interesting nugget of information the document reveals is that “Google additionally hosts some servers in third-party data centers,” a fact mentioned so the company can explain that when it works with others' bit barns it puts in place its own layers of physical security such as “independent biometric identification systems, cameras, and metal detectors.” The document goes on to explain that Google's fleet of applications and services encrypt data before it is written to disk, to make it harder for malicious disk firmware to access data. Disks get the following treatment: “We enable hardware encryption support in our hard drives and SSDs and meticulously track each drive through its lifecycle.

Before a decommissioned encrypted storage device can physically leave our custody, it is cleaned using a multi-step process that includes two independent verifications.

Devices that do not pass this wiping procedure are physically destroyed (e.g. shredded) on-premise.” Elsewhere, the document describes client security which starts with universal second factor authentication and then sees the company scan employees' devices to “ensure that the operating system images for these client devices are up-to-date with security patches and … control the applications that can be installed.” “We additionally have systems for scanning user-installed apps, downloads, browser extensions, and content browsed from the web for suitability on corp clients.” “Being on the corporate LAN is not our primary mechanism for granting access privileges. We instead use application-level access management controls which allow us to expose internal applications to only specific users when they are coming from a correctly managed device and from expected networks and geographic locations.” Also explained are the automated and manual code review techniques Google uses to detect bugs in software its developers write.

The manual reviews “... are conducted by a team that includes experts across web security, cryptography, and operating system security.

The reviews can also result in new security library features and new fuzzers that can then be applied to other future products.” There's also this description of the lengths Google goes to in its quest to protect source code: “Google’s source code is stored in a central repository where both current and past versions of the service are auditable.

The infrastructure can additionally be configured to require that a service’s binaries be built from specific reviewed, checked in, and tested source code.
Such code reviews require inspection and approval from at least one engineer other than the author, and the system enforces that code modifications to any system must be approved by the owners of that system.

These requirements limit the ability of an insider or adversary to make malicious modifications to source code and also provide a forensic trail from a service back to its source. There's plenty more in the document, like news that Google's public cloud runs virtual machines in a custom version of the KVM hypervisor.

Google also boasts in the document that it is “the largest submitter of CVEs and security bug fixes for the Linux KVM hypervisor.” We also learn that the Google cloud rests on the same security services as the rest of its offerings. There's also an explanation of the company's internal service identity and access management scheme, detailed in the diagram below, plus news that “We do not rely on internal network segmentation or firewalling as our primary security mechanisms”.

That's a little at odds with current interest in network virtualisation and microsegmentation. Google's Service Identity and Access Management scheme The company's also published documents detailing each aspect of security discussed in the main document.

They're listed and linked to at the end of the master document. ® Sponsored: Customer Identity and Access Management

JSA10770 – 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in...

CVE CVSS base score Summary CVE-2016-1762 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. CVE-2016-444...

RHBA-2016:2976-1: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.9-1

Attention: RHN Hosted will reach the end of its service life on July 31, 2017.Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.Learn more here Details An updated rhev-hypervisor package is now available. The rhev-hypervisor package provides a Red Hat Enterprise VirtualizationHypervisor ISO disk image.

The Red Hat Enterprise Virtualization Hypervisor is adedicated Kernel-based Virtual Machine (KVM) hypervisor.
It includes everythingnecessary to run and manage virtual machines: A subset of theRed Hat Enterprise Linux operating environment and the Red Hat EnterpriseVirtualization Agent.This update resolves a potential problem with leap seconds.Note: Red Hat Enterprise Virtualization Hypervisor is only available for theIntel 64 and AMD64 architectures with virtualization extensions. Solution Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258 Updated packages Red Hat Enterprise Virtualization 3 SRPMS: rhev-hypervisor7-7.2-20161220.0.el6ev.src.rpm     MD5: ebc512895f06b7d63780fa5ba556786fSHA-256: bd4ba420d1a33897f8b98233c9f0110273a7d5273f80656a919ac4ede1f6a3fe   x86_64: rhev-hypervisor7-7.2-20161220.0.el6ev.noarch.rpm     MD5: d7ea1966779cd26165485dfabf352331SHA-256: b2dd7e8c32cf31c9f50cc0cbf58c9f31608845e46064a20785a791f96d39864b   (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1406441 - Build RHV-H for 3.6.9-1 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/

RHBA-2016:2803-1: qemu-kvm-rhev bug fix and enhancement update

Updated qemu-kvm-rhev packages that fix two bugs and add one enhancement are nowavailable for Red Hat Enterprise Virtualization Hypervisor 7. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev packages provide the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.This update fixes the following bugs:* The fix for CVE-2016-5403 caused migrating guest instances to fail with a"Virtqueue size exceeded" error message. With this update, the value of thevirtualization queue is recalculated after the migration, and the describedproblem no longer occurs. (BZ#1374623)* Due to a race condition in the virtio-blk dataplane, live migration of a guestin some cases failed with a "Virtqueue size exceeded" error message.

This updateprevents the race condition from occurring, and thus allows live migration towork more reliably. (BZ#1380320)In addition, this update adds the following enhancement:* It is now possible to specify the virtio data buffer limit between a guest andthe QEMU emulator.

To do this, change the value of the <driverrx_queue_size='N'/> parameter in the guest's domain XML file, where N can befrom 256 to 1024. (BZ#1375642)Users of qemu-kvm-rhev are advised to upgrade to these updated packages, whichfix these bugs.

After installing this update, shut down all running virtualmachines. Once all virtual machines have shut down, start them again for thisupdate to take effect. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Virtualization ( v.4 for RHEL 7) SRPMS: qemu-kvm-rhev-2.3.0-31.el7_2.23.src.rpmFile outdated by:  RHBA-2016:2673     MD5: 445e1bbf6cdba60ffcfd199a7b03212dSHA-256: a020e85100802fa2a7d53d8ef32e046234e44bd8782f4b4ac9e553836bd4e2fb   x86_64: libcacard-devel-rhev-2.3.0-31.el7_2.23.x86_64.rpm     MD5: 955d22794521189bac78beb4bdfd0677SHA-256: 549ac627db645908035be76c390398512daa5afd26aa22547bb1445741a2d179 libcacard-rhev-2.3.0-31.el7_2.23.x86_64.rpm     MD5: 8c5f07edcdabba61912a9ccd3d23c24eSHA-256: cc89da466898746bef068e21c38795d4e6b6fe6ae342068e9107c3cc28a101a3 libcacard-tools-rhev-2.3.0-31.el7_2.23.x86_64.rpm     MD5: 96d3419c1102c1ce381837f16fbf22e8SHA-256: 0c15e94faba3736c95b20af77ee1a3ad4c1d75ed45eba5dd1b8eda353bd8c160 qemu-img-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: aa1c1993dc405fb3be0d689ebc815f20SHA-256: 555ac212e75147ebbc5fa966455dfcad9957f8dcbd8d312a7a99bed3a8790311 qemu-kvm-common-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: b5eb187f17a6aaf487cc4be17b93e8e0SHA-256: c6f9ece721acf2586d2d1e6d5600a0166efed27797c31334f7f8c718fdd3cb0f qemu-kvm-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: ef7e49de53ea0566234c450f6b6e2d5bSHA-256: ece0f9dcaba2ec275728a9435afd35970206a351a0ccbd6a21f791296737d05b qemu-kvm-tools-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: 2af92351f986a08ae03443bfb37327cbSHA-256: 259991a03211ab83e58ecc587f422ceff4a19fde89a9785026cb05d79eb8c402   (The unlinked packages above are only available from the Red Hat Network) 1374623 - RHSA-2016-1756 breaks migration of instances1380310 - match the OEM ID and OEM Table ID fields of the FADT and the RSDT to those of the SLIC [7.2.z]1380320 - Race condition during virtio-blk dataplane stop triggers "Virtqueue size exceeded" These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

RHSA-2016:2706-1: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update

An update for qemu-kvm-rhev is now available for Red Hat Enterprise LinuxOpenStack Platform 5.0 (Icehouse) for RHEL 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev package provides the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.The following packages have been upgraded to a newer upstream version:qemu-kvm-rhev (2.6.0). (BZ#1386377)Security Fix(es):* An out-of-bounds flaw was found in the QEMU emulator built using'address_space_translate' to map an address to a MemoryRegionSection.

The flawcould occur while doing pci_dma_read/write calls, resulting in an out-of-boundsread-write access error.

A privileged user inside a guest could use this flaw tocrash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting thisissue. For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.Red Hat OpenStack 5.0 for RHEL 7 SRPMS: qemu-kvm-rhev-2.6.0-27.el7.src.rpm     MD5: 68f8819216de7dfc31abca02226674b6SHA-256: 20aad33d141692928891c56232f3baffe1d66537bbe1826403b10db59a6975ac   x86_64: qemu-img-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 2f21167afc58a1676d72ccd04d8a4dd1SHA-256: 4d9f9fb6de67fb7c7cc4ed9d170a435322afe6db52ff18422b627c1ddefbafa8 qemu-kvm-common-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 583b2e68d65b2ea53fb3497c4c31c529SHA-256: c58f599922c46931e8f3af3c2e7736c1af3f5f983ce2b428db7fc19892ea9506 qemu-kvm-rhev-2.6.0-27.el7.x86_64.rpm     MD5: aca20204b6bd76fd61d76bd640dd4389SHA-256: b4f5a77f325bf93a73980a00af141571c7ff6b4b37fd35dc3ccd1f776191c132 qemu-kvm-rhev-debuginfo-2.6.0-27.el7.x86_64.rpm     MD5: c3e9e6c49388170a38d9e7e65300a9b7SHA-256: 4c6f8edd188dda53e1c69cdffae86b92ea8abb9268002c54436a164f5aaa9d9f qemu-kvm-tools-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 07eb4578de7d2f3399ea9eef0abcea2fSHA-256: d8677214a68f0d4cffc40342e0eb34c5b4adb991a97413749bbc4592b2dcc346   (The unlinked packages above are only available from the Red Hat Network) 1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault1374369 - RHSA-2016-1756 breaks migration of instances [OSP5-EL7]1386377 - Rebase qemu-kvm-rhev to 2.6.0 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

RHSA-2016:2705-1: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update

An update for qemu-kvm-rhev is now available for Red Hat Enterprise LinuxOpenStack Platform 6.0 (Juno) for RHEL 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev package provides the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.The following packages have been upgraded to a newer upstream version:qemu-kvm-rhev (2.6.0). (BZ#1386379)Security Fix(es):* An out-of-bounds flaw was found in the QEMU emulator built using'address_space_translate' to map an address to a MemoryRegionSection.

The flawcould occur while doing pci_dma_read/write calls, resulting in an out-of-boundsread-write access error.

A privileged user inside a guest could use this flaw tocrash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting thisissue. For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.Red Hat OpenStack 6.0 for RHEL 7 SRPMS: qemu-kvm-rhev-2.6.0-27.el7.src.rpm     MD5: 68f8819216de7dfc31abca02226674b6SHA-256: 20aad33d141692928891c56232f3baffe1d66537bbe1826403b10db59a6975ac   x86_64: qemu-img-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 2f21167afc58a1676d72ccd04d8a4dd1SHA-256: 4d9f9fb6de67fb7c7cc4ed9d170a435322afe6db52ff18422b627c1ddefbafa8 qemu-kvm-common-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 583b2e68d65b2ea53fb3497c4c31c529SHA-256: c58f599922c46931e8f3af3c2e7736c1af3f5f983ce2b428db7fc19892ea9506 qemu-kvm-rhev-2.6.0-27.el7.x86_64.rpm     MD5: aca20204b6bd76fd61d76bd640dd4389SHA-256: b4f5a77f325bf93a73980a00af141571c7ff6b4b37fd35dc3ccd1f776191c132 qemu-kvm-rhev-debuginfo-2.6.0-27.el7.x86_64.rpm     MD5: c3e9e6c49388170a38d9e7e65300a9b7SHA-256: 4c6f8edd188dda53e1c69cdffae86b92ea8abb9268002c54436a164f5aaa9d9f qemu-kvm-tools-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 07eb4578de7d2f3399ea9eef0abcea2fSHA-256: d8677214a68f0d4cffc40342e0eb34c5b4adb991a97413749bbc4592b2dcc346   (The unlinked packages above are only available from the Red Hat Network) 1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault1374368 - RHSA-2016-1756 breaks migration of instances [OSP6]1386379 - Rebase qemu-kvm-rhev to 2.6.0 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

RHBA-2016:2678-1: qemu-kvm bug fix update

Updated qemu-kvm packages that fix one bug are now available for Red HatEnterprise Linux 7. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm packages provide the user-spacecomponent for running virtual machines using KVM.This update fixes the following bug:* After applying the fix for security issue CVE-2016-3712, the installation ofcertain guests on Red Hat Enterprise Linux was not possible due to unmodifiableregisters.

This update introduces a new register set to be used instead of vgaregisters in these guests.

As a result, the vga registers no longer cause theguest installation to fail. (BZ#1347527)* Previously, calling the Streaming SIMD Extensions 4 (SSE4) version of thestrstr() function returned incorrect results due to missing support forstrstr().

This update adds this support, and calling SSE4 strstr() now returnscorrect results. (BZ#1366535)* The fix for CVE-2016-5403 caused migrating guest instances to fail with a"Virtqueue size exceeded" error message. With this update, the value of thevirtualization queue is recalculated after the migration, and the describedproblem no longer occurs. (BZ#1380306)* Previously, the "virsh dump" command failed when both the --memory-only and--format options were used.

This update fixes the underlying code, and "virshdump" works as expected in the described circumstances. (BZ#1382645)Users of qemu-kvm are advised to upgrade to these updated packages, which fixthis bug.

After installing this update, shut down all running virtual machines.Once all virtual machines have shut down, start them again for this update totake effect. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux HPC Node EUS (v. 7.2) SRPMS: qemu-kvm-1.5.3-105.el7_2.10.src.rpm     MD5: 30dd409b98ab0d6d53f93e10a8b98bd1SHA-256: 608d300dd98a6e32370bd623ae05745147c2fba6617bf130a1beb14010538d20   x86_64: libcacard-1.5.3-105.el7_2.10.i686.rpm     MD5: e07bbcd035581c72dd02375bd3702e3dSHA-256: 0757662a305b4c18076f5c93e982df6c6da4a251d390e5fc4f5609c35bf9c7b8 libcacard-1.5.3-105.el7_2.10.x86_64.rpm     MD5: eb8025a004c1ad80659645958d0dbe73SHA-256: c4cf72148f242391bda7e2bbe4b07b164bc53341dfc4f806bb7394d8af898b2e libcacard-devel-1.5.3-105.el7_2.10.i686.rpm     MD5: 47028bc770c09717d3dd76597e4328c3SHA-256: d3d25fac6acf29eafdd51bc9ff087d06082fc24b632ed74590e163e7977d08d4 libcacard-devel-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 0fafe267ce11cb3d1b6c5a54d54176b8SHA-256: e3c97480616da513cfdab35809ad8151f4676aa9f6990785a5f4789429bbce05 libcacard-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: b36cd24bacb197f61021131b7211f176SHA-256: 585ac2487c1f278caba5f97fa461e74b624a269d263d5e30170e68fd2618e22e qemu-img-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 86b4aaa369339e0ae57e91c3ec4b6d0eSHA-256: 5e59a150302eb14adbf7cc2d6826adee9a9bf182c2c1e190221947599d5754b7 qemu-kvm-1.5.3-105.el7_2.10.x86_64.rpm     MD5: a93e050eda31ef6c4bed791a67864110SHA-256: 5c74936f412f8d8cd94a74139f82ee7eba47e97f5398ac093282d981b37f4192 qemu-kvm-common-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 21dabb982fbd7b1b847ae9809c2438acSHA-256: 755dc52591df0dd28402b4f15e4de69c116a1f96ff8bcd330a6357ae29ce8276 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.i686.rpm     MD5: 8c09ffed5c490b7af1892a433d990b5aSHA-256: 20207bf20a6b383e57ba28b2f61a61bfe256a0544c6abf77b670d16fb64e78d2 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 9b951049471f1c3e5fc9625d81d4dfa4SHA-256: 3bdd0f879edfd365a6a6ef3a40be6c1c8b35824194b8660721f0b84b494bdc3f qemu-kvm-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 3f7e749e4a66e00d52039cfb2e105634SHA-256: daf0adb15598d6e06c6b1df12a2ab3dce7f7899b4a9c8899bf61c72af48708ec   Red Hat Enterprise Linux Server AUS (v. 7.2) SRPMS: qemu-kvm-1.5.3-105.el7_2.10.src.rpm     MD5: 30dd409b98ab0d6d53f93e10a8b98bd1SHA-256: 608d300dd98a6e32370bd623ae05745147c2fba6617bf130a1beb14010538d20   x86_64: libcacard-1.5.3-105.el7_2.10.i686.rpm     MD5: e07bbcd035581c72dd02375bd3702e3dSHA-256: 0757662a305b4c18076f5c93e982df6c6da4a251d390e5fc4f5609c35bf9c7b8 libcacard-1.5.3-105.el7_2.10.x86_64.rpm     MD5: eb8025a004c1ad80659645958d0dbe73SHA-256: c4cf72148f242391bda7e2bbe4b07b164bc53341dfc4f806bb7394d8af898b2e libcacard-devel-1.5.3-105.el7_2.10.i686.rpm     MD5: 47028bc770c09717d3dd76597e4328c3SHA-256: d3d25fac6acf29eafdd51bc9ff087d06082fc24b632ed74590e163e7977d08d4 libcacard-devel-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 0fafe267ce11cb3d1b6c5a54d54176b8SHA-256: e3c97480616da513cfdab35809ad8151f4676aa9f6990785a5f4789429bbce05 libcacard-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: b36cd24bacb197f61021131b7211f176SHA-256: 585ac2487c1f278caba5f97fa461e74b624a269d263d5e30170e68fd2618e22e qemu-img-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 86b4aaa369339e0ae57e91c3ec4b6d0eSHA-256: 5e59a150302eb14adbf7cc2d6826adee9a9bf182c2c1e190221947599d5754b7 qemu-kvm-1.5.3-105.el7_2.10.x86_64.rpm     MD5: a93e050eda31ef6c4bed791a67864110SHA-256: 5c74936f412f8d8cd94a74139f82ee7eba47e97f5398ac093282d981b37f4192 qemu-kvm-common-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 21dabb982fbd7b1b847ae9809c2438acSHA-256: 755dc52591df0dd28402b4f15e4de69c116a1f96ff8bcd330a6357ae29ce8276 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.i686.rpm     MD5: 8c09ffed5c490b7af1892a433d990b5aSHA-256: 20207bf20a6b383e57ba28b2f61a61bfe256a0544c6abf77b670d16fb64e78d2 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 9b951049471f1c3e5fc9625d81d4dfa4SHA-256: 3bdd0f879edfd365a6a6ef3a40be6c1c8b35824194b8660721f0b84b494bdc3f qemu-kvm-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 3f7e749e4a66e00d52039cfb2e105634SHA-256: daf0adb15598d6e06c6b1df12a2ab3dce7f7899b4a9c8899bf61c72af48708ec   Red Hat Enterprise Linux Server EUS (v. 7.2) SRPMS: qemu-kvm-1.5.3-105.el7_2.10.src.rpm     MD5: 30dd409b98ab0d6d53f93e10a8b98bd1SHA-256: 608d300dd98a6e32370bd623ae05745147c2fba6617bf130a1beb14010538d20   PPC: libcacard-1.5.3-105.el7_2.10.ppc.rpm     MD5: a1306851825271c035b75e9922d81932SHA-256: adc471b512323f9223b6fb065ab128fd8116555efb069fff38be1b7e28214949 libcacard-1.5.3-105.el7_2.10.ppc64.rpm     MD5: 39fa761a8bfd0b052db766382cde0532SHA-256: e80e677444091f6925f50ffedcbfc1acd223fe29ee0ee2a5f58e4adf7b57bb35 libcacard-devel-1.5.3-105.el7_2.10.ppc.rpm     MD5: 951af6994235c9baf395f7ffe496d440SHA-256: 8621dcbefac8ecbe255fdf4e16729524af0f3b2e27275b9a5c9755cd85d9a3d0 libcacard-devel-1.5.3-105.el7_2.10.ppc64.rpm     MD5: 1f5675b7750d3d97215c1b37dfec58c3SHA-256: 669c5f9bc9eb7c92e489fa652c2b83094b07d6e3d87c214b7ad79fa1addce9dd libcacard-tools-1.5.3-105.el7_2.10.ppc64.rpm     MD5: 73ede1ffe7fcbc919acac679dbb8606cSHA-256: 48d1c4dc54372b6f8c1a9144af575a3124fd3f0a0bf584c5bdc6d42287280546 qemu-img-1.5.3-105.el7_2.10.ppc64.rpm     MD5: 2844f3f9e9d17c69c9c6d3b75158cf27SHA-256: acca8f501deedae389d20de4ccb84dcabb499cdd6c40c5d26a13e918680caef3 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.ppc.rpm     MD5: 3187accbcb85fe862714712f4bc31f9fSHA-256: 34b1ae3a81ba45dc2fd6ea8dfccc21a4df8eec134db1456c509549bff83dc39f qemu-kvm-debuginfo-1.5.3-105.el7_2.10.ppc64.rpm     MD5: 87fed68b2da6f7feab0a4cc2cbdc116fSHA-256: 12a25935946c83e2d3f49c0783584feda10d328a7b1ec97f9a111dadcf7a74ec   PPC64LE: libcacard-1.5.3-105.el7_2.10.ppc64le.rpm     MD5: f2fd26a262b35bd7d19424e5450ba533SHA-256: 2d1d5725e75f2e422163e85473773cdb129494f6f81e6cd7c9d3c14d2ba42a0d libcacard-devel-1.5.3-105.el7_2.10.ppc64le.rpm     MD5: 9402797f966f60ad6d1636575fcf5623SHA-256: 07d33ad7573b302c0eb1d4e5fd75e026f0ee26ab8ad74253b46469f814c676a1 libcacard-tools-1.5.3-105.el7_2.10.ppc64le.rpm     MD5: 6f51f1834772f5f5fe0f3660fff4e85fSHA-256: 5bf058bd42a94349ecaac4ec1b974ce1255531681caae76c9a3fade554722a54 qemu-img-1.5.3-105.el7_2.10.ppc64le.rpm     MD5: d05187798d965b346bdf613bacc0bb2eSHA-256: b39a824f1e2db67854062de8bdddcc03957dffba15e46dd8802259d91f81f656 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.ppc64le.rpm     MD5: 705ad3fa92202305851da73fa9264441SHA-256: f95d97bc70b6771e45f0b24d6526ffebafe340d73557db8728bce22a58927c21   x86_64: libcacard-1.5.3-105.el7_2.10.i686.rpm     MD5: e07bbcd035581c72dd02375bd3702e3dSHA-256: 0757662a305b4c18076f5c93e982df6c6da4a251d390e5fc4f5609c35bf9c7b8 libcacard-1.5.3-105.el7_2.10.x86_64.rpm     MD5: eb8025a004c1ad80659645958d0dbe73SHA-256: c4cf72148f242391bda7e2bbe4b07b164bc53341dfc4f806bb7394d8af898b2e libcacard-devel-1.5.3-105.el7_2.10.i686.rpm     MD5: 47028bc770c09717d3dd76597e4328c3SHA-256: d3d25fac6acf29eafdd51bc9ff087d06082fc24b632ed74590e163e7977d08d4 libcacard-devel-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 0fafe267ce11cb3d1b6c5a54d54176b8SHA-256: e3c97480616da513cfdab35809ad8151f4676aa9f6990785a5f4789429bbce05 libcacard-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: b36cd24bacb197f61021131b7211f176SHA-256: 585ac2487c1f278caba5f97fa461e74b624a269d263d5e30170e68fd2618e22e qemu-img-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 86b4aaa369339e0ae57e91c3ec4b6d0eSHA-256: 5e59a150302eb14adbf7cc2d6826adee9a9bf182c2c1e190221947599d5754b7 qemu-kvm-1.5.3-105.el7_2.10.x86_64.rpm     MD5: a93e050eda31ef6c4bed791a67864110SHA-256: 5c74936f412f8d8cd94a74139f82ee7eba47e97f5398ac093282d981b37f4192 qemu-kvm-common-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 21dabb982fbd7b1b847ae9809c2438acSHA-256: 755dc52591df0dd28402b4f15e4de69c116a1f96ff8bcd330a6357ae29ce8276 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.i686.rpm     MD5: 8c09ffed5c490b7af1892a433d990b5aSHA-256: 20207bf20a6b383e57ba28b2f61a61bfe256a0544c6abf77b670d16fb64e78d2 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 9b951049471f1c3e5fc9625d81d4dfa4SHA-256: 3bdd0f879edfd365a6a6ef3a40be6c1c8b35824194b8660721f0b84b494bdc3f qemu-kvm-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 3f7e749e4a66e00d52039cfb2e105634SHA-256: daf0adb15598d6e06c6b1df12a2ab3dce7f7899b4a9c8899bf61c72af48708ec   Red Hat Enterprise Linux Server TUS (v. 7.2) SRPMS: qemu-kvm-1.5.3-105.el7_2.10.src.rpm     MD5: 30dd409b98ab0d6d53f93e10a8b98bd1SHA-256: 608d300dd98a6e32370bd623ae05745147c2fba6617bf130a1beb14010538d20   x86_64: libcacard-1.5.3-105.el7_2.10.i686.rpm     MD5: e07bbcd035581c72dd02375bd3702e3dSHA-256: 0757662a305b4c18076f5c93e982df6c6da4a251d390e5fc4f5609c35bf9c7b8 libcacard-1.5.3-105.el7_2.10.x86_64.rpm     MD5: eb8025a004c1ad80659645958d0dbe73SHA-256: c4cf72148f242391bda7e2bbe4b07b164bc53341dfc4f806bb7394d8af898b2e libcacard-devel-1.5.3-105.el7_2.10.i686.rpm     MD5: 47028bc770c09717d3dd76597e4328c3SHA-256: d3d25fac6acf29eafdd51bc9ff087d06082fc24b632ed74590e163e7977d08d4 libcacard-devel-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 0fafe267ce11cb3d1b6c5a54d54176b8SHA-256: e3c97480616da513cfdab35809ad8151f4676aa9f6990785a5f4789429bbce05 libcacard-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: b36cd24bacb197f61021131b7211f176SHA-256: 585ac2487c1f278caba5f97fa461e74b624a269d263d5e30170e68fd2618e22e qemu-img-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 86b4aaa369339e0ae57e91c3ec4b6d0eSHA-256: 5e59a150302eb14adbf7cc2d6826adee9a9bf182c2c1e190221947599d5754b7 qemu-kvm-1.5.3-105.el7_2.10.x86_64.rpm     MD5: a93e050eda31ef6c4bed791a67864110SHA-256: 5c74936f412f8d8cd94a74139f82ee7eba47e97f5398ac093282d981b37f4192 qemu-kvm-common-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 21dabb982fbd7b1b847ae9809c2438acSHA-256: 755dc52591df0dd28402b4f15e4de69c116a1f96ff8bcd330a6357ae29ce8276 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.i686.rpm     MD5: 8c09ffed5c490b7af1892a433d990b5aSHA-256: 20207bf20a6b383e57ba28b2f61a61bfe256a0544c6abf77b670d16fb64e78d2 qemu-kvm-debuginfo-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 9b951049471f1c3e5fc9625d81d4dfa4SHA-256: 3bdd0f879edfd365a6a6ef3a40be6c1c8b35824194b8660721f0b84b494bdc3f qemu-kvm-tools-1.5.3-105.el7_2.10.x86_64.rpm     MD5: 3f7e749e4a66e00d52039cfb2e105634SHA-256: daf0adb15598d6e06c6b1df12a2ab3dce7f7899b4a9c8899bf61c72af48708ec   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

RHBA-2016:2673-1: qemu-kvm-rhev bug fix and enhancement update

Updated qemu-kvm-rhev packages that fix several bugs and add variousenhancements are now available for Red Hat Virtualization Hypervisor 7. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

Th...

RHSA-2016:1943-2: Important: kvm security update

An update for kvm is now available for Red Hat Enterprise Linux 5.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. KVM (for Kernel-based Virtual Machine) is a full virtualization solution forLinux on x86 hardware. Using KVM, one can run multiple virtual machines runningunmodified Linux or Windows images.

Each virtual machine has private virtualizedhardware: a network card, disk, graphics adapter, etc.Security Fix(es):* An out-of-bounds read/write access flaw was found in the way QEMU's VGAemulation with VESA BIOS Extensions (VBE) support performed read/writeoperations using I/O port methods.

A privileged guest user could use this flawto execute arbitrary code on the host with the privileges of the host's QEMUprocess. (CVE-2016-3710)* Quick Emulator(QEMU) built with the virtio framework is vulnerable to anunbounded memory allocation issue.
It was found that a malicious guest usercould submit more requests than the virtqueue size permits. Processing a requestallocates a VirtQueueElement results in unbounded memory allocation on the hostcontrolled by the guest. (CVE-2016-5403)Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360Marvel Team) for reporting CVE-2016-3710 and hongzhenhao (Marvel Team) forreporting CVE-2016-5403. For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258Note: The procedure in the Solution section must be performed before this updatewill take effect.RHEL Desktop Multi OS (v. 5 client) SRPMS: kvm-83-276.el5_11.src.rpm     MD5: 184ec1bd563381d705aece55ff297fc9SHA-256: bee01bdf5d0265082a898780154cfdccacdf5c08a77c1fbcc531f86fc0167bd9   x86_64: kmod-kvm-83-276.el5_11.x86_64.rpm     MD5: 0de0b74e24f36856154c36665a6f2bb2SHA-256: c66d341ccba983fdd9609806746975de54133b6ef8284a8aac343e33219d734a kmod-kvm-debug-83-276.el5_11.x86_64.rpm     MD5: 0731d90a6019acaff8f9a9b497ccd711SHA-256: f8efd16e180a182604754d74f56baa86989c66248dfe9539d1a37c5e03828b80 kvm-83-276.el5_11.x86_64.rpm     MD5: 15239f782cc51109aaa127ca836e6345SHA-256: 0bf2bbdcbe0b8f3dad3533a644eeb3b275087468c1044c46490d5510774108ae kvm-debuginfo-83-276.el5_11.x86_64.rpm     MD5: 3a83aa0ff0be3c22abbcab370567cf9dSHA-256: 4bef7af13a7f6bba4cc137211d2d50b082ed66dc6373cc1cea10332a464fda31 kvm-qemu-img-83-276.el5_11.x86_64.rpm     MD5: 73b60ef46a478029a6521be2731253f3SHA-256: bef7e25d66d9d2363932a464f7e9d9370bc15dc5f247eee02c49455d7bbb36fe kvm-tools-83-276.el5_11.x86_64.rpm     MD5: 65f02b3c895cdd864e3d6f3f279a8404SHA-256: e42334787afae25919b24ddba3228aa032ed5adf6b7e54b6ef07686f8883bc92   RHEL Virtualization (v. 5 server) SRPMS: kvm-83-276.el5_11.src.rpm     MD5: 184ec1bd563381d705aece55ff297fc9SHA-256: bee01bdf5d0265082a898780154cfdccacdf5c08a77c1fbcc531f86fc0167bd9   x86_64: kmod-kvm-83-276.el5_11.x86_64.rpm     MD5: 0de0b74e24f36856154c36665a6f2bb2SHA-256: c66d341ccba983fdd9609806746975de54133b6ef8284a8aac343e33219d734a kmod-kvm-debug-83-276.el5_11.x86_64.rpm     MD5: 0731d90a6019acaff8f9a9b497ccd711SHA-256: f8efd16e180a182604754d74f56baa86989c66248dfe9539d1a37c5e03828b80 kvm-83-276.el5_11.x86_64.rpm     MD5: 15239f782cc51109aaa127ca836e6345SHA-256: 0bf2bbdcbe0b8f3dad3533a644eeb3b275087468c1044c46490d5510774108ae kvm-debuginfo-83-276.el5_11.x86_64.rpm     MD5: 3a83aa0ff0be3c22abbcab370567cf9dSHA-256: 4bef7af13a7f6bba4cc137211d2d50b082ed66dc6373cc1cea10332a464fda31 kvm-qemu-img-83-276.el5_11.x86_64.rpm     MD5: 73b60ef46a478029a6521be2731253f3SHA-256: bef7e25d66d9d2363932a464f7e9d9370bc15dc5f247eee02c49455d7bbb36fe kvm-tools-83-276.el5_11.x86_64.rpm     MD5: 65f02b3c895cdd864e3d6f3f279a8404SHA-256: e42334787afae25919b24ddba3228aa032ed5adf6b7e54b6ef07686f8883bc92   (The unlinked packages above are only available from the Red Hat Network) 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: