13.6 C
London
Tuesday, September 26, 2017
Home Tags KVM

Tag: KVM

Need a few air-gapped apps on one screen? Here's how Researchers at Australian think tank Data61 and the nation's Defence Science and Technology Group have cooked up application publishing for the paranoid, by baking an ARM CPU and secure microkernel into a KVM switch.…
Need a few air-gapped apps on one screen? Here's how Researchers at Australian think tank Data61 and the nation's Defence Science and Technology Group have cooked up application publishing for the paranoid, by baking an ARM CPU and secure microkernel into a KVM switch.…
Serial ports donrsquo;t have firewalls.
The mice are lovely; the Logitech Flow KVM software is a nice added bonus.
Attention: RHN Hosted will reach the end of its service life on July 31, 2017.Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.Learn more here Advisory: RHEA-2017:0181-1 Type: Product Enhancement Advisory Severity: N/A Issued on: 2017-01-24 Last updated on: 2017-01-24 Affected Products: Red Hat Enterprise Virtualization 3 Details An updated rhev-hypervisor package is now available. The rhev-hypervisor package provides a Red Hat Enterprise VirtualizationHypervisor ISO disk image.

The Red Hat Enterprise Virtualization Hypervisor is adedicated Kernel-based Virtual Machine (KVM) hypervisor.
It includes everythingnecessary to run and manage virtual machines: A subset of theRed Hat Enterprise Linux operating environment and the Red Hat EnterpriseVirtualization Agent.Note: Red Hat Enterprise Virtualization Hypervisor is only available for theIntel 64 and AMD64 architectures with virtualization extensions. Solution Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258 Updated packages Red Hat Enterprise Virtualization 3 SRPMS: rhev-hypervisor7-7.3-20170118.0.el6ev.src.rpm     MD5: 1a77910d2286bfcc6d5becb6a94cff33SHA-256: da885432e4969c0a5e54255e6d4ec1f6e0ff846ad492a1f0c50f2e695a3ff319   x86_64: rhev-hypervisor7-7.3-20170118.0.el6ev.noarch.rpm     MD5: 19179cf4d8654d36ba65d887b12d2fd1SHA-256: 8b2483b016aacc7893e63547b4df317b4b8fd7f26fd7e08d60498e8dc1f0ae44   (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1369400 - RHEV-H 3.6 on RHEL 7.3 tracker1379264 - RHEVH 3.6 7.3 should be with the latest rhel 7.3 beta snapshot 51379271 - Include wrong qemu-kvm-rhev package1381112 - [Errno 2] No such file or directory: '/etc/selinux/targeted/contexts/files These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
Updated qemu-kvm-rhev packages that fix several bugs are now available for RedHat Virtualization Hypervisor 7. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev packages prov...
Updated qemu-kvm packages that fix two bugs are now available for Red HatEnterprise Linux 7. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-spacecomponent for running virtual machines using KVM.This update fixes the following bugs:* Previously, Red Hat Enterprise Linux 5.11 guests failed to shut down, andstopped at the "system halted" status. A patch has been applied to fix this bug,and Red Hat Enterprise Linux 5.11 guests shut down as expected. (BZ#1392027)* Previously, using the qemu-kvm system_reset utility when no space was left onon the host caused the qemu-kvm service to terminate with a segmentation fault.The underlying source code has been modified to fix this bug. As a result, theqemu-kvm process stays active, and guest systems can be reset without an error.(BZ#1393042)Users of qemu-kvm are advised to upgrade to these updated packages, which fixthese bugs. After installing this update, shut down all running virtualmachines. Once all virtual machines have shut down, start them again for thisupdate to take effect. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux Server (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   PPC: qemu-img-1.5.3-126.el7_3.1.ppc64.rpmFile outdated by:  RHSA-2017:0083     MD5: d464baa9ee046b6c5d9e8d4aed4a7ddfSHA-256: 54816ab4ab5df9b5e6e50f4e99fc6a21f49706f3fe6cd0392bfc541d416afa95 qemu-kvm-debuginfo-1.5.3-126.el7_3.1.ppc64.rpmFile outdated by:  RHSA-2017:0083     MD5: dba1c8f2f0c9378ec056d8003d0f135bSHA-256: fda38f948a9a0859d1c205eb9963989df12766d205c546ac22e38701a1d930cb   PPC64LE: qemu-img-1.5.3-126.el7_3.1.ppc64le.rpmFile outdated by:  RHSA-2017:0083     MD5: 6ea2e38bcf6b05c2a0505ec2abe8aea3SHA-256: 835afd80efecb6d78c13a3a2f15ef6ae7a325a2a05dee9e5fa2105e2c4aa250b qemu-kvm-debuginfo-1.5.3-126.el7_3.1.ppc64le.rpmFile outdated by:  RHSA-2017:0083     MD5: cd307d65d1c92d3eec94a790cf9f20c8SHA-256: 5f15dd8d762e579f922d8cd348bdb956d2554772814a700aa27ef55dcdfdc0c8   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: qemu-kvm-1.5.3-126.el7_3.1.src.rpmFile outdated by:  RHSA-2017:0083     MD5: 27a098746e552ce9de469b1ad8357ccaSHA-256: 85db53a4153d3e9a754cdda8c979a612aff81195e7fb187ead3db47a26b12b28   x86_64: qemu-img-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 96262d28abacd418014429530a905ff3SHA-256: 8184e1269873f7b0ab8eece8ce0bec4240fda38e7054ee3c8b5ab53d60a09034 qemu-kvm-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: dc27d7ba4746519fcf3664eeb1937ed3SHA-256: 6582b0e9cbb135e2a8a66c3ef69ab9c12150504d12889fad392da1e076f88a61 qemu-kvm-common-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 3f195b06e7ea720981d681e4e258ecb8SHA-256: 194b60da4a18f6064afc45b6c06ab9662bfbf96d5a0cd1fc4e3a10300222e84e qemu-kvm-debuginfo-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 6b61ab6be0725d692d8af0d87e913bdaSHA-256: 6fe8d563b7f0468c46980d86277cf9714676522988a54c887b49b69199ca1789 qemu-kvm-tools-1.5.3-126.el7_3.1.x86_64.rpmFile outdated by:  RHSA-2017:0083     MD5: 33819524139c4d15673d9a55006ce1fdSHA-256: b3823fe92ed041cfe4ec994820a7df7898c0541149b2bc663a782d759a034da6   (The unlinked packages above are only available from the Red Hat Network) 1392027 - shutdown rhel 5.11 guest failed and stop at "system halted"1393042 - system_reset should clear pending request for error (IDE) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Even the servers it colocates (!) says new docu revealing Alphabet sub's security secrets Google has published a Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. Revealed last Friday, the document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary's operations, none more so than the revelation that “We also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals.

These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level.” That silicon works alongside cryptographic signatures employed “over low-level components like the BIOS, bootloader, kernel, and base operating system image.” “These signatures can be validated during each boot or update,” the document says, adding that “The components are all Google-controlled, built, and hardened. With each new generation of hardware we strive to continually improve security: for example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a microcontroller running Google-written security code, or the above mentioned Google-designed security chip. Another interesting nugget of information the document reveals is that “Google additionally hosts some servers in third-party data centers,” a fact mentioned so the company can explain that when it works with others' bit barns it puts in place its own layers of physical security such as “independent biometric identification systems, cameras, and metal detectors.” The document goes on to explain that Google's fleet of applications and services encrypt data before it is written to disk, to make it harder for malicious disk firmware to access data. Disks get the following treatment: “We enable hardware encryption support in our hard drives and SSDs and meticulously track each drive through its lifecycle.

Before a decommissioned encrypted storage device can physically leave our custody, it is cleaned using a multi-step process that includes two independent verifications.

Devices that do not pass this wiping procedure are physically destroyed (e.g. shredded) on-premise.” Elsewhere, the document describes client security which starts with universal second factor authentication and then sees the company scan employees' devices to “ensure that the operating system images for these client devices are up-to-date with security patches and … control the applications that can be installed.” “We additionally have systems for scanning user-installed apps, downloads, browser extensions, and content browsed from the web for suitability on corp clients.” “Being on the corporate LAN is not our primary mechanism for granting access privileges. We instead use application-level access management controls which allow us to expose internal applications to only specific users when they are coming from a correctly managed device and from expected networks and geographic locations.” Also explained are the automated and manual code review techniques Google uses to detect bugs in software its developers write.

The manual reviews “... are conducted by a team that includes experts across web security, cryptography, and operating system security.

The reviews can also result in new security library features and new fuzzers that can then be applied to other future products.” There's also this description of the lengths Google goes to in its quest to protect source code: “Google’s source code is stored in a central repository where both current and past versions of the service are auditable.

The infrastructure can additionally be configured to require that a service’s binaries be built from specific reviewed, checked in, and tested source code.
Such code reviews require inspection and approval from at least one engineer other than the author, and the system enforces that code modifications to any system must be approved by the owners of that system.

These requirements limit the ability of an insider or adversary to make malicious modifications to source code and also provide a forensic trail from a service back to its source. There's plenty more in the document, like news that Google's public cloud runs virtual machines in a custom version of the KVM hypervisor.

Google also boasts in the document that it is “the largest submitter of CVEs and security bug fixes for the Linux KVM hypervisor.” We also learn that the Google cloud rests on the same security services as the rest of its offerings. There's also an explanation of the company's internal service identity and access management scheme, detailed in the diagram below, plus news that “We do not rely on internal network segmentation or firewalling as our primary security mechanisms”.

That's a little at odds with current interest in network virtualisation and microsegmentation. Google's Service Identity and Access Management scheme The company's also published documents detailing each aspect of security discussed in the main document.

They're listed and linked to at the end of the master document. ® Sponsored: Customer Identity and Access Management
CVE CVSS base score Summary CVE-2016-1762 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. CVE-2016-444...
Attention: RHN Hosted will reach the end of its service life on July 31, 2017.Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.Learn more here Details An updated rhev-hypervisor package is now available. The rhev-hypervisor package provides a Red Hat Enterprise VirtualizationHypervisor ISO disk image.

The Red Hat Enterprise Virtualization Hypervisor is adedicated Kernel-based Virtual Machine (KVM) hypervisor.
It includes everythingnecessary to run and manage virtual machines: A subset of theRed Hat Enterprise Linux operating environment and the Red Hat EnterpriseVirtualization Agent.This update resolves a potential problem with leap seconds.Note: Red Hat Enterprise Virtualization Hypervisor is only available for theIntel 64 and AMD64 architectures with virtualization extensions. Solution Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258 Updated packages Red Hat Enterprise Virtualization 3 SRPMS: rhev-hypervisor7-7.2-20161220.0.el6ev.src.rpm     MD5: ebc512895f06b7d63780fa5ba556786fSHA-256: bd4ba420d1a33897f8b98233c9f0110273a7d5273f80656a919ac4ede1f6a3fe   x86_64: rhev-hypervisor7-7.2-20161220.0.el6ev.noarch.rpm     MD5: d7ea1966779cd26165485dfabf352331SHA-256: b2dd7e8c32cf31c9f50cc0cbf58c9f31608845e46064a20785a791f96d39864b   (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1406441 - Build RHV-H for 3.6.9-1 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
Updated qemu-kvm-rhev packages that fix two bugs and add one enhancement are nowavailable for Red Hat Enterprise Virtualization Hypervisor 7. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev packages provide the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.This update fixes the following bugs:* The fix for CVE-2016-5403 caused migrating guest instances to fail with a"Virtqueue size exceeded" error message. With this update, the value of thevirtualization queue is recalculated after the migration, and the describedproblem no longer occurs. (BZ#1374623)* Due to a race condition in the virtio-blk dataplane, live migration of a guestin some cases failed with a "Virtqueue size exceeded" error message.

This updateprevents the race condition from occurring, and thus allows live migration towork more reliably. (BZ#1380320)In addition, this update adds the following enhancement:* It is now possible to specify the virtio data buffer limit between a guest andthe QEMU emulator.

To do this, change the value of the <driverrx_queue_size='N'/> parameter in the guest's domain XML file, where N can befrom 256 to 1024. (BZ#1375642)Users of qemu-kvm-rhev are advised to upgrade to these updated packages, whichfix these bugs.

After installing this update, shut down all running virtualmachines. Once all virtual machines have shut down, start them again for thisupdate to take effect. Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Virtualization ( v.4 for RHEL 7) SRPMS: qemu-kvm-rhev-2.3.0-31.el7_2.23.src.rpmFile outdated by:  RHBA-2016:2673     MD5: 445e1bbf6cdba60ffcfd199a7b03212dSHA-256: a020e85100802fa2a7d53d8ef32e046234e44bd8782f4b4ac9e553836bd4e2fb   x86_64: libcacard-devel-rhev-2.3.0-31.el7_2.23.x86_64.rpm     MD5: 955d22794521189bac78beb4bdfd0677SHA-256: 549ac627db645908035be76c390398512daa5afd26aa22547bb1445741a2d179 libcacard-rhev-2.3.0-31.el7_2.23.x86_64.rpm     MD5: 8c5f07edcdabba61912a9ccd3d23c24eSHA-256: cc89da466898746bef068e21c38795d4e6b6fe6ae342068e9107c3cc28a101a3 libcacard-tools-rhev-2.3.0-31.el7_2.23.x86_64.rpm     MD5: 96d3419c1102c1ce381837f16fbf22e8SHA-256: 0c15e94faba3736c95b20af77ee1a3ad4c1d75ed45eba5dd1b8eda353bd8c160 qemu-img-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: aa1c1993dc405fb3be0d689ebc815f20SHA-256: 555ac212e75147ebbc5fa966455dfcad9957f8dcbd8d312a7a99bed3a8790311 qemu-kvm-common-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: b5eb187f17a6aaf487cc4be17b93e8e0SHA-256: c6f9ece721acf2586d2d1e6d5600a0166efed27797c31334f7f8c718fdd3cb0f qemu-kvm-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: ef7e49de53ea0566234c450f6b6e2d5bSHA-256: ece0f9dcaba2ec275728a9435afd35970206a351a0ccbd6a21f791296737d05b qemu-kvm-tools-rhev-2.3.0-31.el7_2.23.x86_64.rpmFile outdated by:  RHBA-2016:2673     MD5: 2af92351f986a08ae03443bfb37327cbSHA-256: 259991a03211ab83e58ecc587f422ceff4a19fde89a9785026cb05d79eb8c402   (The unlinked packages above are only available from the Red Hat Network) 1374623 - RHSA-2016-1756 breaks migration of instances1380310 - match the OEM ID and OEM Table ID fields of the FADT and the RSDT to those of the SLIC [7.2.z]1380320 - Race condition during virtio-blk dataplane stop triggers "Virtqueue size exceeded" These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
An update for qemu-kvm-rhev is now available for Red Hat Enterprise LinuxOpenStack Platform 5.0 (Icehouse) for RHEL 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev package provides the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.The following packages have been upgraded to a newer upstream version:qemu-kvm-rhev (2.6.0). (BZ#1386377)Security Fix(es):* An out-of-bounds flaw was found in the QEMU emulator built using'address_space_translate' to map an address to a MemoryRegionSection.

The flawcould occur while doing pci_dma_read/write calls, resulting in an out-of-boundsread-write access error.

A privileged user inside a guest could use this flaw tocrash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting thisissue. For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.Red Hat OpenStack 5.0 for RHEL 7 SRPMS: qemu-kvm-rhev-2.6.0-27.el7.src.rpm     MD5: 68f8819216de7dfc31abca02226674b6SHA-256: 20aad33d141692928891c56232f3baffe1d66537bbe1826403b10db59a6975ac   x86_64: qemu-img-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 2f21167afc58a1676d72ccd04d8a4dd1SHA-256: 4d9f9fb6de67fb7c7cc4ed9d170a435322afe6db52ff18422b627c1ddefbafa8 qemu-kvm-common-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 583b2e68d65b2ea53fb3497c4c31c529SHA-256: c58f599922c46931e8f3af3c2e7736c1af3f5f983ce2b428db7fc19892ea9506 qemu-kvm-rhev-2.6.0-27.el7.x86_64.rpm     MD5: aca20204b6bd76fd61d76bd640dd4389SHA-256: b4f5a77f325bf93a73980a00af141571c7ff6b4b37fd35dc3ccd1f776191c132 qemu-kvm-rhev-debuginfo-2.6.0-27.el7.x86_64.rpm     MD5: c3e9e6c49388170a38d9e7e65300a9b7SHA-256: 4c6f8edd188dda53e1c69cdffae86b92ea8abb9268002c54436a164f5aaa9d9f qemu-kvm-tools-rhev-2.6.0-27.el7.x86_64.rpm     MD5: 07eb4578de7d2f3399ea9eef0abcea2fSHA-256: d8677214a68f0d4cffc40342e0eb34c5b4adb991a97413749bbc4592b2dcc346   (The unlinked packages above are only available from the Red Hat Network) 1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault1374369 - RHSA-2016-1756 breaks migration of instances [OSP5-EL7]1386377 - Rebase qemu-kvm-rhev to 2.6.0 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: