Exploit the possiblities

Red Hat Security Advisory 2017-3368-01

Red Hat Security Advisory 2017-3368-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3368-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: Quick Emulator, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | linux, redhat
advisories | CVE-2017-14167, CVE-2017-15289
MD5 | 9474270d0ea79b3fd023bc253760072a

Red Hat Security Advisory 2017-3368-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: qemu-kvm security update
Advisory ID: RHSA-2017:3368-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2017:3368
Issue date: 2017-11-30
CVE Names: CVE-2017-14167 CVE-2017-15289
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm package provides the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* Quick Emulator (QEMU), compiled with the PC System Emulator with
multiboot feature support, is vulnerable to an OOB r/w memory access issue.
The issue could occur due to an integer overflow while loading a kernel
image during a guest boot. A user or process could use this flaw to
potentially achieve arbitrary code execution on a host. (CVE-2017-14167)

* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator
support, is vulnerable to an OOB write access issue. The issue could occur
while writing to VGA memory via mode4and5 write functions. A privileged
user inside guest could use this flaw to crash the QEMU process resulting
in Denial of Serivce (DoS). (CVE-2017-15289)

Red Hat would like to thank Thomas Garnier (Google.com) for reporting
CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1489375 - CVE-2017-14167 Qemu: i386: multiboot OOB access while loading kernel image
1501290 - CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
qemu-kvm-1.5.3-141.el7_4.4.src.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
qemu-kvm-1.5.3-141.el7_4.4.src.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
qemu-kvm-1.5.3-141.el7_4.4.src.rpm

ppc64:
qemu-img-1.5.3-141.el7_4.4.ppc64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.4.ppc64.rpm

ppc64le:
qemu-img-1.5.3-141.el7_4.4.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.4.ppc64le.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
qemu-kvm-1.5.3-141.el7_4.4.src.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.4.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-14167
https://access.redhat.com/security/cve/CVE-2017-15289
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaIG8oXlSAg2UNWIIRArUVAJ4mfI7Bbz4gVD37GiZnpaRjPGy3hACbBXZv
tE1h9nPMAz7KwfMEI3GVU6w=
=a1bW
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close