-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2016:1943-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1943.html Issue date: 2016-09-27 CVE Names: CVE-2016-3710 CVE-2016-5403 ===================================================================== 1. Summary: An update for kvm is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Multi OS (v. 5 client) - x86_64 Red Hat Enterprise Linux Virtualization (v. 5 server) - x86_64 3. Description: KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) * Quick Emulator(QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting CVE-2016-3710 and hongzhenhao (Marvel Team) for reporting CVE-2016-5403. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Note: The procedure in the Solution section must be performed before this update will take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 1358359 - CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS 6. Package List: Red Hat Enterprise Linux Desktop Multi OS (v. 5 client): Source: kvm-83-276.el5_11.src.rpm x86_64: kmod-kvm-83-276.el5_11.x86_64.rpm kmod-kvm-debug-83-276.el5_11.x86_64.rpm kvm-83-276.el5_11.x86_64.rpm kvm-debuginfo-83-276.el5_11.x86_64.rpm kvm-qemu-img-83-276.el5_11.x86_64.rpm kvm-tools-83-276.el5_11.x86_64.rpm Red Hat Enterprise Linux Virtualization (v. 5 server): Source: kvm-83-276.el5_11.src.rpm x86_64: kmod-kvm-83-276.el5_11.x86_64.rpm kmod-kvm-debug-83-276.el5_11.x86_64.rpm kvm-83-276.el5_11.x86_64.rpm kvm-debuginfo-83-276.el5_11.x86_64.rpm kvm-qemu-img-83-276.el5_11.x86_64.rpm kvm-tools-83-276.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/cve/CVE-2016-5403 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX6pksXlSAg2UNWIIRAjT6AKCbdp8zHq3cHFmNd3HvfNOuBoHA9wCdGIcl nghWH7GgFCM4mrWvbUElvRg= =2zya -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce