-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security, bug fix, and enhancement update Advisory ID: RHSA-2017:2392-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2017:2392 Issue date: 2017-08-01 CVE Names: CVE-2016-10155 CVE-2016-4020 CVE-2016-6835 CVE-2016-6888 CVE-2016-7422 CVE-2016-7466 CVE-2016-8576 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2630 CVE-2017-5579 CVE-2017-5898 CVE-2017-5973 CVE-2017-9310 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 ===================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for RHEV 4.X RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Managment Agent for RHEL 7 Hosts - ppc64le, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.9.0). (BZ#1387372, BZ#1387600, BZ#1400962) Security Fix(es): * A stack buffer overflow flaw was found in the Quick Emulator (QEMU) built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. (CVE-2017-2630) * An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898) * An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020) * A memory-leak flaw was found in the Quick Emulator(QEMU) built with USB xHCI controller emulation support. The flaw could occur while doing a USB-device unplug operation. Unplugging the device repeatedly resulted in leaking host memory, affecting other services on the host. A privileged user inside the guest could exploit this flaw to cause a denial of service on the host or potentially crash the host's QEMU process instance. (CVE-2016-7466) * Multiple CVEs(CVE-2016-10155, CVE-2016-4020, CVE-2016-6835, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-2630, CVE-2017-5579, CVE-2017-5898, CVE-2017-5973, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375) were fixed as result of rebase to QEMU version 2.9.0. Red Hat would like to thank Li Qiang (Qihoo 360 Inc.) for reporting CVE-2016-6835 and CVE-2016-6888; Li Qiang (360.cn Inc.) for reporting CVE-2017-5898, CVE-2016-7466, CVE-2016-10155, CVE-2017-5579, and CVE-2017-5973; Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020; Qinghao Tang (Marvel Team 360.cn Inc.) and Zhenhao Hong (Marvel Team 360.cn Inc.) for reporting CVE-2016-7422; PSIRT (Huawei Inc.) for reporting CVE-2016-8669; Andrew Henderson (Intelligent Automation Inc.) for reporting CVE-2016-8910; Qinghao Tang (Qihoo 360), Li Qiang (Qihoo 360), and Jiangxin (Huawei Inc.) for reporting CVE-2016-9921 and CVE-2016-9922; and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, and CVE-2017-9375. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 750801 - [RFE] specifying the entire image chain as a qemu drive (blockdev-add) (qemu) 971799 - qemu should not crash when if=scsi although it's unsupportable device 1032873 - block-job-cancel can not cancel current job when drive-mirror to a no enough space libiscsi disk 1038963 - [RFE] qemu can't listen on both IPv6 and IPv4 localhost for VNC 1046612 - qemu should quit with friendly prompt when use usb3.0 stick + uhci controller 1055093 - RFE: usb-host redir: make usb superspeed devices work when redirected to a non superspeed capable vm 1086193 - RFE: Add blockdev-delete QMP command in company with blockdev-add 1159726 - RFE: blockdev-add support for gluster 1159728 - add blockdev-add support with libiscsi backends 1175113 - pci-bridge should behave the same when adding devices from cli or at hotplug time 1179045 - [rfe] qemu should report usb-host hotplug errors 1185172 - The blockcopy command will hang there in the mirror period with the raw disk 1189998 - Active commit does not support on rbd based disk 1193826 - Dump progress only show up when memory-only dump finish 1219541 - virsh migrate --copy-storage-all fails to preserve sparse disk image 1231739 - qmp should give friendly hints when can not use __com.redhat_drive_del to delete device 1248279 - [RFE] Memory hot unplug on powerpc platform - qemu-kvm-rhev 1254422 - [RFE]Add option to specify the initiator for qemu-img to login iscsi target 1256618 - Chardev remains busy after hot remove vhost-user that connected to the chardev. 1262277 - qemu quit when block mirror 2 disk enable data-plane 1262676 - When mirroring to remote NBD disk with granularity =8192 and buf-size=8193, qemu core dump ( on src host) 1264255 - When hot-unplug a device which is doing block-commit, guest and qemu will hang until the commit finished, and call trace appears in guest 1264258 - Guest's time stops with option clock=vm when guest is paused 1271060 - virtio_pci_set_host_notifier_internal: unable to init event notifier: -24 1274567 - HMP doesn't reflect the correct numa topology after hot plugging vCPU 1281407 - Memdev id is not specified when query memdev via QMP 1285928 - linux-aio aborts on io_submit() failure 1291284 - [RFE 7.4] support for virtio-vsock - qemu-kvm-rhev 1293975 - RFE: Operational Blockers for BDS Nodes in QEMU block layer 1295637 - [virtio-win][netkvm][rhel6]win2012 guest bsod with DRIVER_POWER_STATE_FAILURE(9f) when shutdown after netdev_del&device_del while coping files in guest 1299876 - system_reset should clear pending request for error (IDE) 1300768 - RFE: add support for native TLS encryption on migration TCP transport 1300770 - RFE: add support for native TLS encryption on NBD client/server transports 1313686 - CVE-2016-4020 Qemu: i386: leakage of stack memory to guest in kvmvapic.c 1314131 - RHEV for Power: VFIO passthrough of SR-IOV virtual functions 1329145 - qemu-kvm-rhev sometimes gets SIGABRT when do continuous blockcommit operations 1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch 1334398 - CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy 1335808 - [RFE] [vIOMMU] Add Support for VFIO devices with vIOMMU present 1340439 - qemu-kvm crashed when set vram64_size_mb to some vaule 1342434 - qemu core dump when starting a guest with more than 54 nested pcie switches 1347172 - 'info block' should not show backing file when reopen block after drive-mirror with 'sync=full' 1352620 - qemu-kvm fail to start in vnc reverse mode 1352769 - QEMU core dumped when query memory devices in hmp after unplugging memdev of nvdimm 1354177 - Booting from a passthrough usb stick fails when using the bootindex property 1357808 - TCG defaults to POWER7 cpu which won't run modern distributions 1360301 - [RFE] allow qemu gfapi log redirection 1361487 - system_reset should clear pending request for error (virtio-blk) 1362084 - qemu core dump when do blockdev-add with option detect-zeroes on 1362729 - [RFE] log hot unplug requests 1363938 - qemu aborted after enter "q" to hmp:virtio-scsi.c:543: virtio_scsi_handle_cmd_req_prepare: Assertion `blk_get_aio_context(d->conf.blk) == s->ctx' failed 1365708 - qemu-kvm gets SIGSEGV when attach a json backing image of ssh protocol 1366919 - extend virtio-net to expose host MTU to guest 1367369 - Both guest and qemu hang after doing block stream when guest rebooting 1367731 - Other operations(snapshot/hot-unplug) to the block are not forbidden after image streaming starts, which cause qemu and guest hang until streaming completes. 1368040 - Qemu-kvm coredump in repeating hotplug/hot remove virtio-gpu device 1368406 - Virtual display of virtio-gpu should behave like qxl device when using rhel7.3 guest 1368422 - Post-copy migration fails with XBZRLE compression 1369012 - CVE-2016-6835 Qemu: net: vmxnet: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation 1369031 - CVE-2016-6888 Qemu: net: vmxnet: integer overflow in packet initialisation 1369641 - Boot guest with 'kernel-irqchip=split', 'intremap=true' and e1000, guest fails to get ip and call trace occurs 1369795 - QMP should prompt more specific information when hotplug more than 32 vfs to guest 1373264 - DEVICE_TRAY_MOVED event is not delivered after migration 1373600 - virtio-balloon stats virtqueue does not migrate properly 1373604 - Enhance live migration post-copy to support file-backed memory (e.g. 2M hugepages) 1373710 - qemu-img: unable to create images via ftp/ftps 1373816 - [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queues=4) in a loop in windows 2012R2 guest 1374237 - Multi monitors of virtio-vga works abnormally on rhel7.3 guest 1375444 - Add fw_cfg device in windows guest in order to make svvp test pass 1375520 - qemu core dump when there is an I/O error on AHCI 1376000 - xhci emulation fixes 1376755 - CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc 1376760 - Backport memory leak fixes from QEMU 2.7 1377063 - Guest numa topology not correct after hot plug-unplug-plug vcpus 1377160 - [RFE] Q35: Implement hotplug for pxb-pcie devices 1377837 - CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug 1378334 - windows guests migration from rhel6.8-z to rhel7.3 with virtio-net-pci fail 1378536 - QEMU runtime modularization of the block layer 1378538 - QEMU: update package summary and description 1378694 - Prevent qemu-img resize from causing "Active L1 table too large" 1378816 - Core dump when use "data-plane" and execute change cd 1379034 - RFE: add 'iSCSI protocol' support of option 'password-secret' to support for securely passing passwords to QEMU block drivers 1379206 - Graphic can't be showed out quickly if guest graphic mode is vnc 1380258 - ppc64le: > 1024GiB of guest RAM will conflict with IO 1381630 - QEMU segfaults when using a lot of pci bridges and USB devices 1383012 - qemu-img command should return non-zero error value on fail 1384124 - cpu flag nonstop_tsc is not present in guest with host-passthrough and feature policy require invtsc 1384909 - CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters 1387372 - Rebase qemu-kvm-rhev for RHEL-7.4 1387600 - Rebase qemu-kvm-rhev to 2.8.0 1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode 1388052 - CVE-2016-8909 Qemu: audio: intel-hda: infinite loop in processing dma buffer stream 1389238 - Re-enable kvm_stat script 1390316 - PCIe: Add Generic PCIe Root Ports 1390734 - ppc64: pseries-rhel7.4.0 machine type 1390737 - RHEL-7.4 new qemu-kvm-rhev machine type (x86) 1390991 - Wrong error message when executing qemu-img commit with wrong arguments while confusing base and top volumes 1391942 - kvmclock: advance clock by time window between vm_stop and pre_save (backport patch) 1392328 - Disable new devices in QEMU 2.8 (x86_64) 1392359 - [abrt] qemu-img: strrchr(): qemu-img killed by SIGSEGV: TAINTED 1393322 - Guest fails boot up with ivshmem-plain and virtio-pci device 1393698 - Correctly set host bits for guests to go beyond 1TB 1394140 - qemu gets SIGSEGV when hot-plug a vhostuser network 1396536 - qemu-kvm-rhev: POWER8 CPU model is listed twice in 'query-cpu-definitions' output 1397697 - Backport remaining kvm_stat patches from the kernel to QEMU 1397870 - qemu fails to recognize gluster URIs in backing chain for block-commit operation 1400059 - block-gluster: use one glfs instance per volume 1400785 - qemu: Remove pxi-expander-bridge (PXB) device for Power 1400962 - Verify configuration coverage for rebased qemu-kvm-rhev 1402222 - Device IOTLB support in qemu 1402265 - CVE-2016-9907 Qemu: usb: redirector: memory leakage when destroying redirector 1402272 - CVE-2016-9911 Qemu: usb: ehci: memory leakage in ehci_init_transfer 1402645 - Required cache.direct=on when set aio=native 1404137 - 'block-job-cancel' can not cancel a "block-stream" job normally 1404303 - RFE: virtio-blk/scsi polling mode (QEMU) 1404673 - [ppc64le]reset vm when do migration, HMP in src host promp "tcmalloc: large alloc 1073872896 bytes..." 1405123 - Opteron_G4 CPU model broken in QEMU 2.6 with RHEL 6 machine type 1406827 - Blacklist TSX feature from specific Intel CPU models 1409973 - [TestOnly] supported Tier2 OS/distros in RHEL7.4 1410284 - [RFE] Allow PCIe devices on pseries guests (qemu part) 1410618 - Flickering Fedora 24 Login Screen on RHEL 7 1410674 - qemu: Remove unnecessary EHCI implementation for Power 1411105 - Windows Server 2008-32 crashes on startup with q35 if cdrom attached 1412327 - RFE: negotiable broadcast SMI for Q35 1412470 - Keyboard hang after migration with kernel-irqchip=split 1412472 - [RFE] VT-d migration 1414694 - Reenable edu device for kvm-unit-tests support 1415199 - CVE-2016-10155 Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb 1415947 - data-plane cause qemu-kvm process hang when do basic Block stream for virtio-scsi 1416157 - CVE-2017-5579 Qemu: serial: host memory leakage 16550A UART emulation 1416681 - PCIe compliance issues 1417840 - Include kvm_stat man page in qemu-kvm-tools package 1418166 - Remove dependencies required by spice on ppc64le 1418575 - Forward port of downstream-only QMP commands is incorrect 1418927 - The lifecycle event for Guest OS Shutdown is not distinguishable from a qemu process that was quit with SIG_TERM 1419466 - Hotplug memory will induce error: kvm run failed Bad address on ppc when boot up with "-mem-path /mnt/hugetlbfs" 1419699 - CVE-2017-5898 Qemu: usb: integer overflow in emulated_apdu_from_guest 1419899 - Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add 1420195 - Migration from RHEL7.4 -> RHEL7.3.z failed with rtl8139 nic card 1420216 - Migration from RHEL7.3.z -> RHEL4 failed with e1000e nic card 1420679 - Guest reboot after migration from RHEL7.2.z -> RHEL7.4 1421626 - CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx 1421788 - migration/spice: assert with slot_id 112 too big, addr=7000000000000000 1422415 - CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync 1422846 - Disable replication feature 1425151 - qemu zeroes the first byte of NVDIMM on initialization 1425178 - Remove texi2html build dependancy from RPM 1425273 - [Q35] migration failed after hotplug e1000e device 1425700 - virtio-scsi data plane takes 100% host CPU with polling 1425765 - The guest failed to start with ich6 sound when machine type is rhel6.*.0 1427466 - [RHEV7.4] dump-guest-memory failed due to Python Exception Attempt to extract a component of a value that is not a (null). 1428534 - Enhance qemu to present virtual L3 cache info for vcpus 1428810 - 'Segmentation fault (core dumped)' after hot unplug one disk in a throttle group AND do guest system reset 1430620 - TLS encryption migration via exec failed with "TLS handshake failed: The TLS connection was non-properly terminated" 1431224 - Attach lun type disk report error and crash guest 1431939 - The host nodes of memdev is set to 128 default 1432295 - Add gpa2hpa command to qemu hmp 1432382 - Hot-unplug "device_del dimm1" induce qemu-kvm coredump (hotplug at guest boot up stage) 1432588 - Some compat_props properties override -cpu command-line options 1433193 - Guest could not boot up when attached numa nodes with ram on ppc64le 1433921 - Switch from librdmacm-devel to rdma-core-devel 1434666 - "-numa" should not silently accept an invalid parameter ("size") 1434706 - [pci-bridge] Hotplug devices to pci-bridge failed 1434743 - Boot guest failed with error "virtio_scsi_data_plane_handle_ctrl: Assertion `s->ctx && s->dataplane_started' failed" 1434784 - migration: 7.4->7.2 error while loading state for instance 0x0 of device 'apic' 1435086 - Migration is failed from host RHEL7.3.z to host RHEL7.4 with "-machine pseries-rhel7.3.0 -device pci-bridge,id=pci_bridge,bus=pci.0,addr=03,chassis_nr=1" 1435521 - Migration failed with postcopy enabled from rhel7.3.z host to rhel7.4 host "error while loading state for instance 0x0 of device 'pci@800000020000000:05.0/virtio-rng'" 1436562 - [QEMU] scsi-generic: make up opt xfer len if not reported by backend 1436616 - usb-storage device under nec-usb-xhci is unusable after migration 1437310 - The guest os can not boot when set qxl.vram64 >=2G 1437337 - Hotplug cpu cores with invalid nr_threads causes qemu-kvm coredump 1437393 - snapshot created base on the image in https server will hang during booting 1438566 - migration/qxl: Seg fault migrating rhel5&6 at grub 1440619 - Reboot guest will induce error message - KVM: Failed to create TCE table for liobn 0x80000001 1440667 - The guest exit abnormally with data-plane when do "block-job-complete" after do "drive-mirror" in QMP. 1440677 - The guest exit abnormally with data-plane when do "blockdev-snapshot-sync"in QMP. 1441069 - Failed to create image with iscsi protocol 1443029 - Disable new devices in qemu 2.9 1443040 - seabios can't recognize usb 3.0 loader at boot menu 1444003 - USB 3.0 flash drive not accessible on Windows guest 1444326 - Keyboard inputs are buffered when qemu in stop status 1445174 - [RHEV7.4] [guest memory dump]dump-guest-memory QMP command with "detach" param makes qemu-kvm process aborted 1446003 - vnc cannot find a free port to use 1446498 - Guest freeze after live snapshot with data-plane 1447184 - qemu abort when live snapshot for multiple block device simultaneously with transaction and one is to a non-exist path 1447257 - QEMU coredump while doing hexdump test onto virtio serial ports 1447551 - qemu hang when do block_resize guest disk during crystal running 1447581 - [RHEV7.4] [usb-hub] input devices under usb hub don't work on win2016 with xhci 1447590 - qemu curl driver hangs in a particular libguestfs file download 1447592 - vhost-user/reply-ack: Wait for ack even if no request sent (one-time requests) 1447874 - Migration failed from rhel7.2.z->rhel7.4 with "-M rhel7.0.0" and "-device nec-usb-xhci" 1448813 - qemu crash when shutdown guest with '-device intel-iommu' and '-device vfio-pci' 1449031 - qemu core dump when hot-unplug/hot-plug scsi controller in turns 1449037 - Dst qemu quit when migrate guest with hugepage and total memory is not a multiple of pagesize 1449490 - [q35] guest hang after do migration with virtio-scsi-pci. 1449939 - Remove dependency on seavgabios-bin and ipxe-roms-qemu for qemu-kvm-rhev on s390x 1450759 - Creating fallocated image using qemu-img using gfapi fails 1451191 - qemu-img: block/gluster.c:1307: find_allocation: Assertion `offs >= start' failed. 1451483 - QEMU crashes with "-machine none -device intel-iommu" 1451629 - TCP tunnel network: the guest with interface type=client can not start 1451631 - Keyboard does not work after migration 1451849 - qemu-img convert crashes on error 1451862 - IOMMU support in QEMU for Vhost-user backend 1452048 - qemu abort when hot unplug block device during live commit 1452066 - Fix backing image referencing in drive-backup sync=none 1452148 - Op blockers don't work after postcopy migration 1452512 - qemu coredump when add more than 12 usb-storage devices to ehci 1452605 - disable pulseaudio and alsa support 1452620 - CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation 1452702 - qemu-img aborts on empty filenames 1452752 - Some block drivers incorrectly close their associated file 1453169 - qemu aborts if quit during live commit process 1454582 - Qemu crashes when start guest with qcow2 nbd image 1454641 - Windows 10 BSOD when using rhel6.4.0/rhel6.5.0/rhel6.6.0 1455150 - Unable to detach virtio disk from pcie-root-port after migration 1456424 - qemu crash when starting image streaming job fails 1456456 - qemu crashes on job completion during drain 1457088 - rbd/iscsi: json: pseudo-protocol format is incompatible with 7.3 1457740 - [Tracing] compling qemu-kvm failed through systemtap 1458270 - CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug 1458705 - pvdump: QMP reports "GUEST_PANICKED" event but HMP still shows VM running after guest crashed 1458744 - CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep 1458782 - QEMU crashes after hot-unplugging virtio-serial device 1459132 - CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug 1461561 - virtio-blk: drain block before cleanup missing 1461827 - QEMU hangs in aio wait when trying to access NBD volume over TLS 6. Package List: Managment Agent for RHEL 7 Hosts: Source: qemu-kvm-rhev-2.9.0-14.el7.src.rpm ppc64le: qemu-img-rhev-2.9.0-14.el7.ppc64le.rpm qemu-kvm-common-rhev-2.9.0-14.el7.ppc64le.rpm qemu-kvm-rhev-2.9.0-14.el7.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.9.0-14.el7.ppc64le.rpm qemu-kvm-tools-rhev-2.9.0-14.el7.ppc64le.rpm x86_64: qemu-img-rhev-2.9.0-14.el7.x86_64.rpm qemu-kvm-common-rhev-2.9.0-14.el7.x86_64.rpm qemu-kvm-rhev-2.9.0-14.el7.x86_64.rpm qemu-kvm-rhev-debuginfo-2.9.0-14.el7.x86_64.rpm qemu-kvm-tools-rhev-2.9.0-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-10155 https://access.redhat.com/security/cve/CVE-2016-4020 https://access.redhat.com/security/cve/CVE-2016-6835 https://access.redhat.com/security/cve/CVE-2016-6888 https://access.redhat.com/security/cve/CVE-2016-7422 https://access.redhat.com/security/cve/CVE-2016-7466 https://access.redhat.com/security/cve/CVE-2016-8576 https://access.redhat.com/security/cve/CVE-2016-8669 https://access.redhat.com/security/cve/CVE-2016-8909 https://access.redhat.com/security/cve/CVE-2016-8910 https://access.redhat.com/security/cve/CVE-2016-9907 https://access.redhat.com/security/cve/CVE-2016-9911 https://access.redhat.com/security/cve/CVE-2016-9921 https://access.redhat.com/security/cve/CVE-2016-9922 https://access.redhat.com/security/cve/CVE-2017-2630 https://access.redhat.com/security/cve/CVE-2017-5579 https://access.redhat.com/security/cve/CVE-2017-5898 https://access.redhat.com/security/cve/CVE-2017-5973 https://access.redhat.com/security/cve/CVE-2017-9310 https://access.redhat.com/security/cve/CVE-2017-9373 https://access.redhat.com/security/cve/CVE-2017-9374 https://access.redhat.com/security/cve/CVE-2017-9375 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZgQxyXlSAg2UNWIIRAie1AJ42F2yIwO3Vt81+eh3S0nv2dNLFUgCeNnPV VAdAP3ECRQqNbG8XCTZ3BP8= =/201 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce