-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm-ma security update Advisory ID: RHSA-2020:3907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3907 Issue date: 2020-09-29 CVE Names: CVE-2018-15746 CVE-2019-20382 ==================================================================== 1. Summary: An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x Red Hat Enterprise Linux Server Optional (v. 7) - ppc64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746) * QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1615637 - CVE-2018-15746 QEMU: seccomp: blacklist is not applied to all threads 1810390 - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-ma-2.12.0-48.el7.src.rpm ppc64: qemu-img-ma-2.12.0-48.el7.ppc64.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm ppc64le: qemu-img-ma-2.12.0-48.el7.ppc64le.rpm qemu-kvm-common-ma-2.12.0-48.el7.ppc64le.rpm qemu-kvm-ma-2.12.0-48.el7.ppc64le.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64le.rpm qemu-kvm-tools-ma-2.12.0-48.el7.ppc64le.rpm s390x: qemu-img-ma-2.12.0-48.el7.s390x.rpm qemu-kvm-common-ma-2.12.0-48.el7.s390x.rpm qemu-kvm-ma-2.12.0-48.el7.s390x.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.s390x.rpm qemu-kvm-tools-ma-2.12.0-48.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: qemu-kvm-common-ma-2.12.0-48.el7.ppc64.rpm qemu-kvm-ma-2.12.0-48.el7.ppc64.rpm qemu-kvm-ma-debuginfo-2.12.0-48.el7.ppc64.rpm qemu-kvm-tools-ma-2.12.0-48.el7.ppc64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-15746 https://access.redhat.com/security/cve/CVE-2019-20382 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjBdzjgjWX9erEAQj6gQ//SEWVHOdjJhjXKnCkeWEucrMHwwCkWRmI jHsSo2DoriKwmbAsUzBTT2OJq4gAHCp0gCk15ndqLFQgPT3mQ/JTscg1r8TOFu8C 1hXOXJphxZAQKvSxbfdQ2GreCkrMGTD7PnUmnk/23OfEfg+z2GIT6e/unsLvWhzi B4+CmXOCU4DvjImrkgPJQUqaYmvA4zH+Exoi30M0oM1Wm8Pc+V8bV0awFPyP/K2B +cStKzK4AwGsKB00kSz3kkLX7Q6AztHfD/39W+pI77rok3iKG933tkogoo+485Qc LN0GLLJMnu/bwXw6y44in67TuHC8uX0azOHLyBKBe2S0LEmO72fWq8zj8wQix3wi wBI/dooFzlrmlrZI+ftZGqoeigcd3VDaGu4ji5yo6a+2UuvawrAfdwha1vt16zaK Vy2Uqnfh+Kfc1bwqbG7aeDcFXAHUVJZLfQ69Pzp6ufsqlrTKi7KZAzx2u/QL+e/w aWuF1krI/rr07F3p7vewiL443FGAL9BcCFcGF8G42saovcwozn3Z1bQTU5+MJeRw M4lPJeyvbRbKUld7e/N9igzGr4wk3rdALKWo2JjwYrYvcPWd2AVEancY9gtnrnj5 x9GGq8oZMPd6WSnjnNxjpnPYwHrT3d61QslkghNBDoHmxb5rrTdyVzVW3guVYNaE y0GKn5Ljxig=L1l0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce