ESB-2017.1882 - [Virtual][RedHat] qemu-kvm-rhev: Multiple vulnerabilities 2017-08-02

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1882
    Important: qemu-kvm-rhev security, bug fix, and enhancement update
                               2 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu-kvm-rhev
Publisher:         Red Hat
Operating System:  Red Hat
                   Virtualisation
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-9375 CVE-2017-9374 CVE-2017-9373
                   CVE-2017-9310 CVE-2017-5973 CVE-2017-5898
                   CVE-2017-5579 CVE-2017-2630 CVE-2016-10155
                   CVE-2016-9922 CVE-2016-9921 CVE-2016-9911
                   CVE-2016-9907 CVE-2016-8910 CVE-2016-8909
                   CVE-2016-8669 CVE-2016-8576 CVE-2016-7466
                   CVE-2016-7422 CVE-2016-6888 CVE-2016-6835
                   CVE-2016-4020  

Reference:         ESB-2017.1827
                   ESB-2017.1706
                   ESB-2016.1618
                   ESB-2016.1480

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2017:2392
   https://access.redhat.com/errata/RHSA-2017:2408
   https://access.redhat.com/errata/RHSA-2017:2390

Comment: This bulletin contains three (3) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:2392-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2392
Issue date:        2017-08-01
CVE Names:         CVE-2016-10155 CVE-2016-4020 CVE-2016-6835 
                   CVE-2016-6888 CVE-2016-7422 CVE-2016-7466 
                   CVE-2016-8576 CVE-2016-8669 CVE-2016-8909 
                   CVE-2016-8910 CVE-2016-9907 CVE-2016-9911 
                   CVE-2016-9921 CVE-2016-9922 CVE-2017-2630 
                   CVE-2017-5579 CVE-2017-5898 CVE-2017-5973 
                   CVE-2017-9310 CVE-2017-9373 CVE-2017-9374 
                   CVE-2017-9375 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for RHEV 4.X RHEV-H and Agents
for RHEL-7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Managment Agent for RHEL 7 Hosts - ppc64le, x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

The following packages have been upgraded to a later upstream version:
qemu-kvm-rhev (2.9.0). (BZ#1387372, BZ#1387600, BZ#1400962)

Security Fix(es):

* A stack buffer overflow flaw was found in the Quick Emulator (QEMU) built
with the Network Block Device (NBD) client support. The flaw could occur
while processing server's response to a 'NBD_OPT_LIST' request. A malicious
NBD server could use this issue to crash a remote NBD client resulting in
DoS or potentially execute arbitrary code on client host with privileges of
the QEMU process. (CVE-2017-2630)

* An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID
Card device support. The flaw could occur while passing messages via
command/response packets to and from the host. A privileged user inside a
guest could use this flaw to crash the QEMU process. (CVE-2017-5898)

* An information exposure flaw was found in Quick Emulator (QEMU) in Task
Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw
could occur while accessing TPR. A privileged user inside a guest could use
this issue to read portions of the host memory. (CVE-2016-4020)

* A memory-leak flaw was found in the Quick Emulator(QEMU) built with USB
xHCI controller emulation support. The flaw could occur while doing a
USB-device unplug operation. Unplugging the device repeatedly resulted in
leaking host memory, affecting other services on the host. A privileged
user inside the guest could exploit this flaw to cause a denial of service
on the host or potentially crash the host's QEMU process instance.
(CVE-2016-7466)

* Multiple CVEs(CVE-2016-10155, CVE-2016-4020, CVE-2016-6835,
CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669,
CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921,
CVE-2016-9922, CVE-2017-2630, CVE-2017-5579, CVE-2017-5898, CVE-2017-5973,
CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375) were fixed as
result of rebase to QEMU version 2.9.0.

Red Hat would like to thank Li Qiang (Qihoo 360 Inc.) for reporting
CVE-2016-6835 and CVE-2016-6888; Li Qiang (360.cn Inc.) for reporting
CVE-2017-5898, CVE-2016-7466, CVE-2016-10155, CVE-2017-5579, and
CVE-2017-5973; Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020;
Qinghao Tang (Marvel Team 360.cn Inc.) and Zhenhao Hong (Marvel Team 360.cn
Inc.) for reporting CVE-2016-7422; PSIRT (Huawei Inc.) for reporting
CVE-2016-8669; Andrew Henderson (Intelligent Automation Inc.) for reporting
CVE-2016-8910; Qinghao Tang (Qihoo 360), Li Qiang (Qihoo 360), and Jiangxin
(Huawei Inc.) for reporting CVE-2016-9921 and CVE-2016-9922; and Li Qiang
(Qihoo 360 Gear Team) for reporting CVE-2017-9310, CVE-2017-9373,
CVE-2017-9374, and CVE-2017-9375.

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

750801 - [RFE] specifying the entire image chain as a qemu drive (blockdev-add) (qemu)
971799 - qemu should not crash when if=scsi although it's unsupportable device
1032873 - block-job-cancel can not cancel current job when drive-mirror to a no enough space libiscsi disk
1038963 - [RFE] qemu can't listen on both IPv6 and IPv4 localhost for VNC
1046612 - qemu should quit with friendly prompt when use usb3.0 stick + uhci controller
1055093 - RFE: usb-host redir: make usb superspeed devices work when redirected to a non superspeed capable vm
1086193 - RFE: Add blockdev-delete QMP command in company with blockdev-add
1159726 - RFE: blockdev-add support for gluster
1159728 - add blockdev-add support with libiscsi backends
1175113 - pci-bridge should behave the same when adding devices from cli or at hotplug time
1179045 - [rfe] qemu should report usb-host hotplug errors
1185172 - The blockcopy command will hang there in the mirror period with the raw disk
1189998 - Active commit does not support on rbd based disk
1193826 - Dump progress only show up when memory-only dump finish
1219541 - virsh migrate --copy-storage-all fails to preserve sparse disk image
1231739 - qmp should give friendly hints when can not use __com.redhat_drive_del to delete device
1248279 - [RFE] Memory hot unplug on powerpc platform - qemu-kvm-rhev
1254422 - [RFE]Add option to specify the initiator for qemu-img to login iscsi target
1256618 - Chardev remains busy after hot remove vhost-user that connected to the chardev.
1262277 - qemu quit when block mirror 2 disk enable data-plane
1262676 - When mirroring to  remote NBD disk with granularity =8192 and buf-size=8193, qemu core dump ( on src host)
1264255 - When hot-unplug a device which is doing block-commit, guest and qemu will hang until the commit finished, and call trace appears in guest
1264258 - Guest's time stops with option clock=vm when guest is paused
1271060 - virtio_pci_set_host_notifier_internal: unable to init event notifier: -24
1274567 - HMP doesn't reflect the correct numa topology after hot plugging vCPU
1281407 - Memdev id is not specified  when query memdev via QMP
1285928 - linux-aio aborts on io_submit() failure
1291284 - [RFE 7.4] support for virtio-vsock - qemu-kvm-rhev
1293975 - RFE: Operational Blockers for BDS Nodes in QEMU block layer
1295637 - [virtio-win][netkvm][rhel6]win2012 guest bsod with DRIVER_POWER_STATE_FAILURE(9f) when shutdown after netdev_del&device_del while coping files in guest
1299876 - system_reset should clear pending request for error (IDE)
1300768 - RFE: add support for native TLS encryption on migration TCP transport
1300770 - RFE: add support for native TLS encryption on NBD client/server transports
1313686 - CVE-2016-4020 Qemu: i386: leakage of stack memory to guest in kvmvapic.c
1314131 - RHEV for Power: VFIO passthrough of SR-IOV virtual functions
1329145 - qemu-kvm-rhev sometimes gets SIGABRT when do continuous blockcommit operations
1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
1334398 - CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy
1335808 - [RFE] [vIOMMU] Add Support for VFIO devices with vIOMMU present
1340439 - qemu-kvm crashed when set vram64_size_mb to some vaule
1342434 - qemu core dump when starting a guest with more than 54 nested pcie switches
1347172 - 'info block' should not show backing file when reopen block after drive-mirror with 'sync=full'
1352620 - qemu-kvm fail to start in vnc reverse mode
1352769 - QEMU core dumped when  query memory devices in hmp after unplugging memdev of nvdimm
1354177 - Booting from a passthrough usb stick fails when using the bootindex property
1357808 - TCG defaults to POWER7 cpu which won't run modern distributions
1360301 - [RFE] allow qemu gfapi log redirection
1361487 - system_reset should clear pending request for error (virtio-blk)
1362084 - qemu core dump when do blockdev-add with option detect-zeroes on
1362729 - [RFE] log hot unplug requests
1363938 - qemu aborted after enter "q" to hmp:virtio-scsi.c:543: virtio_scsi_handle_cmd_req_prepare: Assertion `blk_get_aio_context(d->conf.blk) == s->ctx' failed
1365708 - qemu-kvm gets SIGSEGV when attach a json backing image of ssh protocol
1366919 - extend virtio-net to expose host MTU to guest
1367369 - Both guest and qemu hang after doing block stream when guest rebooting
1367731 - Other operations(snapshot/hot-unplug) to the block are not forbidden after image streaming starts, which cause qemu and guest hang until streaming completes.
1368040 - Qemu-kvm coredump in repeating hotplug/hot remove virtio-gpu device
1368406 - Virtual display of virtio-gpu should behave like qxl device when using rhel7.3 guest
1368422 - Post-copy migration fails with XBZRLE compression
1369012 - CVE-2016-6835 Qemu: net: vmxnet: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation
1369031 - CVE-2016-6888 Qemu: net: vmxnet: integer overflow in packet initialisation
1369641 - Boot guest with 'kernel-irqchip=split',  'intremap=true' and e1000, guest fails to get ip and call trace occurs
1369795 - QMP should prompt more specific information when hotplug more than 32 vfs to guest
1373264 - DEVICE_TRAY_MOVED event is not delivered after migration
1373600 - virtio-balloon stats virtqueue does not migrate properly
1373604 - Enhance live migration post-copy to support file-backed memory (e.g. 2M hugepages)
1373710 - qemu-img: unable to create images via ftp/ftps
1373816 - [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queues=4) in a loop in windows 2012R2 guest
1374237 - Multi monitors of virtio-vga works abnormally on rhel7.3 guest
1375444 - Add fw_cfg device in windows guest in order to make svvp test pass
1375520 - qemu core dump when there is an I/O error on AHCI
1376000 - xhci emulation fixes
1376755 - CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc
1376760 - Backport memory leak fixes from QEMU 2.7
1377063 - Guest numa topology not correct after hot plug-unplug-plug vcpus
1377160 - [RFE] Q35: Implement hotplug for pxb-pcie devices
1377837 - CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug
1378334 - windows guests migration from rhel6.8-z to rhel7.3 with virtio-net-pci fail
1378536 - QEMU runtime modularization of the block layer
1378538 - QEMU: update package summary and description
1378694 - Prevent qemu-img resize from causing "Active L1 table too large"
1378816 - Core dump when use "data-plane" and execute change cd
1379034 - RFE: add 'iSCSI protocol' support of option 'password-secret' to support for securely passing passwords to QEMU block drivers
1379206 - Graphic can't be showed out quickly if guest graphic mode is vnc
1380258 - ppc64le: > 1024GiB of guest RAM will conflict with IO
1381630 - QEMU segfaults when using a lot of pci bridges and USB devices
1383012 - qemu-img command should return non-zero error value on fail
1384124 - cpu flag nonstop_tsc is not present in guest with host-passthrough and feature policy require invtsc
1384909 - CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters
1387372 - Rebase qemu-kvm-rhev for RHEL-7.4
1387600 - Rebase qemu-kvm-rhev to 2.8.0
1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode
1388052 - CVE-2016-8909 Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
1389238 - Re-enable kvm_stat script
1390316 - PCIe: Add Generic PCIe Root Ports
1390734 - ppc64: pseries-rhel7.4.0 machine type
1390737 - RHEL-7.4 new qemu-kvm-rhev machine type (x86)
1390991 - Wrong error message when executing qemu-img commit with wrong arguments while confusing base and top volumes
1391942 - kvmclock: advance clock by time window between vm_stop and pre_save (backport patch)
1392328 - Disable new devices in QEMU 2.8 (x86_64)
1392359 - [abrt] qemu-img: strrchr(): qemu-img killed by SIGSEGV: TAINTED
1393322 - Guest fails boot up with ivshmem-plain and virtio-pci device
1393698 - Correctly set host bits for guests to go beyond 1TB
1394140 - qemu gets SIGSEGV when hot-plug a vhostuser network
1396536 - qemu-kvm-rhev: POWER8 CPU model is listed twice in 'query-cpu-definitions' output
1397697 - Backport remaining kvm_stat patches from the kernel to QEMU
1397870 - qemu fails to recognize gluster URIs in backing chain for block-commit operation
1400059 - block-gluster: use one glfs instance per volume
1400785 - qemu: Remove pxi-expander-bridge (PXB) device for Power
1400962 - Verify configuration coverage for rebased qemu-kvm-rhev
1402222 - Device IOTLB support in qemu
1402265 - CVE-2016-9907 Qemu: usb: redirector: memory leakage when destroying redirector
1402272 - CVE-2016-9911 Qemu: usb: ehci: memory leakage in ehci_init_transfer
1402645 - Required cache.direct=on when set aio=native
1404137 - 'block-job-cancel' can not cancel a "block-stream" job normally
1404303 - RFE: virtio-blk/scsi polling mode (QEMU)
1404673 - [ppc64le]reset vm when do migration, HMP in src host promp "tcmalloc: large alloc 1073872896 bytes..."
1405123 - Opteron_G4 CPU model broken in QEMU 2.6 with RHEL 6 machine type
1406827 - Blacklist TSX feature from specific Intel CPU models
1409973 - [TestOnly] supported Tier2 OS/distros in RHEL7.4
1410284 - [RFE] Allow PCIe devices on pseries guests (qemu part)
1410618 - Flickering Fedora 24 Login Screen on RHEL 7
1410674 - qemu: Remove unnecessary EHCI implementation for Power
1411105 - Windows Server 2008-32 crashes on startup with q35 if cdrom attached
1412327 - RFE: negotiable broadcast SMI for Q35
1412470 - Keyboard hang after migration with kernel-irqchip=split
1412472 - [RFE] VT-d migration
1414694 - Reenable edu device for kvm-unit-tests support
1415199 - CVE-2016-10155 Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb
1415947 - data-plane cause qemu-kvm process hang when do basic Block stream for virtio-scsi
1416157 - CVE-2017-5579 Qemu: serial: host memory leakage 16550A UART emulation
1416681 - PCIe compliance issues
1417840 - Include kvm_stat man page in qemu-kvm-tools package
1418166 - Remove dependencies required by spice on ppc64le
1418575 - Forward port of downstream-only QMP commands is incorrect
1418927 - The lifecycle event for Guest OS Shutdown is not distinguishable from a qemu process that was quit with SIG_TERM
1419466 - Hotplug memory will induce error: kvm run failed Bad address on ppc when boot up with "-mem-path /mnt/hugetlbfs"
1419699 - CVE-2017-5898 Qemu: usb: integer overflow in emulated_apdu_from_guest
1419899 - Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add
1420195 - Migration from RHEL7.4 -> RHEL7.3.z failed with rtl8139 nic card
1420216 - Migration from RHEL7.3.z -> RHEL4 failed with e1000e nic card
1420679 - Guest reboot after migration from RHEL7.2.z -> RHEL7.4
1421626 - CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
1421788 - migration/spice: assert with slot_id 112 too big, addr=7000000000000000
1422415 - CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync
1422846 - Disable replication feature
1425151 - qemu zeroes the first byte of NVDIMM on initialization
1425178 - Remove texi2html build dependancy from RPM
1425273 - [Q35] migration failed after hotplug e1000e device
1425700 - virtio-scsi data plane takes 100% host CPU with polling
1425765 - The guest failed to start with ich6 sound when machine type is rhel6.*.0
1427466 - [RHEV7.4] dump-guest-memory failed due to  Python Exception <class 'gdb.error'> Attempt to extract a component of a value that is not a (null).
1428534 - Enhance qemu to present virtual L3 cache info for vcpus
1428810 - 'Segmentation fault (core dumped)' after hot unplug one disk in a throttle group AND do guest system reset
1430620 - TLS encryption migration via exec failed with "TLS handshake failed: The TLS connection was non-properly terminated"
1431224 - Attach lun type disk report error and crash guest
1431939 - The host nodes of memdev is set to 128 default
1432295 - Add gpa2hpa command to qemu hmp
1432382 - Hot-unplug "device_del dimm1" induce qemu-kvm coredump (hotplug at guest boot up stage)
1432588 - Some compat_props properties override -cpu command-line options
1433193 - Guest could not boot up when attached numa nodes with ram on ppc64le
1433921 - Switch from librdmacm-devel to rdma-core-devel
1434666 - "-numa" should  not silently  accept an invalid parameter ("size")
1434706 - [pci-bridge] Hotplug devices to pci-bridge failed
1434743 - Boot guest failed with error "virtio_scsi_data_plane_handle_ctrl: Assertion `s->ctx && s->dataplane_started' failed"
1434784 - migration: 7.4->7.2 error while loading state for instance 0x0 of device 'apic'
1435086 - Migration is failed from host RHEL7.3.z to host RHEL7.4 with "-machine pseries-rhel7.3.0 -device pci-bridge,id=pci_bridge,bus=pci.0,addr=03,chassis_nr=1"
1435521 - Migration failed with postcopy enabled from rhel7.3.z host to rhel7.4 host "error while loading state for instance 0x0 of device 'pci@800000020000000:05.0/virtio-rng'"
1436562 - [QEMU] scsi-generic: make up opt xfer len if not reported by backend
1436616 - usb-storage device under nec-usb-xhci is unusable after migration
1437310 - The guest os can not boot when set qxl.vram64 >=2G
1437337 - Hotplug cpu cores with invalid nr_threads causes qemu-kvm coredump
1437393 - snapshot created base on the image in https server will hang during booting
1438566 - migration/qxl: Seg fault migrating rhel5&6 at grub
1440619 - Reboot guest will induce error message - KVM: Failed to create TCE table for liobn 0x80000001
1440667 - The guest exit abnormally with data-plane when do "block-job-complete" after do "drive-mirror" in QMP.
1440677 - The guest exit abnormally with data-plane when do "blockdev-snapshot-sync"in QMP.
1441069 - Failed to create image with iscsi protocol
1443029 - Disable new devices in qemu 2.9
1443040 - seabios can't recognize usb 3.0 loader at boot menu
1444003 - USB 3.0 flash drive not accessible on Windows guest
1444326 - Keyboard inputs are buffered when qemu in stop status
1445174 - [RHEV7.4] [guest memory dump]dump-guest-memory QMP command with "detach" param makes qemu-kvm process aborted
1446003 - vnc cannot find a free port to use
1446498 - Guest freeze after live snapshot with data-plane
1447184 - qemu abort when live snapshot for multiple block device simultaneously with transaction and one is to a non-exist path
1447257 - QEMU coredump while doing hexdump test onto virtio serial ports
1447551 - qemu hang when do block_resize guest disk during crystal running
1447581 - [RHEV7.4] [usb-hub] input devices under usb hub don't work on win2016 with xhci
1447590 - qemu curl driver hangs in a particular libguestfs file download
1447592 - vhost-user/reply-ack: Wait for ack even if no request sent (one-time requests)
1447874 - Migration failed from rhel7.2.z->rhel7.4 with "-M rhel7.0.0" and "-device nec-usb-xhci"
1448813 - qemu crash when shutdown guest with '-device intel-iommu' and '-device vfio-pci'
1449031 - qemu core dump when hot-unplug/hot-plug scsi controller in turns
1449037 - Dst qemu quit when migrate guest with hugepage and total memory is not a multiple of pagesize
1449490 - [q35] guest hang after do migration with virtio-scsi-pci.
1449939 - Remove dependency on seavgabios-bin and ipxe-roms-qemu for qemu-kvm-rhev on s390x
1450759 - Creating fallocated image using qemu-img using gfapi fails
1451191 - qemu-img: block/gluster.c:1307: find_allocation: Assertion `offs >= start' failed.
1451483 - QEMU crashes with "-machine none -device intel-iommu"
1451629 - TCP tunnel network: the guest with interface type=client can not start
1451631 - Keyboard does not work after migration
1451849 - qemu-img convert crashes on error
1451862 - IOMMU support in QEMU for Vhost-user backend
1452048 - qemu abort when hot unplug block device during live commit
1452066 - Fix backing image referencing in drive-backup sync=none
1452148 - Op blockers don't work after postcopy migration
1452512 - qemu coredump when add more than 12 usb-storage devices to ehci
1452605 - disable pulseaudio and alsa support
1452620 - CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation
1452702 - qemu-img aborts on empty filenames
1452752 - Some block drivers incorrectly close their associated file
1453169 - qemu aborts if quit during live commit process
1454582 - Qemu crashes when start guest with qcow2 nbd image
1454641 - Windows 10 BSOD when using rhel6.4.0/rhel6.5.0/rhel6.6.0
1455150 - Unable to detach virtio disk from pcie-root-port after migration
1456424 - qemu crash when starting image streaming job fails
1456456 - qemu crashes on job completion during drain
1457088 - rbd/iscsi: json: pseudo-protocol format is incompatible with 7.3
1457740 - [Tracing] compling qemu-kvm failed through systemtap
1458270 - CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug
1458705 - pvdump: QMP reports "GUEST_PANICKED" event but HMP still shows VM running after guest crashed
1458744 - CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep
1458782 - QEMU crashes after hot-unplugging virtio-serial device
1459132 - CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
1461561 - virtio-blk: drain block before cleanup missing
1461827 - QEMU hangs in aio wait when trying to access NBD volume over TLS

6. Package List:

Managment Agent for RHEL 7 Hosts:

Source:
qemu-kvm-rhev-2.9.0-14.el7.src.rpm

ppc64le:
qemu-img-rhev-2.9.0-14.el7.ppc64le.rpm
qemu-kvm-common-rhev-2.9.0-14.el7.ppc64le.rpm
qemu-kvm-rhev-2.9.0-14.el7.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.9.0-14.el7.ppc64le.rpm
qemu-kvm-tools-rhev-2.9.0-14.el7.ppc64le.rpm

x86_64:
qemu-img-rhev-2.9.0-14.el7.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-14.el7.x86_64.rpm
qemu-kvm-rhev-2.9.0-14.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-14.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-14.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-10155
https://access.redhat.com/security/cve/CVE-2016-4020
https://access.redhat.com/security/cve/CVE-2016-6835
https://access.redhat.com/security/cve/CVE-2016-6888
https://access.redhat.com/security/cve/CVE-2016-7422
https://access.redhat.com/security/cve/CVE-2016-7466
https://access.redhat.com/security/cve/CVE-2016-8576
https://access.redhat.com/security/cve/CVE-2016-8669
https://access.redhat.com/security/cve/CVE-2016-8909
https://access.redhat.com/security/cve/CVE-2016-8910
https://access.redhat.com/security/cve/CVE-2016-9907
https://access.redhat.com/security/cve/CVE-2016-9911
https://access.redhat.com/security/cve/CVE-2016-9921
https://access.redhat.com/security/cve/CVE-2016-9922
https://access.redhat.com/security/cve/CVE-2017-2630
https://access.redhat.com/security/cve/CVE-2017-5579
https://access.redhat.com/security/cve/CVE-2017-5898
https://access.redhat.com/security/cve/CVE-2017-5973
https://access.redhat.com/security/cve/CVE-2017-9310
https://access.redhat.com/security/cve/CVE-2017-9373
https://access.redhat.com/security/cve/CVE-2017-9374
https://access.redhat.com/security/cve/CVE-2017-9375
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZgQxyXlSAg2UNWIIRAie1AJ42F2yIwO3Vt81+eh3S0nv2dNLFUgCeNnPV
VAdAP3ECRQqNbG8XCTZ3BP8=
=/201
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: qemu-kvm-rhev security and bug fix update
Advisory ID:       RHSA-2017:2408-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2408
Issue date:        2017-08-01
CVE Names:         CVE-2016-10155 CVE-2016-4020 CVE-2016-6888 
                   CVE-2016-7422 CVE-2016-7466 CVE-2016-8576 
                   CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 
                   CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 
                   CVE-2016-9922 CVE-2017-5579 CVE-2017-5973 
                   CVE-2017-6414 CVE-2017-8309 CVE-2017-8379 
                   CVE-2017-9310 CVE-2017-9373 CVE-2017-9374 
                   CVE-2017-9375 CVE-2017-9524 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux
OpenStack Platform 6.0 (Juno) for RHEL 7, Red Hat Enterprise Linux
OpenStack Platform 7.0 (Kilo) for RHEL 7, Red Hat OpenStack Platform 8.0
(Liberty), Red Hat OpenStack Platform 9.0 (Mitaka), Red Hat OpenStack
Platform 10.0 (Newton), and Red Hat OpenStack Platform 11.0 (Ocata).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64
Red Hat OpenStack Platform 10.0 - x86_64
Red Hat OpenStack Platform 11.0 - x86_64
Red Hat OpenStack Platform 8.0 (Liberty) - x86_64
Red Hat OpenStack Platform 9.0 - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* Quick Emulator (QEMU) built with Network Block Device (NBD) Server
support was vulnerable to a null-pointer dereference issue. The flaw could
occur when releasing a client that was not initialized due to failed
negotiation. A remote user or process could exploit this flaw to crash the
qemu-nbd server (denial of service). (CVE-2017-9524)

* An information-exposure flaw was found in Quick Emulator (QEMU) in Task
Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw
could occur while accessing TPR. A privileged user inside a guest could use
this issue to read portions of the host memory. (CVE-2016-4020)

* A memory-leak flaw was found in the Quick Emulator (QEMU) built with USB
xHCI controller emulation support. The flaw could occur while doing a
USB-device unplug operation. Unplugging the device repeatedly resulted in
leaking host memory, which affected other services on the host. A
privileged user inside the guest could exploit this flaw to cause a denial
of service on the host or potentially crash the host's QEMU process
instance. (CVE-2016-7466)

* Multiple CVEs were fixed as a result of rebase to QEMU 2.9.0.
(CVE-2016-6888, CVE-2016-7422, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909,
CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922,
CVE-2016-10155, CVE-2017-5579, CVE-2017-5973, CVE-2017-6414, CVE-2017-8309,
CVE-2017-8379, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375)

Red Hat would like to thank Donghai Zdh (Alibaba Inc.) for reporting
CVE-2016-4020; Li Qiang (Qihoo 360 Inc.) for reporting CVE-2016-6888;
Qinghao Tang (Marvel Team 360.cn Inc.) and Zhenhao Hong (Marvel Team 360.cn
Inc.) for reporting CVE-2016-7422; Li Qiang (360.cn Inc.) for reporting
CVE-2016-7466, CVE-2016-10155, CVE-2017-5579, CVE-2017-5973, and
CVE-2017-6414; PSIRT (Huawei Inc.) for reporting CVE-2016-8669; Andrew
Henderson (Intelligent Automation Inc.) for reporting CVE-2016-8910;
Qinghao Tang (Qihoo 360), Li Qiang (Qihoo 360), and Jiangxin (Huawei Inc.)
for reporting CVE-2016-9921 and CVE-2016-9922; Jiang Xin (PSIRT, Huawei
Inc.) for reporting CVE-2017-8309 and CVE-2017-8379; and Li Qiang (Qihoo
360 Gear Team) for reporting CVE-2017-9310, CVE-2017-9373, CVE-2017-9374,
and CVE-2017-9375.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1313686 - CVE-2016-4020 Qemu: i386: leakage of stack memory to guest in kvmvapic.c
1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
1334398 - CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy
1369031 - CVE-2016-6888 Qemu: net: vmxnet: integer overflow in packet initialisation
1376755 - CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc
1377837 - CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug
1384909 - CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters
1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode
1388052 - CVE-2016-8909 Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
1402265 - CVE-2016-9907 Qemu: usb: redirector: memory leakage when destroying redirector
1402272 - CVE-2016-9911 Qemu: usb: ehci: memory leakage in ehci_init_transfer
1415199 - CVE-2016-10155 Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb
1416157 - CVE-2017-5579 Qemu: serial: host memory leakage 16550A UART emulation
1421626 - CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
1427833 - CVE-2017-6414 Qemu: libcacard: host memory leakage while creating new APDU
1446517 - CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer
1446547 - CVE-2017-8379 Qemu: input: host memory lekage via keyboard events
1452620 - CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation
1458270 - CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug
1458744 - CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep
1459132 - CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
1459661 - Update qemu-kvm-rhev for RHEL 7.4 compatibility [osp-11]
1459663 - Update qemu-kvm-rhev for RHEL 7.4 compatibility [osp-6]
1459664 - Update qemu-kvm-rhev for RHEL 7.4 compatibility [osp-7]
1459666 - Update qemu-kvm-rhev for RHEL 7.4 compatibility [osp-8]
1459667 - Update qemu-kvm-rhev for RHEL 7.4 compatibility [osp-9]
1459668 - Update qemu-kvm-rhev for RHEL 7.4 compatibility [osp-10]
1460170 - CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation

6. Package List:

Red Hat OpenStack Platform 10.0:

Source:
qemu-kvm-rhev-2.9.0-10.el7.src.rpm

x86_64:
qemu-img-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-10.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-10.el7.x86_64.rpm

Red Hat OpenStack Platform 11.0:

Source:
qemu-kvm-rhev-2.9.0-10.el7.src.rpm

x86_64:
qemu-img-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-10.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7:

Source:
qemu-kvm-rhev-2.9.0-10.el7.src.rpm

x86_64:
qemu-img-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-10.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7:

Source:
qemu-kvm-rhev-2.9.0-10.el7.src.rpm

x86_64:
qemu-img-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-10.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-10.el7.x86_64.rpm

Red Hat OpenStack Platform 8.0 (Liberty):

Source:
qemu-kvm-rhev-2.9.0-10.el7.src.rpm

x86_64:
qemu-img-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-10.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-10.el7.x86_64.rpm

Red Hat OpenStack Platform 9.0:

Source:
qemu-kvm-rhev-2.9.0-10.el7.src.rpm

x86_64:
qemu-img-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-2.9.0-10.el7.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-10.el7.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-10.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-10155
https://access.redhat.com/security/cve/CVE-2016-4020
https://access.redhat.com/security/cve/CVE-2016-6888
https://access.redhat.com/security/cve/CVE-2016-7422
https://access.redhat.com/security/cve/CVE-2016-7466
https://access.redhat.com/security/cve/CVE-2016-8576
https://access.redhat.com/security/cve/CVE-2016-8669
https://access.redhat.com/security/cve/CVE-2016-8909
https://access.redhat.com/security/cve/CVE-2016-8910
https://access.redhat.com/security/cve/CVE-2016-9907
https://access.redhat.com/security/cve/CVE-2016-9911
https://access.redhat.com/security/cve/CVE-2016-9921
https://access.redhat.com/security/cve/CVE-2016-9922
https://access.redhat.com/security/cve/CVE-2017-5579
https://access.redhat.com/security/cve/CVE-2017-5973
https://access.redhat.com/security/cve/CVE-2017-6414
https://access.redhat.com/security/cve/CVE-2017-8309
https://access.redhat.com/security/cve/CVE-2017-8379
https://access.redhat.com/security/cve/CVE-2017-9310
https://access.redhat.com/security/cve/CVE-2017-9373
https://access.redhat.com/security/cve/CVE-2017-9374
https://access.redhat.com/security/cve/CVE-2017-9375
https://access.redhat.com/security/cve/CVE-2017-9524
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZgQyYXlSAg2UNWIIRAlrpAJ953N6QriZuTU4QE/LafQs0irfYeQCfclzF
4hcxhXTcsY5EyEXCyQTAybk=
=S8hH
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: qemu-kvm-rhev security update
Advisory ID:       RHSA-2017:2390-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2390
Issue date:        2017-08-01
CVE Names:         CVE-2017-10664 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and
Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Managment Agent for RHEL 7 Hosts - ppc64le, x86_64
RHEV-H and VDSM for 7 Hosts - ppc64le, x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server
support is vulnerable to a crash via a SIGPIPE signal. The crash can occur
if a client aborts a connection due to any failure during negotiation or
read operation. A remote user/process could use this flaw to crash the
qemu-nbd server resulting in a DoS. (CVE-2017-10664)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1466190 - CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
1471076 - unbreak virtio-scsi for vIOMMU
1473145 - Wrong allocation value after virDomainBlockCopy() (alloc=capacity)

6. Package List:

Managment Agent for RHEL 7 Hosts:

Source:
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm

ppc64le:
qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm

x86_64:
qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm

RHEV-H and VDSM for 7 Hosts:

Source:
qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm

ppc64le:
qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm

x86_64:
qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-10664
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZgQy9XlSAg2UNWIIRAusAAJ9aGi9InuU0g7xpEO5newuM0VCqYwCfdnJ7
LrlIpVBbpx/eZs7+hzmw3BE=
=cIub
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWYFJqYx+lLeg9Ub1AQiYSg/9GfB3Jbgm2XLQ76NR2LOzCqL/aM5/pjqs
x6V6MNGV4/9sNVOb9ch77yyekf+8QZIz3sL9qAW39nHRgQD1mK0dSFHEQ/IJJo8H
RRZJnYm5DLTJWJQJIAhveCdfmP9Wl1HH7P++iNUjRmFMB8HJRqJ2MQ6kIAO9HGeh
Epf+rhDH3qr66iLq9hBge3ISoQSETKNPzSpixqBjMLrBLo7pCOd3OYCVhGqNU6q0
1wExmNmSkoNWkxh5dtGuAZ4TUg7bTRIXXG2lhZi/DJHH6VPFrbfMeBfRVseP0mgg
zrE0KnzQ4q+X8AMIgI8TZUKtk4EHcuIlw9WLKrJilpuG6lfQ1xN3H6PJOEwpgIaZ
ALfp7Bowy2zFX3thlaBj/0NXe8ZwVRS+9cFN4BgnBu9CbFYFbODLM7tqRoWUYeWW
o+qS1c3s35TeKeZ6R/jGkdr3uIC1D3ajngMqzbzbDLntPhisZZuJScCFKfYK6oSk
2L+Oqe/ZkGHMZDWJDFqmPNrN9atf8K5WYCpichgLRN0j52y2NPhpUwNPDpGxS+U4
oKRUTA3sjNdUBjNPHGL+r9c0lWEotcl38XO2bBbdlrcuQlj2qWvxLVim33TtczR5
WqeEIaaOg691dHF07a8ywKMNE7vhg3h3AmqAJ2bIH9RPTx7N9rZiqghZ7YLP/7Mg
xY8ZD+4DIhE=
=EdYS
-----END PGP SIGNATURE-----

« Back to bulletins