ESB-2018.1553 - [RedHat] qemu-kvm: Access privileged data - Existing account 2018-05-23

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1553
                    Important: qemu-kvm security update
                                23 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu-kvm
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux Server 7
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-3639  

Reference:         ASB-2018.0121
                   ESB-2018.1548
                   ESB-2018.1545

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:1656
   https://access.redhat.com/errata/RHSA-2018:1657
   https://access.redhat.com/errata/RHSA-2018:1658
   https://access.redhat.com/errata/RHSA-2018:1659
   https://access.redhat.com/errata/RHSA-2018:1661
   https://access.redhat.com/errata/RHSA-2018:1662
   https://access.redhat.com/errata/RHSA-2018:1663

Comment: This bulletin contains seven (7) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1656-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1656
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
qemu-kvm-0.12.1.2-2.355.el6_4.11.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-img-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.355.el6_4.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

x86_64:
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQw/NzjgjWX9erEAQibHhAAnQB3w7HZPsbJL4CZmQ6RiV2jFetYREs4
3uKesj4cIVIg5J1LtGU7sr8HW6dObPGoaqUcTtufUJRGYeQ0K70HJBdnQp7uzG7E
8xR4IjPcYYlPXQKTkFSVRhSi70UMljLMrNKkSK0bx5SSTr6n9EDbgJ2NqqIUa/Se
ltBHixPaMZsGF039djGCmTaeqzApL54KxbRS7ypC5FI2nM6CmGNpSTzL7g30lgVu
ryb4IrmG6OeujXA6WYMRjR7/ELfZ/APQFBnZwY4SnBlO544mu6WT7dh2fqnOqZy4
7vfXvhw/S7BqhBW+YTh9dp+KKXaeU/GhIrdTtJ7G5eF2QC0wZp1NxHhq7CMN/ROE
sj12U4EEZwn0/J+/DZu8eoXsDu8vA1u4JYr0fhDKlnGL1grkfHyzS83isTrelPkr
Rug5Efss9YNrUlPJIjcvPRmGOBEwHev73PYGRbEq/T0BeLKK9w3aXJX35hfoSaCU
yNCkR06oH4q8mvK1kIvwOdkZOiPhezYDz91PsCZ9W7TO0meOyb1OVSL3z5KfsnhT
95g3HETNqfAkzO4kh/CG63mlkdWpwU1r4+SnzV88iZcqZIR8d47Iy/2SwZhISIzu
0b3T1Jh1Tp3TlhX86gJa0GpzlpAz3Hs0vuULuSnQz02K7B6V56R/rRe+1IsqZR3H
QDFk7cwzswg=
=J81W
- -----END PGP SIGNATURE-----

============================================================================

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1657-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1657
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
qemu-kvm-0.12.1.2-2.415.el6_5.18.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-kvm-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.415.el6_5.18.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQptNzjgjWX9erEAQg7Fg//d90hzc3/kpDZi3LfAg9EkN5aImN4Yizb
al6n73dSfw4qShRsaE8lculzn7YNZAffzM1JN5XRlDiFTjUv3k+QYfY3YJDHsNTO
6WfVBnTR25aJXGrMF4MgBnwcputmIe60kYuyaLZzVoubMeBlkWBDuf5l+Ct641zR
7upVb3LitSUBqvmesRbswpFEVqecsnCpAOC9ah7cvHYIqeXu/6/jT/lTAY/xtcLD
qkkuB6My7JT1nSGKgeN/11xQawh/BmskOZXktbpN+7yvGV96IpUOJ85sqJYV6Ux+
LB734yHnfsDxdc1gu92UQCy+FOefLbOpbVRriiZvJlhQHuPf1mOTWVN7Wer0cYFs
lXgwrw5jHFLc2UZQzqYVzguAcJYjAXZhiQoI9Rx2J/K1+lQsCGqqraJrJIlRPPxk
cYjibTjhptpj7syt426+WPIFMI6RyFaHDg3u34VMFVmwm6hLRTk9a2aHPgSOT7ZB
niOSM1xGhkXKdWaboOxt0EtaUa1K4Upv01WU3n9B9pbiB7RkFS9C1IKhyFnpH7jg
aEqXfwvSpmsnEM+f2drDjHj39M2ue+nAbjlz06CD7sPIquyWRpmJq3uGSs7nEE4l
6H+oTkBhC5UrucTEy9CJWAiEIsBWFVwAczOegjhaeu5iJ+mkyB3FSE4Q79iGdkMf
5dx/R0XzmDM=
=pzi7
- -----END PGP SIGNATURE-----


============================================================================

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1658-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1658
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
qemu-kvm-0.12.1.2-2.448.el6_6.6.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-img-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.448.el6_6.6.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source:
qemu-kvm-0.12.1.2-2.448.el6_6.6.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-img-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.448.el6_6.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwS9zjgjWX9erEAQgB6RAAoAoZvcJTo5OQMCqptpRU4a+ZPmlB3C9C
2Z3vFhGS+sgF1FUkqMfy8JcFpVaDjFKK+TUAVFKTEz0Hhawd+0xYRuUKNku7DXHI
r5PK/2ex3AoJezXxkyuGwODKYjX0siG3nuIdGw+qD3VnIF1jaAVNpK+fnqzTVKrs
AdOMGv18xJw4joxDNZNUCi3jDfgAVLwAdLGyWzhYnmIT14BfOnuSo3YDmxoeV45X
Kmnj7rF4DQQPzPIejHf5stJu55iJM0cOWO51bmBakybIizFKdDKiCiGuVTsHkFXg
gHHxA7VwdrrSC2MofyBEP0jsd9LhFskZdi4+ZdmQT7tPbf59k6Nms+RoBgUGaNJv
zLAX9b2OusjR3deoe1KIdNF7KYG6B9YWuV7vnykT4Wofg/GUesFYr3SZpXxVtud8
fbCUh2OiYXROtXXIHj+D7E3TbR5HSMtbrVrPF4vyE3GQ5VyNBL82lFYl0vhh+IzW
HefX9XJEVYXT4dBZUEA1ombB2zn8lvYyXiQHThOF1BswlZmELEX72gxbrPWsGUr5
VXuufoLcUd9VLcrsloHDS6IqyWodKYczZSQL5rEnGxGL5osjSWcXq9WvS2MUzTTM
wVgjskHPLaozCO7/GitjRGNwKGiFAWbkb9IxeQV+e8hrAq2JD0X2RvW8fZtPd5o2
9eWpfBsNk3w=
=1FPw
- -----END PGP SIGNATURE-----


============================================================================

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1659-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1659
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
qemu-kvm-0.12.1.2-2.479.el6_7.7.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-img-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.479.el6_7.7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
qemu-kvm-0.12.1.2-2.479.el6_7.7.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.i686.rpm

ppc64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.ppc64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.ppc64.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-img-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.479.el6_7.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwntzjgjWX9erEAQgqIg//S3l80PbK4YoZsYy3KOepOQvOVuwxVpI3
AYA9hZ7e28id38cA5tI36m+rx+lkQdVD5AyoIY/stqhRdFiLvydOeHTztiiDr1ab
pCo7nRhFCP9LmvDJil65K74GkxBREGB1rXt7/TWmZrXuM0fPX4MgAYEFEkoE0wbW
ak3RNwk39oLtEjESd1/xzChQ2t7JYGRtftzp2HowJ/ohpU9pCVzBzWC72TgIQnHO
pPjUMFiuvFlzduIc6ZMhmT7oivNwGmXc/4jswwAAPDoqxodjzJ6nQCC1snEOHNCO
ffg96lMOVXGchcnZVWLl7lLx5npL3lzVEDMvWePafqZ1zGuiOSXk52Ml2BDz9Xbn
BoPHs+kA5pH/ggy2w9alq1FKOyTU8hGho8cXq087d+UsUdquQLKgq9pmkBHxY0Dk
f/58DHOt3oCB1FZ3CMJuat9y21JNWiA1DpSMlExhexYOF2X8ARz/r39ikD+y383y
hX3A15uY9vkvYGV5PHJYyHrrz7czsWgdqi55liUSojrjJ+TBTkb8f2dne3MkOA8l
83nrWYMZQp2qJBxH0uMfBRjcyzdxCnNSd79E8yCAzmain4vD/D62JbobY9/0cxzi
YGLhJcTdU9NIfphNMaWNdfqq61We7zHQn9KN4UExTO3ikTkguhX7BLYqfUqeSk76
27jVYeNH7v8=
=jS9o
- -----END PGP SIGNATURE-----


============================================================================

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1661-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1661
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.2) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
qemu-kvm-1.5.3-105.el7_2.17.src.rpm

x86_64:
libcacard-1.5.3-105.el7_2.17.i686.rpm
libcacard-1.5.3-105.el7_2.17.x86_64.rpm
qemu-img-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-common-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-tools-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source:
qemu-kvm-1.5.3-105.el7_2.17.src.rpm

ppc64le:
qemu-img-1.5.3-105.el7_2.17.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.ppc64le.rpm

x86_64:
libcacard-1.5.3-105.el7_2.17.i686.rpm
libcacard-1.5.3-105.el7_2.17.x86_64.rpm
qemu-img-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-common-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-tools-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source:
qemu-kvm-1.5.3-105.el7_2.17.src.rpm

x86_64:
libcacard-1.5.3-105.el7_2.17.i686.rpm
libcacard-1.5.3-105.el7_2.17.x86_64.rpm
qemu-img-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-common-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-tools-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
libcacard-devel-1.5.3-105.el7_2.17.i686.rpm
libcacard-devel-1.5.3-105.el7_2.17.x86_64.rpm
libcacard-tools-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.2):

ppc64le:
libcacard-1.5.3-105.el7_2.17.ppc64le.rpm
libcacard-devel-1.5.3-105.el7_2.17.ppc64le.rpm
libcacard-tools-1.5.3-105.el7_2.17.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.ppc64le.rpm

x86_64:
libcacard-devel-1.5.3-105.el7_2.17.i686.rpm
libcacard-devel-1.5.3-105.el7_2.17.x86_64.rpm
libcacard-tools-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.2):

x86_64:
libcacard-devel-1.5.3-105.el7_2.17.i686.rpm
libcacard-devel-1.5.3-105.el7_2.17.x86_64.rpm
libcacard-tools-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQqMtzjgjWX9erEAQhz4g/+P5UH4oBk7Oxv6k6Yxa+lf5ZMrSvFe+9U
W4bch6nEWTAV6fMTfybfRgVDGF8WWyqaCNC3gjqA+xAveTo81IRHtyOT2I2+Zr45
+t/niCIORdASGV1thP1/DefctpyWN1oTYpxGPeNWfhfA4hCl/v6GGFOo9tst5hJ6
bB2aXDQmRHYhea4y2y4XHGoYI38CpnuC/eDUyDf4f5JwNCNcuZhdiXRWvvZlsVvT
gqq6fVKOIfg4sA2qxKEG11svg8bk9SmIi53D5fIH+2AWY4sFazItdKDCap6PzUmP
1MwqfgaD2TgBP56PFAtQemimgmvARTHbkwR3qAg6xfYbyoWYBJhI88SmMUL7qGO/
dQ5wYA/9GwyCMB/OhIO9qMyKGzSFfEF/v7+4H0QPjv2JRE21qvq+tpBLh5KVAcmO
OglxEmUSSjuUOBakyvMTpVmGOUofCbu7xYmmA19ZDzqu+HhXvxQ6j5Q62kShD4Sb
DlRborQvocRHdKf1ru7cKolmJ8VCQjdTbVeTIAvZzQ3rMwBRhQ483zAw/MSMDHI8
pAJOM34fMtqub7jxNe1NDIRxuXEmbaJFBY7PYnIYhcRK+J7vdkYSyo9H4DXuWFik
875z/O5MpLXZ9PO6vOnweiUmJ+bhJGZ4hcRuhPwWag18a8yGjM7XNsNt1Pn8qW0O
NvFUoTSfELw=
=E6y6
- -----END PGP SIGNATURE-----


============================================================================

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1662-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1662
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

Source:
qemu-kvm-1.5.3-126.el7_3.14.src.rpm

x86_64:
qemu-img-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-common-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-tools-1.5.3-126.el7_3.14.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
qemu-kvm-1.5.3-126.el7_3.14.src.rpm

ppc64:
qemu-img-1.5.3-126.el7_3.14.ppc64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.ppc64.rpm

ppc64le:
qemu-img-1.5.3-126.el7_3.14.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.ppc64le.rpm

x86_64:
qemu-img-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-common-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-tools-1.5.3-126.el7_3.14.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQw89zjgjWX9erEAQgKbQ//aYH1eeiZ58ROUldya0L537oBupzAYFje
KuMIGVqTss4nh9B3jYyeYY6v1m1zB5BK9QpXImIVmx8DZ1Fkviv1Z9LvxsCle78g
x5aOlXN4LJMBQ0seIQOuWMze5/4L2ZPSwedKa4jIiX623+aG9TUunuNhta2Me4cz
2rwozZpW1UKR2FNC94uKMB3sERo92w2b52fDjLuQpWvuiWN+aJWQzSGDYGFOWBLi
Jgb69BYp0rSgOwxKsns/+wWwbHbow7/H/WYHnwgx4jn3b6i7zBOJUbQDMlnr3FfP
4/SyvXimQrTdrWMgUouNLg4BxOIJyStypNmAb5cxIw6lcjz2n7IxrktNO7VR5Ko8
nIB6pw6aKzpPHClw8G90Edmsdnpct7eAUTui+OC3Y8CQrpnKZghtw8G1FmdSirwO
HILjx5BavJ02AQE84guYKCrFEjLjAaOC7/vNAA2JqYfDwxB+jU5iGfaXCPO2g/Hm
+1QZbUiXtA7WGYvkvrlu352tNCYb0TCmzNnq0fzOa83uUVi594Dl/L9n4sE1l6YN
wRThtXN9atxhoNH4TbvMKgJ0M6IP6imZyPiC13batjvuucJJgJ6KBGmtGyaD25Zl
keyM09qBVVGGd1mcc4VYvNt2Jsg+p/RizSNLNs4YFL7w/UnY04UqcdFTrzFzWCKg
UvRRtwiY0Uo=
=6bI2
- -----END PGP SIGNATURE-----

============================================================================


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1663-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1663
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64, ppc64le, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

Source:
qemu-kvm-1.5.3-141.el7_4.7.src.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
qemu-kvm-1.5.3-141.el7_4.7.src.rpm

ppc64:
qemu-img-1.5.3-141.el7_4.7.ppc64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.ppc64.rpm

ppc64le:
qemu-img-1.5.3-141.el7_4.7.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.ppc64le.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQprdzjgjWX9erEAQiU8Q//dacyGt5QBy4nm0fU1yuk6qUXgreMOQyG
5xgQo/WTaDPntW+4exa+YU3AfX8SWW9G1ZbGPGh0MkqXqnJJTxfc/wFmZiHV9MKD
Ky4i/VInHwQfatwD5Rd4q7u0/vpaWe2QLyISy+7QiiJ6hgCm4folMlEvcd+Ok45B
vfEz03JHsZi83+Dz5sUu8hOKIvOBIse/4gXLdejILs2kfyodpUtm6G9yB4f3SiOe
pKS/VeGh224u6s7dY9kv2Jb01792POXpP5AX5HpA2V6jOB4qoAXjCpclDLmz03hV
sAggXx6fK+hEsjOdu6FE4ejyNM77zhyZidvbCj5C2wZY3uSPLsj3md+u3Q8pKC/T
UvE0JrGePZC2iCJ3PZ6fDMgZOYV+LIv7nJiuWAzWvDyBy70/Gimzg6GFNHGEH65Y
ZjQoPkyXqeljIj4jeBDiyJYRoKGWRYLKroX+1qDzT1OMs+4cw/JzcWXmXe8WTiO0
HNQd237j95+T9A+RH527MwDlO8PEzF7u7jEnaA3dQQFA6kceYWgGM8HmjcLkSs11
cDgskR9OeqoyJIq34VDs6s5v5UZFopn6xbDqfVHaxaC481PZF31wydi5GoWHdDKq
AIvb8pZKHuvWB4HE5R3/72BR0y3gK97QB9JfKNz3cLHbz60UVDjFy23GdOnivhqe
SyWXPrW6Pxk=
=knS2
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWwSxdox+lLeg9Ub1AQjbZA//W5GIUjuUcZV1SMALRnjykT6BC9FcDHR0
HlwTsZgwFu3U/zRiUgHFR+PPfssQosmRG3USIVlWup4KhoMGwEubOrxUjRgQZWOa
EYXFP8N5wbuRBS6I8BNV0tFHJWBo8ocafEJqgkyTCLLcsoylR+NKiJljrB9ATKgq
gOiHsdVzchHZpHKrtQ9KY2Z1B26xbTX84ClbcnRQEY0r8Rgi4aaQmPqW1eRnfadZ
HeGpqcc4rvMWdgAVrFD84nULlWoFykXLx+lU/rIpOiZcNCzF1QkXoH0f8dIUSIBU
YU6P/lwmBBc0UKu3WkKRJPQPX9+4lp/pAUv55a5AbNBTM70sUQKWrhQj4dlSEm0S
OWBnvJcU+VNhCqm8VRpIjOdXCA0A5KBxm14sZHdthw0x72nkfJhZUwmIxSJhQGRM
UOlmm4tNmu9EYo83ZnsnJyRyGLWCXun9fWVSwj/Gyn3FoUbAtBvCf78AtLqxrQ48
A8MrNRYLDqXJiDe9fpYrB0U4/DYiOp9on80Jhp4M2pUyCRebqotc/kJ135oCO3yz
XzMW/mvHD9Rio+Zk65JyXBJzI0lpAJQ4n3Ynvhso84VQYiZamsSpg4rX628rEycW
Q/9bKG+fdaOb5Q0i/hGai1pIfr3s+NLdT+KA/KFiR6t9n9M9KcroHa+h5uWowUU5
eG4Yq7mZ6Fg=
=T9va
-----END PGP SIGNATURE-----

« Back to bulletins