Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0833
qemu-kvm-rhev security, bug fix, and enhancement update
6 March 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qemu-kvm-rhev
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-1711 CVE-2019-11135
Reference: ASB-2020.0047
ASB-2019.0330
ESB-2020.0792
ESB-2020.0791
ESB-2020.0416
ESB-2020.0415
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:0730
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: qemu-kvm-rhev security, bug fix, and enhancement update
Advisory ID: RHSA-2020:0730-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0730
Issue date: 2020-03-05
CVE Names: CVE-2019-11135 CVE-2020-1711
=====================================================================
1. Summary:
An update for qemu-kvm-rhev is now available for Red Hat Virtualization
Engine 4.2.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
RHV-M 4.2 - x86_64
3. Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.
Security Fix(es):
* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
* QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI
Server (CVE-2020-1711)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* [Intel 7.6.z Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not
enabled in VM qemu-kvm-rhev (BZ#1730601)
* qemu-kvm-rhev: backport cpuidle-haltpoll support (BZ#1746281)
Enhancement(s):
* [Intel 7.7 FEAT] MDS_NO exposure to guest - qemu-kvm-rhev (BZ#1743632)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/2974891
After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1746281 - qemu-kvm-rhev: backport cpuidle-haltpoll support [rhel-7.6.z]
1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)
1794290 - CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
6. Package List:
RHV-M 4.2:
Source:
qemu-kvm-rhev-2.12.0-18.el7_6.9.src.rpm
x86_64:
qemu-img-rhev-2.12.0-18.el7_6.9.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-18.el7_6.9.x86_64.rpm
qemu-kvm-rhev-2.12.0-18.el7_6.9.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-18.el7_6.9.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-18.el7_6.9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11135
https://access.redhat.com/security/cve/CVE-2020-1711
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/solutions/tsx-asynchronousabort
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXmEVX9zjgjWX9erEAQhqTw/+P0leJrufQAXK+kNLi/lsN5tgSyQRrRMI
XerHD+wMGKcEwkSTStIdwb20LeTjvCmJ2gnZPIJ1834EswOj+ZXngGw5N1XEjm2K
1aj1v5s8jP9Oe/lMVKMp24YqHvJVVD598IFsCLxNWQGbj3UJ7p4HLIZs6o/olcNZ
PO74Eg3mvaTPirxidRzHOEYD84hTEdWv+apanEUxLyN+NcpG5jzNqxD/sXWZbXJn
rWoYUZ72Ex4MOZxEkK+1h5S+l8hD7FrMXNtSCkkqICSoLKtp2L7Tbg0FNPFSyVvp
jIm9Wvmbp7LJhAt5CWUyFeSLtzAxWQaMbB3aHX3FngHkF+G/Ze7BRoTJ/gP7lefq
EbWtuT+EtPdWOXLA2V9MM4rjfCPyAslcy1lkZ/yniTmA6693Qp2RmSbYZstUZErF
UgFvHB+TfYhsuBTbWQ00SweyBGL227hG4Dijt7/9KtO/xOtZW8xK6N6yyXGtNzwr
77LPHgEytQ0xxw+YlG43MdKBWbHWgsQvjv8dPhUH6i0Tosct0NyqczQK9ICtxNzR
g7p4Ad9e6aGnrWQxBD0gE2SGF/f3cu/MRtzpUAEjDzXbhPnGgZHa0FPzC+3ZINpJ
b4y7RL0KXqSsIFM8ArCNi3wK2po+RdVVeVQ3cIi/LVbygErzL6g2XwYrWbhtDYnM
j0vpKdNmslM=
=Kq06
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXmHv8maOgq3Tt24GAQgQGw//QlBcIrQdVOh1ca9x3QOKBifmTjs54GyF
EfW23CjFf5PrGvs4tRN92kPcaT2fB1k+X5lj+5fFhnanAkQFLz9gWyZsmAQZ0s5d
queZ298On/ogRU8BklvRcB/TzfbfZfviZosLMClgWEmJmW0hNQrXBIiqM9PrZHgc
dey/3K0bFvgEdLZHwMRHTpLNsdEoqkVVdd4tvD6VnrqPa8VNQZ7xjwehe3VNa+vE
QzsWQWS1GZDnr1LkqcYqOtRFmbx/UA4iBYFuRYqP2+NcV6JaGxATbC9YMrCSKyn+
X5GWC61VaOHxVNE/O1tujtsQWdAcY4zsRWpDutF9STSZmJq+6/UrJs7U0TfWterL
L5v99qDI92SPe2H+Qx7nZwpo2mmCO1TyOqftox/RGlQ5ujgUJ2p49/Snll+/+MKR
WkM4Q26tOcULs7aNDo4ju4c4IFyfMaN60cfKdFKEElqVUqExtgjA40sRi3AhREX7
1Mt/JQ7ZNqRYe0UAT95rIPEJqUagTfTkMflPBjGT//9pWx4Lo25GJMZCL3qaZo11
LYVbbXbmNLJMB8BRJZbmOWv4yNauGn+eNWCC6q/xDTY3LlJy2kjvA8KkGA9o9o7b
exz1YJGGgPyMqxUfV47T9dyiBlSAwSattrDICnaCJXEPneTASA8iViiS+dJtLjEN
c/Byb/nJZBY=
=q4E6
-----END PGP SIGNATURE-----