Synopsis: Important: qemu-kvm security and bug fix update
Advisory ID: SLSA-2017:0396-1
Issue Date: 2017-03-02
CVE Numbers: CVE-2017-2615
CVE-2017-2620
—
Security Fix(es):
* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator
support is vulnerable to an out-of-bounds access issue. It could occur
while copying VGA data via bitblt copy in backward mode. A privileged user
inside a guest could use this flaw to crash the QEMU process resulting in
DoS or potentially execute arbitrary code on the host with privileges of
QEMU process on the host. (CVE-2017-2615)
* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator
support is vulnerable to an out-of-bounds access issue. The issue could
occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged
user inside guest could use this flaw to crash the QEMU process OR
potentially execute arbitrary code on host with privileges of the QEMU
process. (CVE-2017-2620)
Bug Fix(es):
* When using the virtio-blk driver on a guest virtual machine with no
space on the virtual hard drive, the guest terminated unexpectedly with a
“block I/O error in device” message and the qemu-kvm process exited with a
segmentation fault. This update fixes how the system_reset QEMU signal is
handled in the above scenario. As a result, if a guest crashes due to no
space left on the device, qemu-kvm continues running and the guest can be
reset as expected.
—
SL7
x86_64
qemu-img-1.5.3-126.el7_3.5.x86_64.rpm
qemu-kvm-1.5.3-126.el7_3.5.x86_64.rpm
qemu-kvm-common-1.5.3-126.el7_3.5.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.5.x86_64.rpm
qemu-kvm-tools-1.5.3-126.el7_3.5.x86_64.rpm
– Scientific Linux Development Team
