drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in qemu-kvm-rhev
Name: |
Denial of Service in qemu-kvm-rhev |
|
ID: |
RHSA-2020:3267-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Virtualization |
|
Datum: |
Mo, 3. August 2020, 23:46 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2019-20382 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: qemu-kvm-rhev security, bug fix, and enhancement update Advisory ID: RHSA-2020:3267-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3267 Issue date: 2020-08-03 CVE Names: CVE-2019-20382 =====================================================================
1. Summary:
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
RHV-M 4.3 - x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64
3. Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Add support for newer glusterfs (BZ#1802216)
* Backport: Passthrough host CPU microcode version to KVM guest if using CPU passthrough to RHEL 7.7/7.8 (BZ#1791653)
* After hot unplug virtio-net and vfio nic, hot plug vfio-pci device fails in Win2019 guest (BZ#1721403)
* qemu-kvm-rhev: Qemu: seccomp: blacklist is not applied to all threads (BZ#1618504)
* Fix overzealous I/O request splitting performance regression (BZ#1819253)
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
5. Bugs fixed (https://bugzilla.redhat.com/):
1721403 - After hot unplug virtio-net and vfio nic, hot plug vfio-pci device fails in Win2019 guest 1791653 - Backport: Passthrough host CPU microcode version to KVM guest if using CPU passthrough to RHEL 7.7/7.8 1802216 - Add support for newer glusterfs 1810390 - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect 1819253 - Fix overzealous I/O request splitting performance regression
6. Package List:
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source: qemu-kvm-rhev-2.12.0-48.el7.src.rpm
ppc64le: qemu-img-rhev-2.12.0-48.el7.ppc64le.rpm qemu-kvm-common-rhev-2.12.0-48.el7.ppc64le.rpm qemu-kvm-rhev-2.12.0-48.el7.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7.ppc64le.rpm qemu-kvm-tools-rhev-2.12.0-48.el7.ppc64le.rpm
x86_64: qemu-img-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-common-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-48.el7.x86_64.rpm
RHV-M 4.3:
Source: qemu-kvm-rhev-2.12.0-48.el7.src.rpm
x86_64: qemu-img-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-common-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-2.12.0-48.el7.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-48.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-20382 https://access.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXye73tzjgjWX9erEAQhGiw/7BzImUc9qgkWpuAwhYV3ZJ97FdD9aQYpT Fa5cTR49vkB/2W0JBbX9FhPt/BeL+gvlMV28lMhLQld+T3JiNuCkg/dLld3m383l jaFGAFqvBqW/oMbJ+zmGUEoEeTn2jEv8lF4Qt80RlT8LKZ8ZECYV9GPKd2AwksjU o5AlIYj0dJltO0TwkFrZSZoCTf6U8W/PmNqg0F96NeAbvIBcwZKgvypK3E+01H3x XncUm6AE1SpdoyEBSvG0X76MCRGHLPnpqTmOBC+hJuOGHLK70HT3ux9O2W8Vf3o4 T1BywujkZ+ULKLH2A8JIjoFl2GHfBU2RP8hghWwEC3Lk0A2flyl4uIayXxwAHfI3 Jj1PhSfdFFbnmuA1anp7RU4ciVMRA3uGLDvFHu/XyakI2dKOeCrcsrYq87Ksn7Qo CZIGeDzO7yC6lL8XyrSGsqNpQ9j9J0HM1sRjPAK9TBjRxpSPOZM60dnwc0o9VpOz QOUBYdYsuJbBAtBCT2JjuxEeB2t8yz5FhWlzY2pN0lM09LxHIDI183XPZP9aEvpw hH2WxR8u0RUz0uuYml4QSJgfaFGEZBGe+SYRRQ8VTLv/jpWwwsEJOSJSFiij/FRM gL3ItiliMDOSPYFcZtydLyfvOFtSxzRHex/VKndPcWuOQB5QmhLHquZ56brJg8Nl kRnaQRkkhng= =awUa -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|