—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2227
qemu-kvm-rhev security update
24 June 2021
===========================================================================
AusCERT Security Bulletin Summary
———————————
Product: qemu-kvm-rhev
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service — Existing Account
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-29443
Reference: ESB-2021.2034
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2529
– ————————–BEGIN INCLUDED TEXT——————–
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: qemu-kvm-rhev security update
Advisory ID: RHSA-2021:2529-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2529
Issue date: 2021-06-23
Keywords: Security
CVE Names: CVE-2020-29443
=====================================================================
1. Summary:
An update for qemu-kvm-rhev is now available for Red Hat Virtualization for
Red Hat Virtualization Host 7.
Red Hat Product Security has rated this update as having a security impact
of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives
a detailed severity rating, is available for each vulnerability from the
CVE
link(s) in the References section.
2. Relevant releases/architectures:
RHV-M 4.3 – x86_64
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts – ppc64le, x86_64
3. Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux
on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.
Security Fix(es):
* QEMU: ide: atapi: OOB access while processing read commands
(CVE-2020-29443)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
5. Bugs fixed (https://bugzilla.redhat.com/):
1917446 – CVE-2020-29443 QEMU: ide: atapi: OOB access while processing read commands
6. Package List:
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source:
qemu-kvm-rhev-2.12.0-48.el7_9.3.src.rpm
ppc64le:
qemu-img-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.3.ppc64le.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.3.ppc64le.rpm
x86_64:
qemu-img-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.3.x86_64.rpm
RHV-M 4.3:
Source:
qemu-kvm-rhev-2.12.0-48.el7_9.3.src.rpm
x86_64:
qemu-img-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.3.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-29443
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBYNNCb9zjgjWX9erEAQiVjQ//UTo9QFfI7cWEouo7cMNeu/fwt8z6BkOz
GwLbatgKNoiMizLFpi5VOQqrZp3Ru5wkd81l6rNZOSGdWVGaRmf+css75Pd/xLsR
HJzKZGP4KP4YPexMjm5gRJPOxCp4YNPVDOmw0n6ATxGXG4GtjhznKkleFnnISCQh
ofUawcr3uZAc8IfkSGKomFZXVCtwVLs5lZHGK6NFJyGGLxLPWjM6fumofaLXO8Rw
EpEZzHnP5suc9QmWeGnzcLXzRZHrhVSDZhhtREEIrtHY7llrWmQVYk/YEDvhYH7a
ZDsvcVab/JFkSq3oBY2hZe3AI2tEo57/g013j7uZAfwlYNlYbsKsD5BHWvToFGbT
eUr66K+VzOAD+vdYDsg3vu0qi0G1cnaCGyuuLNUGM6eahj6Qbvf1yjAa0N36+x8Q
whOIaz8tueLSmEXazDio0evaamyHom3aJbtXYIuom1u/I6rL0+SJ5bb/w5Qg3n5a
ZLCRaQWGn/GN4D2Dcdv5gbAhqHy89T9mUfqPIHYOzfATsBUXninIW9zqwMRUNl3V
0NYu1DcGNIfV4q7s0grVV1VBi2NvWlIvnzVdvahVPN9cdWXE/VBDk6Y+XQ8UnkVp
vFbzt9GKGEqZEQ/pmvVvpJGHISprH5bUicbU6YyuWBWRl1oHt8F+ei9rczFOA/LD
w/RDRXZPuD4=
=g/Ds
– —–END PGP SIGNATURE—–
– ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYNPTk+NLKJtyKPYoAQgf3RAAq8fUk+jt9oT+UB2p4olSZU+CSzj+FGVk
4T5kxzcyU2Gjg6GxusjtLA4D46qkVeQ3/4qh0UCUncnyVJ7ay3cYu5q05WycdQoa
ZCqLnnP+94585J3zrhcnj17/2fXi4ccdlKDFShpFeHyX7SUPXcG1AmKrOiQHkF5r
uKYIGlJoIbPrkrkBuMTOX6pWRCAtHEEwskLTnBSKUTxG4QBYf/ga/SeqmbBDhgRi
kdeoSvz65y3YJySDXxvfDxH+JnoRI/XtHVEItANKFpHn0pSTftjMPXsgbSVs1hqS
PjndoTUF4JxreHg1CNCLPZ7oPHKYm0AC08dQj9Vb4W8X4YNG+usVeoGrhIxG9VJa
bsK7+pZAO+o6DiXhtnGGzMXe5wnyT8anrgOc6VtJQqcZet6Ajn3q0LcC8TvtD5oc
wYgevssuZHVKnBFZ+DMDmwvRfMHREvbLl1gcFWDTOzX4aPpC9IGfi4JcUz7GiKAx
FD6C9LSBQXFQjCaaokA6vY+JNeuo6f6vkHAXAGBCsMpQ6ra2oc8EY/TVWqRaFdeQ
X71CPLHzK3QGPW1qTG4c+d/0SrJTaFGs5ffHL7OKT0Hzz3GGM68Q0x+FSnh0tg32
lSkdVYyoYHWWGBqt0+5VKUuYKso1+bxWxyLmYYYdaUM+dQIwtdgXkz448DOg0ik8
SmY05HyxJG4=
=Dlnk
—–END PGP SIGNATURE—–
The post ESB-2021.2227 – [RedHat] qemu-kvm-rhev: Multiple vulnerabilities appeared first on Malware Devil.
https://malwaredevil.com/2021/06/24/esb-2021-2227-redhat-qemu-kvm-rhev-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2227-redhat-qemu-kvm-rhev-multiple-vulnerabilities
No comments:
Post a Comment