Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0842
Important: qemu-kvm-rhev security and bug fix update
6 September 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qemu-kvm-rhev
qemu-kvm
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Existing Account
Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2012-3515
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2012-1233.html
https://rhn.redhat.com/errata/RHSA-2012-1234.html
Comment: This bulletin contains two (2) Red Hat security advisories.
This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running qemu-kvm-rhev or qemu-kvm check for an updated version of
the software for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: qemu-kvm-rhev security and bug fix update
Advisory ID: RHSA-2012:1233-01
Product: Red Hat Enterprise Virtualization
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1233.html
Issue date: 2012-09-05
CVE Names: CVE-2012-3515
=====================================================================
1. Summary:
Updated qemu-kvm-rhev packages that fix one security issue and two bugs are
now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
2. Relevant releases/architectures:
RHEV Agents (vdsm) - x86_64
3. Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the
user-space component for running virtual machines using KVM.
A flaw was found in the way QEMU handled VT100 terminal escape sequences
when emulating certain character devices. A guest user with privileges to
write to a character device that is emulated on the host using a virtual
console back-end could use this flaw to crash the qemu-kvm process on the
host or, possibly, escalate their privileges on the host. (CVE-2012-3515)
When using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed
by Red Hat Enterprise Virtualization:
* This flaw did not affect the default use of KVM. Affected configurations
were:
- - - When guests were started from the command line ("/usr/libexec/qemu-kvm")
without the "-nodefaults" option, and also without specifying a
serial or parallel device, or a virtio-console device, that specifically
does not use a virtual console (vc) back-end. (Note that Red Hat does not
support invoking "qemu-kvm" from the command line without "-nodefaults" on
Red Hat Enterprise Linux 6.)
- - - Guests that were managed via libvirt, such as when using Virtual Machine
Manager (virt-manager), but that have a serial or parallel device, or a
virtio-console device, that uses a virtual console back-end. By default,
guests managed via libvirt will not use a virtual console back-end for such
devices.
When using qemu-kvm-rhev on a Red Hat Enterprise Virtualization managed Red
Hat Enterprise Linux 6 host:
* This flaw did not affect the default use of a Red Hat Enterprise
Virtualization host: it is not possible to add a device that uses a virtual
console back-end via Red Hat Enterprise Virtualization Manager.
To specify a virtual console back-end for a device and therefore be
vulnerable to this issue, the device would have to be created another way,
for example, by using a VDSM hook.
Red Hat would like to thank the Xen project for reporting this issue.
This update also fixes the following bugs:
* Previously, the KVM modules were not loaded by the postinstall scriptlet
of RPM scripts. This bug caused various issues and required the system to
be rebooted to resolve them. With this update, the modules are loaded
properly by the scriptlet and no unnecessary reboots are now required.
(BZ#839897)
* Previously, when a guest was started up with two serial devices, qemu-kvm
returned an error message and terminated the boot because IRQ 4 for the ISA
bus was being used by both devices. This update fixes the qemu-kvm code,
which allows IRQ 4 to be used by more than one device on the ISA bus, and
the boot now succeeds in the described scenario. (BZ#840054)
All users of qemu-kvm-rhev are advised to upgrade to these updated
packages, which fix these issues. After installing this update, shut down
all running virtual machines. Once all virtual machines have shut down,
start them again for this update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability
6. Package List:
RHEV Agents (vdsm):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.src.rpm
x86_64:
qemu-img-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-rhev-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-rhev-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-3515.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQR4YVXlSAg2UNWIIRAq5WAJ9Z18R5/JvEpbbnZm47gi4lcxRSpACdHlZA
BcVS3dd+MxlwoYjMQtUCINU=
=3sF2
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: qemu-kvm security update
Advisory ID: RHSA-2012:1234-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1234.html
Issue date: 2012-09-05
CVE Names: CVE-2012-3515
=====================================================================
1. Summary:
Updated qemu-kvm packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - x86_64
3. Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space
component for running virtual machines using KVM.
A flaw was found in the way QEMU handled VT100 terminal escape sequences
when emulating certain character devices. A guest user with privileges to
write to a character device that is emulated on the host using a virtual
console back-end could use this flaw to crash the qemu-kvm process on the
host or, possibly, escalate their privileges on the host. (CVE-2012-3515)
This flaw did not affect the default use of KVM. Affected configurations
were:
* When guests were started from the command line ("/usr/libexec/qemu-kvm")
without the "-nodefaults" option, and also without specifying a
serial or parallel device, or a virtio-console device, that specifically
does not use a virtual console (vc) back-end. (Note that Red Hat does not
support invoking "qemu-kvm" from the command line without "-nodefaults" on
Red Hat Enterprise Linux 6.)
* Guests that were managed via libvirt, such as when using Virtual Machine
Manager (virt-manager), but that have a serial or parallel device, or a
virtio-console device, that uses a virtual console back-end. By default,
guests managed via libvirt will not use a virtual console back-end
for such devices.
Red Hat would like to thank the Xen project for reporting this issue.
All users of qemu-kvm should upgrade to these updated packages, which
resolve this issue. After installing this update, shut down all running
virtual machines. Once all virtual machines have shut down, start them
again for this update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm
x86_64:
qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm
x86_64:
qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm
x86_64:
qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm
x86_64:
qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-3515.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQR4aLXlSAg2UNWIIRAuX1AKCtm0W/vBwvrWRdSz61z5ZJNn2njgCgw2um
TP5x39UypbWuP2VGJSvlSws=
=9N5w
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUEgrP+4yVqjM2NGpAQI/LxAAqSQHLFW1SV223/7Ducm+9DRYOrCvu7T5
03DXLOoftDnsbSwIEX8fFlQLR4Q4tevCmobGjbeJ6570Xy8UkR7MIR6vTbe40T/f
PS2tOIEjMpLg1xThIHJHBEfTCxfGV+hQfJ+cLFvUoOEi/8o0kNBKrfzGfTFoR88s
2BV8zD3/8nJ+a55Uqa2DLE0h0QiQPN275OS+znCg3SEba9WCG9SCKb0LDmQz5+dU
lUEPq2MD+ii30qAOeBte1aEx0DXOxe1Zn7+D2sob5wKQZ8/U6FwIUnYyY7/8PgKh
/csUxLggsgfr8gZOTv5HLHy6VmCx1bNoTXOdt3CktzBmVufdn4uYjJXB8DBB7w2Q
bEjLePYb/59nIkwrlN7MeK0g0A4p+582mK+Y8ga4Ryw5AWp1fs1EpkQJFD8Wc3Wx
oc5XUTK+X27k4R43oSEdAnmE74zupyZZAfWTWie/jXakOZovTUQbr0mLv7VrAO6Y
FrCEtfRJ4TuBN7qjpPpfJGdU/m+bv5SfJBG6lAKFAkY/grP8RYiZjJCLbTmAYn5A
8vMuzCTb6C01D+ug/ZxxEYzQU/mAXgp+giAwWS3u+t3DVwIMB3js65K4ASw0q2fY
T3Qf+K6FFFHN0uKdLkmPq+XD9Kbd2Fh2nZBZMovnHzgOpth0x1OzNLGwYjqvNu+3
K23S7UYZjkE=
=kd6X
-----END PGP SIGNATURE-----