CentOS: Security Advisory for qemu-img (CESA-2020:0366)

The remote host is missing an update for the 'qemu-img' package(s) announced via the CESA-2020:0366 advisory.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm (BZ#1730606) Enhancement(s): * [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 1734745 - CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rp ... Description truncated. Please see the references for more information.

'qemu-img' package(s) on CentOS 7.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).