Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Important: kvm on SL5.x x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Tuesday 24th January 2012 15:27:00 UTC (over 4 years ago)
Synopsis:    Important: kvm security update
Issue Date:  2012-01-23
CVE Numbers: CVE-2011-4622
             CVE-2012-0029


KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Scientific Linux kernel.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000
network interface card. A privileged guest user in a virtual machine whose
network interface is configured to use the e1000 emulated driver could use
this flaw to crash the host or, possibly, escalate their privileges on the
host. (CVE-2012-0029)

A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT
(Programmable Interval Timer) IRQs (interrupt requests) when there was no
virtual interrupt controller set up. A malicious user in the kvm group on
the host could force this situation to occur, resulting in the host
crashing. (CVE-2011-4622)

All KVM users should upgrade to these updated packages, which contain
backported patches to correct these issues. Note: The procedure in the
Solution section must be performed before this update will take effect.

SL5:
  x86_64
     kmod-kvm-83-239.el5_7.1.x86_64.rpm
     kmod-kvm-debug-83-239.el5_7.1.x86_64.rpm
     kvm-83-239.el5_7.1.x86_64.rpm
     kvm-debuginfo-83-239.el5_7.1.x86_64.rpm
     kvm-qemu-img-83-239.el5_7.1.x86_64.rpm
     kvm-tools-83-239.el5_7.1.x86_64.rpm

- Scientific Linux Development Team
 
CD: 3ms