Subject: | |
From: | |
Reply To: | |
Date: | Thu, 17 Feb 2011 15:35:50 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Low: kvm security and bug fix update
Issue date: 2011-01-13
CVE Names: CVE-2010-4525
A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in
QEMU-KVM was not initialized properly before being copied to user-space.
A privileged host user with access to "/dev/kvm" could use this flaw to
leak kernel stack memory to user-space. (CVE-2010-4525)
These updated packages also fix several bugs.
The following procedure must be performed before this update will take
effect:
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove
(using "modprobe -r [module]") and reload (using "modprobe [module]")
all of the following modules which are currently running (determined
using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.
SL 5.x
SRPMS:
kvm-83-224.el5.src.rpm
x86_64:
kmod-kvm-83-224.el5.x86_64.rpm
kmod-kvm-debug-83-224.el5.x86_64.rpm
kvm-83-224.el5.x86_64.rpm
kvm-qemu-img-83-224.el5.x86_64.rpm
kvm-tools-83-224.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|