Synopsis: Moderate: qemu-kvm security update
Issue date: 2011-03-10
CVE Names: CVE-2011-0011
A flaw was found in the way the VNC "password" option was handled.
Clearingaa password disabled VNC authentication, allowing a remote user
able to connect to the virtual machines' VNC ports to open a VNC session
without authentication. (CVE-2011-0011)
After installing this update, shut down all running virtual machines.
Once all virtual machines have shut down, start them again for this
update to take effect.
SL 6.x
SRPMS:
qemu-kvm-0.12.1.2-2.113.el6_0.8.src.rpm
x86_64:
qemu-img-0.12.1.2-2.113.el6_0.8.x86_64.rpm
qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.113.el6_0.8.x86_64.rpm
-Connie Sieh
-Troy Dawson