SCIENTIFIC-LINUX-ERRATA Archives

December 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: kvm on SL5.x x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Tue, 7 Dec 2010 15:14:25 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
Synopsis:	Moderate: kvm security update
Issue date:	2010-12-06
CVE Names:	CVE-2010-3698

A flaw was found in the way QEMU-KVM handled the reloading of fs and gs
segment registers when they had invalid selectors. A privileged host 
user with access to "/dev/kvm" could use this flaw to crash the host 
(denial of service). (CVE-2010-3698)

The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove 
(using "modprobe -r [module]") and reload (using "modprobe [module]") 
all of the following modules which are currently running (determined 
using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

SL 5.x

     SRPMS:
kvm-83-164.el5_5.25.src.rpm
     x86_64:
kmod-kvm-83-164.el5_5.25.x86_64.rpm
kvm-83-164.el5_5.25.x86_64.rpm
kvm-qemu-img-83-164.el5_5.25.x86_64.rpm
kvm-tools-83-164.el5_5.25.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2