LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

February 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA February 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Low: kvm on SL5.x x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 17 Feb 2011 15:35:50 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (38 lines)

Synopsis:	Low: kvm security and bug fix update
Issue date:	2011-01-13
CVE Names:	CVE-2010-4525

A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in 
QEMU-KVM was not initialized properly before being copied to user-space. 
A privileged host user with access to "/dev/kvm" could use this flaw to 
leak kernel stack memory to user-space. (CVE-2010-4525)

These updated packages also fix several bugs.

The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove 
(using "modprobe -r [module]") and reload (using "modprobe [module]") 
all of the following modules which are currently running (determined 
using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

SL 5.x

     SRPMS:
kvm-83-224.el5.src.rpm
     x86_64:
kmod-kvm-83-224.el5.x86_64.rpm
kmod-kvm-debug-83-224.el5.x86_64.rpm
kvm-83-224.el5.x86_64.rpm
kvm-qemu-img-83-224.el5.x86_64.rpm
kvm-tools-83-224.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV