LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

December 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA December 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 9 Dec 2013 16:02:03 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (31 lines)

Synopsis:          Important: qemu-kvm security, bug fix, and enhancement update
Advisory ID:       SLSA-2013:1553-2
Issue Date:        2013-11-21
CVE Numbers:       CVE-2013-4344
--

A buffer overflow flaw was found in the way QEMU processed the SCSI
"REPORT LUNS" command when more than 256 LUNs were specified for a single
SCSI target. A privileged guest user could use this flaw to corrupt QEMU
process memory on the host, which could potentially result in arbitrary
code execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL6
  x86_64
    qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
  i386
    qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV