Synopsis:          Important: kvm security update

Advisory ID:       SLSA-2014:0163-1

Issue Date:        2014-02-12

CVE Numbers:       CVE-2013-6367

                   CVE-2013-6368

--



A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's

Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A

privileged guest user could use this flaw to crash the host.

(CVE-2013-6367)



A memory corruption flaw was discovered in the way KVM handled virtual

APIC accesses that crossed a page boundary. A local, unprivileged user

could use this flaw to crash the system or, potentially, escalate their

privileges on the system. (CVE-2013-6368)



Note: The following procedure must be performed before this update will take

effect:



1) Stop all KVM guest virtual machines.



2) Either reboot the hypervisor machine or, as the root user, remove (using

"modprobe -r [module]") and reload (using "modprobe [module]") all of the

following modules which are currently running (determined using "lsmod"):

kvm, ksm, kvm-intel or kvm-amd.



3) Restart the KVM guest virtual machines.

--



SL5

  x86_64

    kmod-kvm-83-266.el5_10.1.x86_64.rpm

    kmod-kvm-debug-83-266.el5_10.1.x86_64.rpm

    kvm-83-266.el5_10.1.x86_64.rpm

    kvm-debuginfo-83-266.el5_10.1.x86_64.rpm

    kvm-qemu-img-83-266.el5_10.1.x86_64.rpm

    kvm-tools-83-266.el5_10.1.x86_64.rpm



- Scientific Linux Development Team