LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: qemu-kvm on SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 22 Apr 2014 21:26:58 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (60 lines)

Synopsis:          Moderate: qemu-kvm security update
Advisory ID:       SLSA-2014:0420-1
Issue Date:        2014-04-22
CVE Numbers:       CVE-2014-0142
                   CVE-2014-0148
                   CVE-2014-0146
                   CVE-2014-0150
                   CVE-2014-0147
                   CVE-2014-0145
                   CVE-2014-0143
                   CVE-2014-0144
--

Multiple integer overflow, input validation, logic error, and buffer
overflow flaws were discovered in various QEMU block drivers. An attacker
able to modify a disk image file loaded by a guest could use these flaws
to crash the guest, or corrupt QEMU process memory on the host,
potentially resulting in arbitrary code execution on the host with the
privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144,
CVE-2014-0145, CVE-2014-0147)

A buffer overflow flaw was found in the way the virtio_net_handle_mac()
function of QEMU processed guest requests to update the table of MAC
addresses. A privileged guest user could use this flaw to corrupt QEMU
process memory on the host, potentially resulting in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2014-0150)

A divide-by-zero flaw was found in the seek_to_sector() function of the
parallels block driver in QEMU. An attacker able to modify a disk image
file loaded by a guest could use this flaw to crash the guest.
(CVE-2014-0142)

A NULL pointer dereference flaw was found in the QCOW2 block driver in
QEMU. An attacker able to modify a disk image file loaded by a guest could
use this flaw to crash the guest. (CVE-2014-0146)

It was found that the block driver for Hyper-V VHDX images did not
correctly calculate BAT (Block Allocation Table) entries due to a missing
bounds check. An attacker able to modify a disk image file loaded by a
guest could use this flaw to crash the guest. (CVE-2014-0148)

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL6
  x86_64
    qemu-guest-agent-0.12.1.2-2.415.el6_5.8.x86_64.rpm
    qemu-img-0.12.1.2-2.415.el6_5.8.x86_64.rpm
    qemu-kvm-0.12.1.2-2.415.el6_5.8.x86_64.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.8.x86_64.rpm
    qemu-kvm-tools-0.12.1.2-2.415.el6_5.8.x86_64.rpm
  i386
    qemu-guest-agent-0.12.1.2-2.415.el6_5.8.i686.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.8.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV