SCIENTIFIC-LINUX-ERRATA Archives

January 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 28 Jan 2016 18:15:41 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (30 lines) 
Synopsis:          Important: qemu-kvm security update

Advisory ID:       SLSA-2016:0082-1

Issue Date:        2016-01-28

CVE Numbers:       CVE-2016-1714

--



An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware

Configuration device emulation processed certain firmware configurations.

A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the

QEMU process instance or, potentially, execute arbitrary code on the host

with privileges of the QEMU process. (CVE-2016-1714)



After installing this update, shut down all running virtual machines. Once

all virtual machines have shut down, start them again for this update to

take effect.

--



SL6

  x86_64

    qemu-guest-agent-0.12.1.2-2.479.el6_7.4.x86_64.rpm

    qemu-img-0.12.1.2-2.479.el6_7.4.x86_64.rpm

    qemu-kvm-0.12.1.2-2.479.el6_7.4.x86_64.rpm

    qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.4.x86_64.rpm

    qemu-kvm-tools-0.12.1.2-2.479.el6_7.4.x86_64.rpm

  i386

    qemu-guest-agent-0.12.1.2-2.479.el6_7.4.i686.rpm

    qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.4.i686.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2