SCIENTIFIC-LINUX-ERRATA Archives

March 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 1 Mar 2017 15:15:07 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (29 lines) 
Synopsis:          Important: qemu-kvm security update

Advisory ID:       SLSA-2017:0352-1

Issue Date:        2017-03-01

CVE Numbers:       CVE-2017-2620

--



Security Fix(es):



* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator

support is vulnerable to an out-of-bounds access issue. The issue could

occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged

user inside guest could use this flaw to crash the QEMU process OR

potentially execute arbitrary code on host with privileges of the QEMU

process. (CVE-2017-2620)

--



SL6

  x86_64

    qemu-guest-agent-0.12.1.2-2.491.el6_8.7.x86_64.rpm

    qemu-img-0.12.1.2-2.491.el6_8.7.x86_64.rpm

    qemu-kvm-0.12.1.2-2.491.el6_8.7.x86_64.rpm

    qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.7.x86_64.rpm

    qemu-kvm-tools-0.12.1.2-2.491.el6_8.7.x86_64.rpm

  i386

    qemu-guest-agent-0.12.1.2-2.491.el6_8.7.i686.rpm

    qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.7.i686.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2