Synopsis: Low: kvm security and bug fix update Issue date: 2011-01-13 CVE Names: CVE-2010-4525 A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM was not initialized properly before being copied to user-space. A privileged host user with access to "/dev/kvm" could use this flaw to leak kernel stack memory to user-space. (CVE-2010-4525) These updated packages also fix several bugs. The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. SL 5.x SRPMS: kvm-83-224.el5.src.rpm x86_64: kmod-kvm-83-224.el5.x86_64.rpm kmod-kvm-debug-83-224.el5.x86_64.rpm kvm-83-224.el5.x86_64.rpm kvm-qemu-img-83-224.el5.x86_64.rpm kvm-tools-83-224.el5.x86_64.rpm -Connie Sieh -Troy Dawson