Synopsis:          Important: qemu-kvm security, bug fix, and enhancement update
Advisory ID:       SLSA-2013:1553-2
Issue Date:        2013-11-21
CVE Numbers:       CVE-2013-4344
--

A buffer overflow flaw was found in the way QEMU processed the SCSI
"REPORT LUNS" command when more than 256 LUNs were specified for a single
SCSI target. A privileged guest user could use this flaw to corrupt QEMU
process memory on the host, which could potentially result in arbitrary
code execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL6
  x86_64
    qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
  i386
    qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm

- Scientific Linux Development Team