Synopsis: Important: kvm security update Advisory ID: SLSA-2014:0163-1 Issue Date: 2014-02-12 CVE Numbers: CVE-2013-6367 CVE-2013-6368 -- A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A privileged guest user could use this flaw to crash the host. (CVE-2013-6367) A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6368) Note: The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. -- SL5 x86_64 kmod-kvm-83-266.el5_10.1.x86_64.rpm kmod-kvm-debug-83-266.el5_10.1.x86_64.rpm kvm-83-266.el5_10.1.x86_64.rpm kvm-debuginfo-83-266.el5_10.1.x86_64.rpm kvm-qemu-img-83-266.el5_10.1.x86_64.rpm kvm-tools-83-266.el5_10.1.x86_64.rpm - Scientific Linux Development Team