Scientific Linux alert SLSA-2013:1553-2 (qemu-kvm)


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64 
Date:
    	       Mon, 9 Dec 2013 16:02:03 +0000
Message-ID:
    	       <20131209160203.2049.90281@slpackages.fnal.gov>

Synopsis:          Important: qemu-kvm security, bug fix, and enhancement update
Advisory ID:       SLSA-2013:1553-2
Issue Date:        2013-11-21
CVE Numbers:       CVE-2013-4344
--

A buffer overflow flaw was found in the way QEMU processed the SCSI
"REPORT LUNS" command when more than 256 LUNs were specified for a single
SCSI target. A privileged guest user could use this flaw to corrupt QEMU
process memory on the host, which could potentially result in arbitrary
code execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL6
  x86_64
    qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
    qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
  i386
    qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64
Date:		Mon, 9 Dec 2013 16:02:03 +0000
Message-ID:		<20131209160203.2049.90281@slpackages.fnal.gov>