Explore top 10 tips to secure your open-source projects now. Read More
×
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
The following procedure must be performed before this update will take
effect:
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.
A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM
was not initialized properly before being copied to user-space. A
privileged host user with access to "/dev/kvm" could use this flaw to leak
kernel stack memory to user-space. (CVE-2010-4525)
Red Hat would like to thank Stephan Mueller of atsec information security
for reporting this issue.
These updated packages also fix several bugs. Documentation for these bug
fixes will be available shortly in the "kvm" section of the Red Hat
Enterprise Linux 5.6 Technical Notes, linked to in the References.
All KVM users should upgrade to these updated packages, which resolve this
issue as well as fixing the bugs noted in the Technical Notes. Note: The
procedure in the Solution section must be performed before this update will
take effect.
https://access.redhat.com/security/cve/CVE-2010-4525 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/search/
RHEL Desktop Multi OS (v. 5 client):
Source:
x86_64:
kmod-kvm-83-224.el5.x86_64.rpm
kmod-kvm-debug-83-224.el5.x86_64.rpm
kvm-83-224.el5.x86_64.rpm
kvm-debuginfo-83-224.el5.x86_64.rpm
kvm-qemu-img-83-224.el5.x86_64.rpm
kvm-tools-83-224.el5.x86_64.rpm
RHEL Virtualization (v. 5 server):
Source:
x86_64:
kmod-kvm-83-224.el5.x86_64.rpm
kmod-kvm-debug-83-224.el5.x86_64.rpm
kvm-83-224.el5.x86_64.rpm
kvm-debuginfo-83-224.el5.x86_64.rpm
kvm-qemu-img-83-224.el5.x86_64.rpm
kvm-tools-83-224.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
Updated kvm packages that fix one security issue and several bugs are nowavailable for Red Hat Enterprise Linux 5.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.
RHEL Desktop Multi OS (v. 5 client) - x86_64
RHEL Virtualization (v. 5 server) - x86_64
503118 - kvm doesn't run with older libgcrypt, but doesn't have a RPM dependency for it
510630 - -drive arg has no way to request a read only disk
513765 - Large guest ( 256G RAM + 16 vcpu ) hang during live migration
514578 - kvm-qemu-img subpackage has dependency on qspice-libs
517565 - build KVM modules for kernel-debug too
517814 - Caps Lock the key's appearance of guest is not synchronous as host's --view kvm with vnc
520572 - SR-IOV -- Guest exit and host hang on if boot VM with 8 VFs assigned
521247 - emulated pcnet nic in qemu-kvm has wrong PCI subsystem ID for Windows XP driver
533078 - use native smp_call_function_many/single functions
539642 - use native pci_get_bus_and_slot function
542954 - Guest suffers kernel panic when save snapshot then restart guest
555727 - Time drift in win2k3-64bit and win2k8-64bit smp guest
569743 - Change vnc password caused 'Segmentation fault'
572825 - qcow2 image corruption when using cache=writeback
574621 - Linux pvmmu guests (FC11, FC12, etc) crash on boot on AMD hosts with NPT disabled
575585 - memory reported as used (by SwapCache and by Cache) though no process holds it.
580410 - Failed to install kvm for failed dependencies: ksym
580637 - Incorrect russian vnc keymap
582038 - backport EPT accessed bit emulation
583947 - Guest aborted when make guest stop on write error
587604 - Qcow2 snapshot got corruption after commit using block device
587605 - Failed to re-base qcow2 snapshot
Get the latest Linux and open source security news straight to your inbox.