Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Red Hat Enterprise Linux 5 RHSA-2015:1925-01 Critical KVM Heap Overflow

red hat
Calendar Grey October 22, 2015
Dist Redhat Esm H88
Important KVM security patch released for Red Hat Enterprise Linux to mitigate heap buffer overflow vulnerability.
Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

The following procedure must be performed before this update will take effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

Summary

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.
A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)
Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.
All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.

References

https://access.redhat.com/security/cve/CVE-2015-5279 https://access.redhat.com/security/updates/classification#important

Package List

RHEL Desktop Multi OS (v. 5 client):
Source: kvm-83-274.el5_11.src.rpm
x86_64: kmod-kvm-83-274.el5_11.x86_64.rpm kmod-kvm-debug-83-274.el5_11.x86_64.rpm kvm-83-274.el5_11.x86_64.rpm kvm-debuginfo-83-274.el5_11.x86_64.rpm kvm-qemu-img-83-274.el5_11.x86_64.rpm kvm-tools-83-274.el5_11.x86_64.rpm
RHEL Virtualization (v. 5 server):
Source: kvm-83-274.el5_11.src.rpm
x86_64: kmod-kvm-83-274.el5_11.x86_64.rpm kmod-kvm-debug-83-274.el5_11.x86_64.rpm kvm-83-274.el5_11.x86_64.rpm kvm-debuginfo-83-274.el5_11.x86_64.rpm kvm-qemu-img-83-274.el5_11.x86_64.rpm kvm-tools-83-274.el5_11.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2015:1925-01
Product: Red Hat Enterprise Linux
Issue date: 2015-10-22

Topic

Updated kvm packages that fix one security issue are now available for RedHat Enterprise Linux 5.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

Relevant Releases Architectures

RHEL Desktop Multi OS (v. 5 client) - x86_64

RHEL Virtualization (v. 5 server) - x86_64

Bugs Fixed

1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.