Date:         Wed, 5 Sep 2012 14:04:55 -0500
Reply-To:     Pat Riehecky 
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Organization: Fermilab
Subject:      Security ERRATA Important: qemu-kvm on SL6.x x86_64
MIME-Version: 1.0

Synopsis:          Important: qemu-kvm security update
Issue Date:        2012-09-05
CVE Numbers:       CVE-2012-3515

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space
component for running virtual machines using KVM.

A flaw was found in the way QEMU handled VT100 terminal escape sequences
when emulating certain character devices. A guest user with privileges to
write to a character device that is emulated on the host using a virtual
console back-end could use this flaw to crash the qemu-kvm process on the
host or, possibly, escalate their privileges on the host. (CVE-2012-3515)

This flaw did not affect the default use of KVM. Affected configurations
were:

* When guests were started from the command line ("/usr/libexec/qemu-kvm")
without the "-nodefaults" option, and also without specifying a
serial or parallel device, or a virtio-console device, that specifically
does not use a virtual console (vc) back-end. (Note that Red Hat does not
support invoking "qemu-kvm" from the command line without "-nodefaults" on
Red Hat Enterprise Linux 6.)

* Guests that were managed via libvirt, such as when using Virtual Machine
Manager (virt-manager), but that have a serial or parallel device, or a
virtio-console device, that uses a virtual console back-end. By default,
guests managed via libvirt will not use a virtual console back-end
for such devices.

All users of qemu-kvm should upgrade to these updated packages, which
resolve this issue. After installing this update, shut down all running
virtual machines. Once all virtual machines have shut down, start them
again for this update to take effect.

To resolve dependency issues, the usbredir packages have been added to 
the repos.

SL6
   x86_64
     qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm
     qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm
     qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm
     qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm

- Scientific Linux Development Team

SciLinux: CVE-2012-3515 Important: qemu-kvm SL6.x x86_64

Important: qemu-kvm security update

Summary

Important: qemu-kvm security update



Security Fixes

Severity
Issued Date: : 2012-09-05
CVE Numbers: CVE-2012-3515
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved