Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 427
Alerts This Week
Warning Icon 1 427

Scientific Linux: SLSA-2013:1100-1 Critical: qemu-kvm Security Update

Scientific Large Esm H446
Important: qemu-kvm security update
Date: Mon, 22 Jul 2013 18:22:55 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: qemu-kvm on SL6.x i386/srpm/x86_64
MIME-Version: 1.0

Synopsis: Important: qemu-kvm security update
Advisory ID: SLSA-2013:1100-1
Issue Date: 2013-07-22
CVE Numbers: CVE-2013-2231
--

An unquoted search path flaw was found in the way the QEMU Guest Agent
service installation was performed on Windows. Depending on the
permissions of the directories in the unquoted search path, a local,
unprivileged user could use this flaw to have a binary of their choosing
executed with SYSTEM privileges. (CVE-2013-2231)

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL6
 x86_64
 qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.6.x86_64.rpm
 qemu-kvm-0.12.1.2-2.355.el6_4.6.x86_64.rpm
 qemu-guest-agent-0.12.1.2-2.355.el6_4.6.x86_64.rpm
 qemu-img-0.12.1.2-2.355.el6_4.6.x86_64.rpm
 qemu-kvm-tools-0.12.1.2-2.355.el6_4.6.x86_64.rpm
 qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm
 i386
 qemu-guest-agent-0.12.1.2-2.355.el6_4.6.i686.rpm
 qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.i686.rpm
 srpm
 qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm
 noarch
 qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.i686.rpm
 qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm

- Scientific Linux Development Team