Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 596
Alerts This Week
Warning Icon 1 596

Scientific Linux: SLSA-2013:1553-2 Critical: QEMU-KVM Buffer Overflow

Scientific Large Esm H446
Important: qemu-kvm security, bug fix, and enhancement update
Date: Mon, 9 Dec 2013 16:02:03 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: qemu-kvm security, bug fix, and enhancement update
Advisory ID: SLSA-2013:1553-2
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-4344
--

A buffer overflow flaw was found in the way QEMU processed the SCSI
"REPORT LUNS" command when more than 256 LUNs were specified for a single
SCSI target. A privileged guest user could use this flaw to corrupt QEMU
process memory on the host, which could potentially result in arbitrary
code execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL6
 x86_64
 qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm
 qemu-img-0.12.1.2-2.415.el6.x86_64.rpm
 qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm
 qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm
 qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm
 i386
 qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm
 qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm

- Scientific Linux Development Team