Scientific Linux: SLSA-2015:1087-1 Important qemu-kvm Code Execution Risk

Jun 10, 2015 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory security issue update code execution important qemu-kvm scientific linux

Important: qemu-kvm security update

Date: Wed, 10 Jun 2015 20:45:53 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: qemu-kvm security update
Advisory ID: SLSA-2015:1087-1
Issue Date: 2015-06-10
CVE Numbers: CVE-2015-3209
--

A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled
multi-TMD packets with a length above 4096 bytes. A privileged guest user
in a guest with an AMD PCNet ethernet card enabled could potentially use
this flaw to execute arbitrary code on the host with the privileges of the
hosting QEMU process. (CVE-2015-3209)

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL6
 x86_64
 qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm
 qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm
 qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm
 qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm
 qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
 i386
 qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm
 qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here