Scientific Linux SL5.x SLSA-2015:1003-1 Important: KVM Out-of-Bounds Access

Date: Tue, 5 May 2015 09:09:25 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
nspr-4.10.8-1.el5_11.i386.rpm
nspr-devel-4.10.8-1.el5_11.i386.rpm

x86_64:
nspr-4.10.8-1.el5_11.i386.rpm
nspr-4.10.8-1.el5_11.x86_64.rpm
nspr-devel-4.10.8-1.el5_11.i386.rpm
nspr-devel-4.10.8-1.el5_11.x86_64.rpm
Date: Tue, 5 May 2015 09:16:06 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
dracut-004-356.el6_6.2.noarch.rpm
dracut-caps-004-356.el6_6.2.noarch.rpm
dracut-fips-004-356.el6_6.2.noarch.rpm
dracut-fips-aesni-004-356.el6_6.2.noarch.rpm
dracut-generic-004-356.el6_6.2.noarch.rpm
dracut-kernel-004-356.el6_6.2.noarch.rpm
dracut-network-004-356.el6_6.2.noarch.rpm
dracut-tools-004-356.el6_6.2.noarch.rpm
libsoup-2.34.3-3.el6_6.i686.rpm
libsoup-devel-2.34.3-3.el6_6.i686.rpm
libvirt-0.10.2-46.el6_6.6.i686.rpm
libvirt-client-0.10.2-46.el6_6.6.i686.rpm
libvirt-devel-0.10.2-46.el6_6.6.i686.rpm
libvirt-python-0.10.2-46.el6_6.6.i686.rpm
nspr-4.10.8-1.el6_6.i686.rpm
nspr-devel-4.10.8-1.el6_6.i686.rpm
nss-3.18.0-5.3.el6_6.i686.rpm
nss-devel-3.18.0-5.3.el6_6.i686.rpm
nss-pkcs11-devel-3.18.0-5.3.el6_6.i686.rpm
nss-sysinit-3.18.0-5.3.el6_6.i686.rpm
nss-tools-3.18.0-5.3.el6_6.i686.rpm
nss-util-3.18.0-1.el6_6.i686.rpm
nss-util-devel-3.18.0-1.el6_6.i686.rpm

x86_64:
dracut-004-356.el6_6.2.noarch.rpm
dracut-caps-004-356.el6_6.2.noarch.rpm
dracut-fips-004-356.el6_6.2.noarch.rpm
dracut-fips-aesni-004-356.el6_6.2.noarch.rpm
dracut-generic-004-356.el6_6.2.noarch.rpm
dracut-kernel-004-356.el6_6.2.noarch.rpm
dracut-network-004-356.el6_6.2.noarch.rpm
dracut-tools-004-356.el6_6.2.noarch.rpm
libsoup-2.34.3-3.el6_6.i686.rpm
libsoup-2.34.3-3.el6_6.x86_64.rpm
libsoup-devel-2.34.3-3.el6_6.i686.rpm
libsoup-devel-2.34.3-3.el6_6.x86_64.rpm
libvirt-0.10.2-46.el6_6.6.x86_64.rpm
libvirt-client-0.10.2-46.el6_6.6.i686.rpm
libvirt-client-0.10.2-46.el6_6.6.x86_64.rpm
libvirt-devel-0.10.2-46.el6_6.6.i686.rpm
libvirt-devel-0.10.2-46.el6_6.6.x86_64.rpm
libvirt-lock-sanlock-0.10.2-46.el6_6.6.x86_64.rpm
libvirt-python-0.10.2-46.el6_6.6.x86_64.rpm
nspr-4.10.8-1.el6_6.i686.rpm
nspr-4.10.8-1.el6_6.x86_64.rpm
nspr-devel-4.10.8-1.el6_6.i686.rpm
nspr-devel-4.10.8-1.el6_6.x86_64.rpm
nss-3.18.0-5.3.el6_6.i686.rpm
nss-3.18.0-5.3.el6_6.x86_64.rpm
nss-devel-3.18.0-5.3.el6_6.i686.rpm
nss-devel-3.18.0-5.3.el6_6.x86_64.rpm
nss-pkcs11-devel-3.18.0-5.3.el6_6.i686.rpm
nss-pkcs11-devel-3.18.0-5.3.el6_6.x86_64.rpm
nss-sysinit-3.18.0-5.3.el6_6.x86_64.rpm
nss-tools-3.18.0-5.3.el6_6.x86_64.rpm
nss-util-3.18.0-1.el6_6.i686.rpm
nss-util-3.18.0-1.el6_6.x86_64.rpm
nss-util-devel-3.18.0-1.el6_6.i686.rpm
nss-util-devel-3.18.0-1.el6_6.x86_64.rpm
Date: Tue, 5 May 2015 10:01:47 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

x86_64:
tzdata-2015d-1.el7.noarch.rpm
tzdata-java-2015d-1.el7.noarch.rpm
yum-conf-repos-1.0-1.el7.noarch.rpm
Date: Tue, 12 May 2015 09:36:26 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
nfs-utils-1.0.9-71.el5_11.i386.rpm
nss-3.18.0-6.el5_11.i386.rpm
nss-devel-3.18.0-6.el5_11.i386.rpm
nss-pkcs11-devel-3.18.0-6.el5_11.i386.rpm
nss-tools-3.18.0-6.el5_11.i386.rpm
openssl-0.9.8e-34.el5_11.i386.rpm
openssl-0.9.8e-34.el5_11.i686.rpm
openssl-devel-0.9.8e-34.el5_11.i386.rpm
openssl-perl-0.9.8e-34.el5_11.i386.rpm

x86_64:
nfs-utils-1.0.9-71.el5_11.x86_64.rpm
nss-3.18.0-6.el5_11.i386.rpm
nss-3.18.0-6.el5_11.x86_64.rpm
nss-devel-3.18.0-6.el5_11.i386.rpm
nss-devel-3.18.0-6.el5_11.x86_64.rpm
nss-pkcs11-devel-3.18.0-6.el5_11.i386.rpm
nss-pkcs11-devel-3.18.0-6.el5_11.x86_64.rpm
nss-tools-3.18.0-6.el5_11.x86_64.rpm
openssl-0.9.8e-34.el5_11.i686.rpm
openssl-0.9.8e-34.el5_11.x86_64.rpm
openssl-devel-0.9.8e-34.el5_11.i386.rpm
openssl-devel-0.9.8e-34.el5_11.x86_64.rpm
openssl-perl-0.9.8e-34.el5_11.x86_64.rpm
Date: Tue, 12 May 2015 09:56:18 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
cmirror-2.02.111-2.el6_6.2.i686.rpm
device-mapper-1.02.90-2.el6_6.2.i686.rpm
device-mapper-devel-1.02.90-2.el6_6.2.i686.rpm
device-mapper-event-1.02.90-2.el6_6.2.i686.rpm
device-mapper-event-devel-1.02.90-2.el6_6.2.i686.rpm
device-mapper-event-libs-1.02.90-2.el6_6.2.i686.rpm
device-mapper-libs-1.02.90-2.el6_6.2.i686.rpm
lvm2-2.02.111-2.el6_6.2.i686.rpm
lvm2-cluster-2.02.111-2.el6_6.2.i686.rpm
lvm2-devel-2.02.111-2.el6_6.2.i686.rpm
lvm2-libs-2.02.111-2.el6_6.2.i686.rpm
resource-agents-3.9.5-12.el6_6.5.i686.rpm

x86_64:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
cmirror-2.02.111-2.el6_6.2.x86_64.rpm
device-mapper-1.02.90-2.el6_6.2.x86_64.rpm
device-mapper-devel-1.02.90-2.el6_6.2.i686.rpm
device-mapper-devel-1.02.90-2.el6_6.2.x86_64.rpm
device-mapper-event-1.02.90-2.el6_6.2.x86_64.rpm
device-mapper-event-devel-1.02.90-2.el6_6.2.i686.rpm
device-mapper-event-devel-1.02.90-2.el6_6.2.x86_64.rpm
device-mapper-event-libs-1.02.90-2.el6_6.2.i686.rpm
device-mapper-event-libs-1.02.90-2.el6_6.2.x86_64.rpm
device-mapper-libs-1.02.90-2.el6_6.2.i686.rpm
device-mapper-libs-1.02.90-2.el6_6.2.x86_64.rpm
lvm2-2.02.111-2.el6_6.2.x86_64.rpm
lvm2-cluster-2.02.111-2.el6_6.2.x86_64.rpm
lvm2-devel-2.02.111-2.el6_6.2.i686.rpm
lvm2-devel-2.02.111-2.el6_6.2.x86_64.rpm
lvm2-libs-2.02.111-2.el6_6.2.i686.rpm
lvm2-libs-2.02.111-2.el6_6.2.x86_64.rpm
resource-agents-3.9.5-12.el6_6.5.x86_64.rpm
Date: Tue, 12 May 2015 11:16:14 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

x86_64:
ca-certificates-2015.2.4-70.0.el7_1.noarch.rpm
crash-7.0.9-5.el7_1.x86_64.rpm
crash-devel-7.0.9-5.el7_1.i686.rpm
crash-devel-7.0.9-5.el7_1.x86_64.rpm
hwdata-0.252-7.8.el7_1.x86_64.rpm
libblkid-2.23.2-22.el7_1.i686.rpm
libblkid-2.23.2-22.el7_1.x86_64.rpm
libblkid-devel-2.23.2-22.el7_1.i686.rpm
libblkid-devel-2.23.2-22.el7_1.x86_64.rpm
libgcrypt-1.5.3-12.el7_1.1.i686.rpm
libgcrypt-1.5.3-12.el7_1.1.x86_64.rpm
libgcrypt-devel-1.5.3-12.el7_1.1.i686.rpm
libgcrypt-devel-1.5.3-12.el7_1.1.x86_64.rpm
libmount-2.23.2-22.el7_1.i686.rpm
libmount-2.23.2-22.el7_1.x86_64.rpm
libmount-devel-2.23.2-22.el7_1.i686.rpm
libmount-devel-2.23.2-22.el7_1.x86_64.rpm
libqb-0.17.1-1.el7_1.2.i686.rpm
libqb-0.17.1-1.el7_1.2.x86_64.rpm
libqb-devel-0.17.1-1.el7_1.2.i686.rpm
libqb-devel-0.17.1-1.el7_1.2.x86_64.rpm
libuuid-2.23.2-22.el7_1.i686.rpm
libuuid-2.23.2-22.el7_1.x86_64.rpm
libuuid-devel-2.23.2-22.el7_1.i686.rpm
libuuid-devel-2.23.2-22.el7_1.x86_64.rpm
nspr-4.10.8-1.el7_1.i686.rpm
nspr-4.10.8-1.el7_1.x86_64.rpm
nspr-devel-4.10.8-1.el7_1.i686.rpm
nspr-devel-4.10.8-1.el7_1.x86_64.rpm
nss-3.18.0-2.2.el7_1.i686.rpm
nss-3.18.0-2.2.el7_1.x86_64.rpm
nss-devel-3.18.0-2.2.el7_1.i686.rpm
nss-devel-3.18.0-2.2.el7_1.x86_64.rpm
nss-pkcs11-devel-3.18.0-2.2.el7_1.i686.rpm
nss-pkcs11-devel-3.18.0-2.2.el7_1.x86_64.rpm
nss-sysinit-3.18.0-2.2.el7_1.x86_64.rpm
nss-tools-3.18.0-2.2.el7_1.x86_64.rpm
nss-util-3.18.0-1.el7_1.i686.rpm
nss-util-3.18.0-1.el7_1.x86_64.rpm
nss-util-devel-3.18.0-1.el7_1.i686.rpm
nss-util-devel-3.18.0-1.el7_1.x86_64.rpm
pacemaker-1.1.12-22.el7_1.2.x86_64.rpm
pacemaker-cli-1.1.12-22.el7_1.2.x86_64.rpm
pacemaker-cluster-libs-1.1.12-22.el7_1.2.i686.rpm
pacemaker-cluster-libs-1.1.12-22.el7_1.2.x86_64.rpm
pacemaker-cts-1.1.12-22.el7_1.2.x86_64.rpm
pacemaker-doc-1.1.12-22.el7_1.2.x86_64.rpm
pacemaker-libs-1.1.12-22.el7_1.2.i686.rpm
pacemaker-libs-1.1.12-22.el7_1.2.x86_64.rpm
pacemaker-libs-devel-1.1.12-22.el7_1.2.i686.rpm
pacemaker-libs-devel-1.1.12-22.el7_1.2.x86_64.rpm
pacemaker-remote-1.1.12-22.el7_1.2.x86_64.rpm
rsh-0.17-76.el7_1.1.x86_64.rpm
rsh-server-0.17-76.el7_1.1.x86_64.rpm
systemtap-2.6-10.el7_1.x86_64.rpm
systemtap-client-2.6-10.el7_1.x86_64.rpm
systemtap-devel-2.6-10.el7_1.x86_64.rpm
systemtap-initscript-2.6-10.el7_1.x86_64.rpm
systemtap-runtime-2.6-10.el7_1.x86_64.rpm
systemtap-runtime-java-2.6-10.el7_1.x86_64.rpm
systemtap-runtime-virtguest-2.6-10.el7_1.x86_64.rpm
systemtap-runtime-virthost-2.6-10.el7_1.x86_64.rpm
systemtap-sdt-devel-2.6-10.el7_1.i686.rpm
systemtap-sdt-devel-2.6-10.el7_1.x86_64.rpm
systemtap-server-2.6-10.el7_1.x86_64.rpm
systemtap-testsuite-2.6-10.el7_1.x86_64.rpm
util-linux-2.23.2-22.el7_1.i686.rpm
util-linux-2.23.2-22.el7_1.x86_64.rpm
uuidd-2.23.2-22.el7_1.x86_64.rpm
Date: Wed, 13 May 2015 15:14:39 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: kvm on SL5.x x86_64
MIME-Version: 1.0

Synopsis: Important: kvm security update
Advisory ID: SLSA-2015:1003-1
Issue Date: 2015-05-13
CVE Numbers: CVE-2015-3456
--

An out-of-bounds memory access flaw was found in the way QEMU's virtual
Floppy Disk Controller (FDC) handled FIFO buffer access while processing
certain FDC commands. A privileged guest user could use this flaw to crash
the guest or, potentially, execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest.
(CVE-2015-3456)

Note: The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.
--

SL5
 x86_64
 kmod-kvm-83-272.el5_11.x86_64.rpm
 kmod-kvm-debug-83-272.el5_11.x86_64.rpm
 kvm-83-272.el5_11.x86_64.rpm
 kvm-debuginfo-83-272.el5_11.x86_64.rpm
 kvm-qemu-img-83-272.el5_11.x86_64.rpm
 kvm-tools-83-272.el5_11.x86_64.rpm

- Scientific Linux Development Team