Scientific Linux 7: SLSA-2016:0083-1 Important QEMU-KVM Update

Date: Thu, 28 Jan 2016 20:20:15 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: qemu-kvm on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160128202015.4612.28603@slpackages.fnal.gov>

Synopsis: Important: qemu-kvm security and bug fix update
Advisory ID: SLSA-2016:0083-1
Issue Date: 2016-01-28
CVE Numbers: CVE-2016-1714
--

An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware
Configuration device emulation processed certain firmware configurations.
A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the
QEMU process instance or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2016-1714)

This update also fixes the following bugs:

* Incorrect handling of the last sector of an image file could trigger an
assertion failure in qemu-img. This update changes the handling of the
last sector, and no assertion failure occurs.

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--

SL7
 x86_64
 libcacard-1.5.3-105.el7_2.3.i686.rpm
 libcacard-1.5.3-105.el7_2.3.x86_64.rpm
 qemu-img-1.5.3-105.el7_2.3.x86_64.rpm
 qemu-kvm-1.5.3-105.el7_2.3.x86_64.rpm
 qemu-kvm-common-1.5.3-105.el7_2.3.x86_64.rpm
 qemu-kvm-debuginfo-1.5.3-105.el7_2.3.i686.rpm
 qemu-kvm-debuginfo-1.5.3-105.el7_2.3.x86_64.rpm
 qemu-kvm-tools-1.5.3-105.el7_2.3.x86_64.rpm
 libcacard-devel-1.5.3-105.el7_2.3.i686.rpm
 libcacard-devel-1.5.3-105.el7_2.3.x86_64.rpm
 libcacard-tools-1.5.3-105.el7_2.3.x86_64.rpm

- Scientific Linux Development Team
lastline