Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux: SLSA-2016:1943-1 Important KVM Security Update

Calendar Sep 28, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory important memory allocation x86_64 out-of-bounds kvm scientific linux
Important: kvm security update 
Date: Wed, 28 Sep 2016 20:05:54 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Kevin Hill 
Subject: Security ERRATA Important: kvm on SL5.x x86_64
MIME-Version: 1.0
Message-ID: <20160928200554.12509.27279@slpackages.fnal.gov>

Synopsis: Important: kvm security update
Advisory ID: SLSA-2016:1943-1
Issue Date: 2016-09-27
CVE Numbers: CVE-2016-3710
 CVE-2016-5403
--

Security Fix(es):

* An out-of-bounds read/write access flaw was found in the way QEMU's VGA
emulation with VESA BIOS Extensions (VBE) support performed read/write
operations using I/O port methods. A privileged guest user could use this
flaw to execute arbitrary code on the host with the privileges of the
host's QEMU process. (CVE-2016-3710)

* Quick Emulator(QEMU) built with the virtio framework is vulnerable to an
unbounded memory allocation issue. It was found that a malicious guest
user could submit more requests than the virtqueue size permits.
Processing a request allocates a VirtQueueElement results in unbounded
memory allocation on the host controlled by the guest. (CVE-2016-5403)
--

SL5
 x86_64
 kmod-kvm-83-276.el5_11.x86_64.rpm
 kmod-kvm-debug-83-276.el5_11.x86_64.rpm
 kvm-83-276.el5_11.x86_64.rpm
 kvm-debuginfo-83-276.el5_11.x86_64.rpm
 kvm-qemu-img-83-276.el5_11.x86_64.rpm
 kvm-tools-83-276.el5_11.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here