Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 8 Jun 2016 21:17:28 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Kevin Hill Subject: Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: <20160608211728.19339.73367@slpackages.fnal.gov> Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2016:0997-1 Issue Date: 2016-05-10 CVE Numbers: CVE-2016-3710 -- Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) -- SL6 x86_64 qemu-guest-agent-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.1.x86_64.rpm i386 qemu-guest-agent-0.12.1.2-2.491.el6_8.1.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.1.i686.rpm - Scientific Linux Development Team