Stay Secure with the Latest Linux Advisories

security advisoryimportant updatekvm

SciLinux: Important KVM Security Advisory for SL 5.4 x86_64

Important: kvm security and bug fix update. Date: Tue, 2 Mar 2010 11:58:32 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: kvm on SL5.4 x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Important: kvm security and bug fix update Issue date: 2010-03-01 CVE Names: CVE-2009-3722 CVE-2010-0419 CVE-2009-3722 KVM: Check cpl before emulating debug register access CVE-2010-0419 kvm: emulator privilege escalation segment selector check A flaw was found in the way the x86 emulator loaded segment selectors (used for memory segmentation and protection) into segment registers. In some guest system configurations, an unprivileged guest user could leverage this flaw to crash the guest or possibly escalate their privileges within the guest. (CVE-2010-0419) The x86 emulator implementation was missing a check for the Current Privilege Level (CPL) while accessing debug registers. An unprivileged user in a guest could leverage this flaw to crash the guest. (CVE-2009-3722) This update also fixes the following bugs: The return values of the bdrv_aio_write() and bdrv_aio_read() functions were ignored. If an immediate failure occurred in one of these functions, errors would be missed and the guest could hang or read corrupted data. (BZ#562776) The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. SL 5.x SRPMS: kvm-83-105.el5_4.27.src.rpm x86_64: kmod-kvm-83-105.el5_4.27.x86_64.rpm kvm-83-105.el5_4.27.x86_64.rpm kvm-qemu-img-83-105.el5_4.27.x86_64.rpm kvm-tools-83-105.el5_4.27.x86_64.rpm -Connie Sieh -Troy Dawson . Important KVM patch release addressesvulnerabilities and glitches in Scientific Linux 5.4 x86_64, ensuring improved protection for virtualized environments.. kvm security update, Scientific Linux 5.4, critical bug fix, emulator flaws, guest privilege escalation. . Severity: Important. LinuxSecurity.com Team

Mar 02, 2010 •Important Scientific Linux