RHSA-2010:0271: Important: kvm security, bug fix and enhancement update

First published: Tue Mar 30 2010(Updated: )

KVM (Kernel-based Virtual Machine) is a full virtualization solution for<br>Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for<br>the standard Red Hat Enterprise Linux kernel.<br>A flaw was found in the way QEMU-KVM handled erroneous data provided by<br>the Linux virtio-net driver, used by guest operating systems. Due to a<br>deficiency in the TSO (TCP segment offloading) implementation, a guest's<br>virtio-net driver would transmit improper data to a certain QEMU-KVM<br>process on the host, causing the guest to crash. A remote attacker could<br>use this flaw to send specially-crafted data to a target guest system,<br>causing that guest to crash. (CVE-2010-0741)<br>Additionally, these updated packages include numerous bug fixes and<br>enhancements. Refer to the KVM chapter of the Red Hat Enterprise Linux 5.5<br>Technical Notes for details:<br><a href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kvm.html" target="_blank">http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kvm.html</a> All KVM users should upgrade to these updated packages, which resolve this<br>issue as well as fixing the bugs and adding the enhancements noted in the<br>Technical Notes. Note: The procedure in the Solution section must be<br>performed before this update will take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/severity
• agent/type
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0271
• agent/software-canonical-lookup
• agent/remedy
• agent/title
• agent/description
• agent/event
• agent/trending
• agent/tags
• agent/source
• package-manager/redhat