First published: Tue Apr 21 2015(Updated: )
KVM (Kernel-based Virtual Machine) is a full virtualization solution for<br>Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the<br>user-space component for running virtual machines using KVM.<br>It was found that the Cirrus blit region checks were insufficient. A<br>privileged guest user could use this flaw to write outside of VRAM-<br>allocated buffer boundaries in the host's QEMU process address space with<br>attacker-provided data. (CVE-2014-8106)<br>This issue was found by Paolo Bonzini of Red Hat.<br>This update also fixes the following bug:<br><li> Previously, the effective downtime during the last phase of a live</li> migration would sometimes be much higher than the maximum downtime<br>specified by 'migration_downtime' in vdsm.conf. This problem has been<br>corrected. The value of 'migration_downtime' is now honored and the<br>migration is aborted if the downtime cannot be achieved. (BZ#1142756)<br>All qemu-kvm users are advised to upgrade to these updated packages, which<br>contain a backported patch to correct this issue. After installing this<br>update, shut down all running virtual machines. Once all virtual machines<br>have shut down, start them again for this update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/qemu-kvm | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
redhat/qemu-guest-agent | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
redhat/qemu-img | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
redhat/qemu-kvm | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
redhat/qemu-kvm-debuginfo | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
redhat/qemu-kvm-tools | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
redhat/qemu-guest-agent | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
redhat/qemu-kvm-debuginfo | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.