- Vulnerability/
- RHSA-2015:0891
RHSA-2015:0891: Important: qemu-kvm-rhev security update
First published: Tue Apr 28 2015(Updated: )
KVM (Kernel-based Virtual Machine) is a full virtualization solution for<br>Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the<br>user-space component for running virtual machines using KVM, in<br>environments managed by Red Hat Enterprise Linux OpenStack Platform.<br>It was found that the Cirrus blit region checks were insufficient.<br>A privileged guest user could use this flaw to write outside of<br>VRAM-allocated buffer boundaries in the host's QEMU process address space<br>with attacker-provided data. (CVE-2014-8106)<br>This issue was found by Paolo Bonzini of Red Hat.<br>All users of qemu-kvm-rhev are advised to upgrade to these updated<br>packages, which contain a backported patch to correct this issue. After<br>installing this update, shut down all running virtual machines. Once all<br>virtual machines have shut down, start them again for this update to take<br>effect.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/qemu-kvm-rhev | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
| redhat/qemu-img-rhev | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
| redhat/qemu-kvm-rhev | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
| redhat/qemu-kvm-rhev-debuginfo | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
| redhat/qemu-kvm-rhev-tools | <0.12.1.2-2.448.el6_6.2 | 0.12.1.2-2.448.el6_6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/redhat-errata
- anchor-id/RHSA-2015:0891
- agent/title
- agent/references
- agent/severity
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- package-manager/redhat