Updated qemu-kvm packages that fix one security issue are now available forRed Hat Enterprise Linux 6.5 Extended Update Support.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides theuser-space component for running virtual machines using KVM.An out-of-bounds memory access flaw was found in the way QEMU’s virtualFloppy Disk Controller (FDC) handled FIFO buffer access while processingcertain FDC commands. A privileged guest user could use this flaw to crashthe guest or, potentially, execute arbitrary code on the host with theprivileges of the host’s QEMU process corresponding to the guest.(CVE-2015-3456)Red Hat would like to thank Jason Geffner of CrowdStrike for reportingthis issue.All qemu-kvm users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
qemu-kvm-0.12.1.2-2.415.el6_5.15.src.rpm
    MD5: 15819736dbcb7929b34e27060569a175SHA-256: 6e794dbb7278ceff054035926469c18d47b9c1c7fd21fde0e60dbb3a26cc6003
 
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: 350891ca35e2e1de4411eb34f4838a13SHA-256: d21177d9996dc3a1c703f3f0cc8579b4e3644db3b814640e3e82d9b0fec9cb65
qemu-img-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: 98791ba57875076c2e21fd7202e612c1SHA-256: 55eec1d7867a267c0473bcf87772cf6235054bd10229a3b5ec3f566b565ca46c
qemu-kvm-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: a997dac33a9eb130cc32e4df4c4a6cd5SHA-256: 5683c4ce4be4c2e08e0f6380faa1484423649e007d0ce9fc1857682e4301b957
qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: c454a67b29e39ddf203394eff34ca77eSHA-256: 3a2e74d236f7918401312922ba78a8a7097a45197adc74b32d856ffc90c5d2b8
qemu-kvm-tools-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: bd4cb434030fedc4062a4e5c0d774281SHA-256: 21910c7a1d66defae7f4dd3287c4b009dc722ec59a1def620693adcc06e6c612
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
qemu-kvm-0.12.1.2-2.415.el6_5.15.src.rpm
    MD5: 15819736dbcb7929b34e27060569a175SHA-256: 6e794dbb7278ceff054035926469c18d47b9c1c7fd21fde0e60dbb3a26cc6003
 
IA-32:
qemu-guest-agent-0.12.1.2-2.415.el6_5.15.i686.rpm
    MD5: e7c4e1eccd4b3e46aac1d65fad6ba2faSHA-256: e324b42074605085561a7ac3d818ad1dc3f4a8d96b040e26aa23ed17d33af467
qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.i686.rpm
    MD5: f4863271125c23d528d66c4f4d43190eSHA-256: ebcb57a27d1e07340d2941ca47e7749d14fcf966e17422be56bf983029235edf
 
x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: 350891ca35e2e1de4411eb34f4838a13SHA-256: d21177d9996dc3a1c703f3f0cc8579b4e3644db3b814640e3e82d9b0fec9cb65
qemu-img-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: 98791ba57875076c2e21fd7202e612c1SHA-256: 55eec1d7867a267c0473bcf87772cf6235054bd10229a3b5ec3f566b565ca46c
qemu-kvm-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: a997dac33a9eb130cc32e4df4c4a6cd5SHA-256: 5683c4ce4be4c2e08e0f6380faa1484423649e007d0ce9fc1857682e4301b957
qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: c454a67b29e39ddf203394eff34ca77eSHA-256: 3a2e74d236f7918401312922ba78a8a7097a45197adc74b32d856ffc90c5d2b8
qemu-kvm-tools-0.12.1.2-2.415.el6_5.15.x86_64.rpm
    MD5: bd4cb434030fedc4062a4e5c0d774281SHA-256: 21910c7a1d66defae7f4dd3287c4b009dc722ec59a1def620693adcc06e6c612
 
(The unlinked packages above are only available from the Red Hat Network)
1218611 – CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply