Updated qemu-kvm packages that fix one security issue are now available forRed Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides theuser-space component for running virtual machines using KVM.A flaw was found in the way QEMU’s AMD PCnet Ethernet emulation handledmulti-TMD packets with a length above 4096 bytes. A privileged guest userin a guest with an AMD PCNet ethernet card enabled could potentially usethis flaw to execute arbitrary code on the host with the privileges of thehosting QEMU process. (CVE-2015-3209)Red Hat would like to thank Matt Tait of Google’s Project Zero securityteam for reporting this issue.All qemu-kvm users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
    MD5: 2bb4d139f0491a8ee2684929be41bf12SHA-256: a4b47ed8a884d64890808e55127ed08dafbb7fe0b24c2885bc1c891f5376669e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 0c65d3dbf207381cca7b1526d8b8a16dSHA-256: 49941c8e8bf4bb7b6791557ff17b5a21dbb548f961bdac4f2f181ca2c48ac57d
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 3bce86e41b292e1868ae0f704ddf9964SHA-256: 774eacf1673298bf5955c839b722c208259f1708a0e5d614fb0707ef382c70ec
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2661758c2e231969f4b36f8a72a88095SHA-256: c719cf62c96edeaf53ec0fafa59564629a6247d862b9fd3b8a9c96958d1656e2
qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 43798fed209638c4f04baadf9bf67439SHA-256: 347baa543210ba8af5395fd7d3e756dd843a338182cb90cf9b63b932630857a5
qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2b1fd4d74c3ede876374773eaf7190d1SHA-256: 268b1da5d5fd369bc7a3ffd0bf04108ac88a7a647de6d58116eff2fcbf183c80
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: d3774dae0c2b8423253228f1bd4c67c2SHA-256: 3db3c3a12bf06da618589368fc21ff51405103c03fbcd995587532fe7fb22e0c
qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: de4751fae309250e54f8322a62ac6174SHA-256: 265a2c18012f887e9079f43c399ae072ed8a8dd5df5eecd331be66132aa2ad6a
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
    MD5: 2bb4d139f0491a8ee2684929be41bf12SHA-256: a4b47ed8a884d64890808e55127ed08dafbb7fe0b24c2885bc1c891f5376669e
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2661758c2e231969f4b36f8a72a88095SHA-256: c719cf62c96edeaf53ec0fafa59564629a6247d862b9fd3b8a9c96958d1656e2
qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 43798fed209638c4f04baadf9bf67439SHA-256: 347baa543210ba8af5395fd7d3e756dd843a338182cb90cf9b63b932630857a5
qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2b1fd4d74c3ede876374773eaf7190d1SHA-256: 268b1da5d5fd369bc7a3ffd0bf04108ac88a7a647de6d58116eff2fcbf183c80
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: d3774dae0c2b8423253228f1bd4c67c2SHA-256: 3db3c3a12bf06da618589368fc21ff51405103c03fbcd995587532fe7fb22e0c
qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: de4751fae309250e54f8322a62ac6174SHA-256: 265a2c18012f887e9079f43c399ae072ed8a8dd5df5eecd331be66132aa2ad6a
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
    MD5: 2bb4d139f0491a8ee2684929be41bf12SHA-256: a4b47ed8a884d64890808e55127ed08dafbb7fe0b24c2885bc1c891f5376669e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 0c65d3dbf207381cca7b1526d8b8a16dSHA-256: 49941c8e8bf4bb7b6791557ff17b5a21dbb548f961bdac4f2f181ca2c48ac57d
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 3bce86e41b292e1868ae0f704ddf9964SHA-256: 774eacf1673298bf5955c839b722c208259f1708a0e5d614fb0707ef382c70ec
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2661758c2e231969f4b36f8a72a88095SHA-256: c719cf62c96edeaf53ec0fafa59564629a6247d862b9fd3b8a9c96958d1656e2
qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 43798fed209638c4f04baadf9bf67439SHA-256: 347baa543210ba8af5395fd7d3e756dd843a338182cb90cf9b63b932630857a5
qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2b1fd4d74c3ede876374773eaf7190d1SHA-256: 268b1da5d5fd369bc7a3ffd0bf04108ac88a7a647de6d58116eff2fcbf183c80
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: d3774dae0c2b8423253228f1bd4c67c2SHA-256: 3db3c3a12bf06da618589368fc21ff51405103c03fbcd995587532fe7fb22e0c
qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: de4751fae309250e54f8322a62ac6174SHA-256: 265a2c18012f887e9079f43c399ae072ed8a8dd5df5eecd331be66132aa2ad6a
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
    MD5: 2bb4d139f0491a8ee2684929be41bf12SHA-256: a4b47ed8a884d64890808e55127ed08dafbb7fe0b24c2885bc1c891f5376669e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 0c65d3dbf207381cca7b1526d8b8a16dSHA-256: 49941c8e8bf4bb7b6791557ff17b5a21dbb548f961bdac4f2f181ca2c48ac57d
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 3bce86e41b292e1868ae0f704ddf9964SHA-256: 774eacf1673298bf5955c839b722c208259f1708a0e5d614fb0707ef382c70ec
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2661758c2e231969f4b36f8a72a88095SHA-256: c719cf62c96edeaf53ec0fafa59564629a6247d862b9fd3b8a9c96958d1656e2
qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 43798fed209638c4f04baadf9bf67439SHA-256: 347baa543210ba8af5395fd7d3e756dd843a338182cb90cf9b63b932630857a5
qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2b1fd4d74c3ede876374773eaf7190d1SHA-256: 268b1da5d5fd369bc7a3ffd0bf04108ac88a7a647de6d58116eff2fcbf183c80
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: d3774dae0c2b8423253228f1bd4c67c2SHA-256: 3db3c3a12bf06da618589368fc21ff51405103c03fbcd995587532fe7fb22e0c
qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: de4751fae309250e54f8322a62ac6174SHA-256: 265a2c18012f887e9079f43c399ae072ed8a8dd5df5eecd331be66132aa2ad6a
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
    MD5: 2bb4d139f0491a8ee2684929be41bf12SHA-256: a4b47ed8a884d64890808e55127ed08dafbb7fe0b24c2885bc1c891f5376669e
 
IA-32:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 0c65d3dbf207381cca7b1526d8b8a16dSHA-256: 49941c8e8bf4bb7b6791557ff17b5a21dbb548f961bdac4f2f181ca2c48ac57d
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm
    MD5: 3bce86e41b292e1868ae0f704ddf9964SHA-256: 774eacf1673298bf5955c839b722c208259f1708a0e5d614fb0707ef382c70ec
 
x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2661758c2e231969f4b36f8a72a88095SHA-256: c719cf62c96edeaf53ec0fafa59564629a6247d862b9fd3b8a9c96958d1656e2
qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 43798fed209638c4f04baadf9bf67439SHA-256: 347baa543210ba8af5395fd7d3e756dd843a338182cb90cf9b63b932630857a5
qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: 2b1fd4d74c3ede876374773eaf7190d1SHA-256: 268b1da5d5fd369bc7a3ffd0bf04108ac88a7a647de6d58116eff2fcbf183c80
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: d3774dae0c2b8423253228f1bd4c67c2SHA-256: 3db3c3a12bf06da618589368fc21ff51405103c03fbcd995587532fe7fb22e0c
qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
    MD5: de4751fae309250e54f8322a62ac6174SHA-256: 265a2c18012f887e9079f43c399ae072ed8a8dd5df5eecd331be66132aa2ad6a
 
(The unlinked packages above are only available from the Red Hat Network)
1225882 – CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply