Details

Updated kvm packages that fix one security issue are now available for RedHat Enterprise Linux 5.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems.A flaw was found in the way QEMU’s AMD PCnet Ethernet emulation handledmulti-TMD packets with a length above 4096 bytes. A privileged guest userin a guest with an AMD PCNet ethernet card enabled could potentially usethis flaw to execute arbitrary code on the host with the privileges of thehosting QEMU process. (CVE-2015-3209)Red Hat would like to thank Matt Tait of Google’s Project Zero securityteam for reporting this issue.All kvm users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. Note: The procedure inthe Solution section must be performed before this update will take effect.

Solution
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258The following procedure must be performed before this update will takeeffect:1) Stop all KVM guest virtual machines.2) Either reboot the hypervisor machine or, as the root user, remove (using”modprobe -r [module]”) and reload (using “modprobe [module]”) all of thefollowing modules which are currently running (determined using “lsmod”):kvm, ksm, kvm-intel or kvm-amd.3) Restart the KVM guest virtual machines.
Updated packages

RHEL Desktop Multi OS (v. 5 client)

SRPMS:
kvm-83-273.el5_11.src.rpm
    MD5: f7c4ed24c6eeb62156ddb746a735d928SHA-256: 0526e97934c39fced6075b37d9828f85b0387cb329b40a65fee540544fd0ea8d
 
x86_64:
kmod-kvm-83-273.el5_11.x86_64.rpm
    MD5: 2cb7614b814b79bf9caa3b994ac6939bSHA-256: 40b01c448b84068851f909086e217bbb3ccd30b420fa89a53348eaf7f05bfcf2
kmod-kvm-debug-83-273.el5_11.x86_64.rpm
    MD5: 1f6be9dae01c74f07668fd0abaf6ed7eSHA-256: 8f5f11493fce738cabf4ae645e2bbf8f40b71bdf5d6262c3e66ff4fa2075c81f
kvm-83-273.el5_11.x86_64.rpm
    MD5: 773b1c73e545e32dac14d178886875aeSHA-256: 9a76a58eaa44daca95ac2149f2de8476cfedd0fdc1300a6174835c5e8554f541
kvm-debuginfo-83-273.el5_11.x86_64.rpm
    MD5: 7a3d02ebe4c4086b03940be57a3e49cfSHA-256: 1ff29b712595ccb95337e3d126c9d2fe2a168248f731ec8e7caaec938352bb1c
kvm-qemu-img-83-273.el5_11.x86_64.rpm
    MD5: 669ad039d3bbe0b8a8d0f14cc89d8b09SHA-256: 05dadbc8c6cedf606773c4b2ab50eaa08905dab7ee8b5125b5f0b44464db8be6
kvm-tools-83-273.el5_11.x86_64.rpm
    MD5: ce552bdc347a2b395576d919d8b3d7c2SHA-256: 593aaa7fcec22dc02b42cf384bed5d606ed47c9d4427d4344855c9da6dacd298
 
RHEL Virtualization (v. 5 server)

SRPMS:
kvm-83-273.el5_11.src.rpm
    MD5: f7c4ed24c6eeb62156ddb746a735d928SHA-256: 0526e97934c39fced6075b37d9828f85b0387cb329b40a65fee540544fd0ea8d
 
x86_64:
kmod-kvm-83-273.el5_11.x86_64.rpm
    MD5: 2cb7614b814b79bf9caa3b994ac6939bSHA-256: 40b01c448b84068851f909086e217bbb3ccd30b420fa89a53348eaf7f05bfcf2
kmod-kvm-debug-83-273.el5_11.x86_64.rpm
    MD5: 1f6be9dae01c74f07668fd0abaf6ed7eSHA-256: 8f5f11493fce738cabf4ae645e2bbf8f40b71bdf5d6262c3e66ff4fa2075c81f
kvm-83-273.el5_11.x86_64.rpm
    MD5: 773b1c73e545e32dac14d178886875aeSHA-256: 9a76a58eaa44daca95ac2149f2de8476cfedd0fdc1300a6174835c5e8554f541
kvm-debuginfo-83-273.el5_11.x86_64.rpm
    MD5: 7a3d02ebe4c4086b03940be57a3e49cfSHA-256: 1ff29b712595ccb95337e3d126c9d2fe2a168248f731ec8e7caaec938352bb1c
kvm-qemu-img-83-273.el5_11.x86_64.rpm
    MD5: 669ad039d3bbe0b8a8d0f14cc89d8b09SHA-256: 05dadbc8c6cedf606773c4b2ab50eaa08905dab7ee8b5125b5f0b44464db8be6
kvm-tools-83-273.el5_11.x86_64.rpm
    MD5: ce552bdc347a2b395576d919d8b3d7c2SHA-256: 593aaa7fcec22dc02b42cf384bed5d606ed47c9d4427d4344855c9da6dacd298
 
(The unlinked packages above are only available from the Red Hat Network)Bugs fixed (see bugzilla for more information)

1225882 – CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path

References

https://www.redhat.com/security/data/cve/CVE-2015-3209.htmlhttps://access.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/

Leave a Reply