KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM.
A heap buffer overflow flaw was found in the way QEMU’s NE2000 NIC
emulation implementation handled certain packets received over the
network. A privileged user inside a guest could use this flaw to crash the
QEMU instance (denial of service) or potentially execute arbitrary code on
the host. (CVE-2015-5279)
Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting
this issue.
All users of qemu-kvm-rhev are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing this update, shut down and restart all running virtual machines
for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | qemu-kvm-rhev | < 0.12.1.2-2.479.el6_7.2 | qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.src.rpm |
RedHat | 6 | x86_64 | qemu-img-rhev | < 0.12.1.2-2.479.el6_7.2 | qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm |
RedHat | 6 | x86_64 | qemu-kvm-rhev-debuginfo | < 0.12.1.2-2.479.el6_7.2 | qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm |
RedHat | 6 | x86_64 | qemu-kvm-rhev-tools | < 0.12.1.2-2.479.el6_7.2 | qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm |
RedHat | 6 | x86_64 | qemu-kvm-rhev | < 0.12.1.2-2.479.el6_7.2 | qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm |