kmod, kvm security update

ID CESA-2015:1925
Type centos
Reporter CentOS Project
Modified 2015-10-22T19:35:05


CentOS Errata and Security Advisory CESA-2015:1925

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.

A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)

Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.

All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.

Merged security bulletin from advisories:

Affected packages: kmod-kvm kmod-kvm-debug kvm kvm-qemu-img kvm-tools

Upstream details at: