CentOS Errata and Security Advisory CESA-2015:1925
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.
A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)
Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.
All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2015-October/021444.html
Affected packages: kmod-kvm kmod-kvm-debug kvm kvm-qemu-img kvm-tools
Upstream details at: https://rhn.redhat.com/errata/RHSA-2015-1925.html