(RHSA-2015:1896) Important: qemu-kvm-rhev security update

2015-10-15T16:09:44
ID RHSA-2015:1896
Type redhat
Reporter RedHat
Modified 2018-06-07T02:48:06

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM.

A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)

Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.

All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down and restart all running virtual machines for this update to take effect.