Oval Definition:oval:com.redhat.rhsa:def:20151925
Revision Date:2015-10-22Version:636
Title:RHSA-2015:1925: kvm security update (Important)
Description:KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.

  • A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)

    Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.

    All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-5279
    RHSA-2015:1925
    RHSA-2015:1925-00
    RHSA-2015:1925-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • kmod-kvm is earlier than 0:83-274.el5_11
  • AND kmod-kvm is signed with Red Hat redhatrelease2 key
  • kmod-kvm-debug is earlier than 0:83-274.el5_11
  • AND kmod-kvm-debug is signed with Red Hat redhatrelease2 key
  • kvm is earlier than 0:83-274.el5_11
  • AND kvm is signed with Red Hat redhatrelease2 key
  • kvm-qemu-img is earlier than 0:83-274.el5_11
  • AND kvm-qemu-img is signed with Red Hat redhatrelease2 key
  • kvm-tools is earlier than 0:83-274.el5_11
  • AND kvm-tools is signed with Red Hat redhatrelease2 key
    • BACK