| Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems that is built into the standard Red HatEnterprise Linux kernel. The qemu-kvm packages form the user-spacecomponent for running virtual machines using KVM.A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORTLUNS" command when more than 256 LUNs were specified for a single SCSItarget. A privileged guest user could use this flaw to corrupt QEMU processmemory on the host, which could potentially result in arbitrary codeexecution on the host with the privileges of the QEMU process.(CVE-2013-4344)This issue was discovered by Asias He of Red Hat.These updated qemu-kvm packages include numerous bug fixes and variousenhancements. Space precludes documenting all of these changes in thisadvisory. Users are directed to the Red Hat Enterprise Linux 6.5 TechnicalNotes, linked to in the References, for information on the most significantof these changes.All qemu-kvm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements. After installing this update, shut down all running virtualmachines. Once all virtual machines have shut down, start them again forthis update to take effect. |