Описание
ELSA-2016-1943: kvm security update (IMPORTANT)
[83-276.0.1.el5_11]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch
- Added kvm-Introduce-oel-machine-type.patch
[83-275.el5_11]
- kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359723]
- Resolves: bz#1359723 CVE-2016-5403 kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-5.11.z]
[kvm-83.275.el5]
- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1334173]
- Resolves: bz#1334173 CVE-2016-3710 kvm: qemu: incorrect banked access bounds checking in vga module [rhel-5.11.z]
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kmod-kvm
83-276.0.1.el5_11
kmod-kvm-debug
83-276.0.1.el5_11
kvm
83-276.0.1.el5_11
kvm-qemu-img
83-276.0.1.el5_11
kvm-tools
83-276.0.1.el5_11
Связанные CVE
Связанные уязвимости
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.