Описание
Security update for kvm
kvm was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
kvm-1.4.2-32.1
SUSE Linux Enterprise Server 11 SP4
kvm-1.4.2-32.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
kvm-1.4.2-32.1
Ссылки
- Link for SUSE-SU-2015:1455-1
- E-Mail link for SUSE-SU-2015:1455-1
- SUSE Security Ratings
- SUSE Bug 938344
- SUSE CVE CVE-2015-5154 page
Описание
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1
SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1
Ссылки
- CVE-2015-5154
- SUSE Bug 938344
- SUSE Bug 950367