kvm-83-224.0.1.AXS3

エラータID: AXSA:2011-250:01

Release date: 
Friday, July 29, 2011 - 19:19
Subject: 
kvm-83-224.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Severity: 
High
Description: 

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware.
Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
Security issues fixed with this release:
CVE-2010-4525
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.
Fixed bugs:
See changelog

Solution: 

Update packages.

CVEs: 
CVE-2010-4525
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.


Additional Info: 

From Asianux Server 3 SP4.

Download: 

Asianux Server 3 for x86_64
  1. kmod-kvm-83-224.0.1.AXS3.x86_64.rpm
    MD5: 745c580fe0a84a2bf50b4469c7e878c1
    SHA-256: a684006c0909c3ced9220881b197fec19fb13d0c46fb53675d5eea75359006cc
    Size: 1.30 MB
  2. kvm-83-224.0.1.AXS3.x86_64.rpm
    MD5: 5a605132aca2f51d8250eaf929903cee
    SHA-256: 3983e96b3cdce5487ef28cc1cc24995b09fe2dfe92da69db81b3507756fa5581
    Size: 864.93 kB
  3. kvm-qemu-img-83-224.0.1.AXS3.x86_64.rpm
    MD5: e081a688136270254032668af35afa0b
    SHA-256: 495e1e915ad5b15b0a148246bbc44047d5c217fb80d3f4ac36623c852b942900
    Size: 175.87 kB
  4. kvm-tools-83-224.0.1.AXS3.x86_64.rpm
    MD5: bc174afdb9163895ee3d9c82e0e5dc6e
    SHA-256: 29676b711b5b1dfdc66b9111db5a05815060209b3174fe4349b5646839f135c8
    Size: 183.20 kB