qemu-kvm-0.12.1.2-2.209.AXS4.4

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware.

Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.

Security issues fixed with this release:

• CVE-2011-2527
• CVE-2011-4111
No information available at the time of writing, see the CVE link below.

• CVE-2012-0029
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

• No information available at the time of writing, see the CVE link below.

Fixed bugs:

• qemu-kvm scsi option can be used along the device option. Previously, when set to "off", it did not disable the scsi feature but just hid the feature bit, allowing for malicious users to ignore the feature bit and issue a request. This scsi=off" option can be used to mitigate the virtualization aspect of CVE-2011-4127 before installing the kernel from <A HREF="http://www.asianux.com/tsn_hq/index.php?m=errata&a=detail&eid=2720&sType... AXSA:2012-228:02</A>. If it is already installed, you can skip changing the scsi option.Other wise run the guests by invoking /usr/libexec/qemu-kvm directly and use the "-global virtio-blk-pci.scsi=off" option to apply the mitigation.

Enhancement:

• qemu-kvm is now built with full RELRO and PIE support.