Red Hat Local Security Checks : RedHat Security Advisory RHSA-2012:0050

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.70662

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2012:0050

Summary: Redhat Security Advisory RHSA-2012:0050

Description: The remote host is missing updates announced in
advisory RHSA-2012:0050.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000
network interface card. A privileged guest user in a virtual machine whose
network interface is configured to use the e1000 emulated driver could use
this flaw to crash the host or, possibly, escalate their privileges on the
host. (CVE-2012-0029)

Red Hat would like to thank Nicolae Mogoreanu for reporting this issue.

This update also fixes the following bug:

* qemu-kvm has a scsi option, to be used, for example, with the
-device option: -device virtio-blk-pci,drive=[drive name],scsi=off.
Previously, however, it only masked the feature bit, and did not reject
SCSI commands if a malicious guest ignored the feature bit and issued a
request. This update corrects this issue. The scsi=off option can be
used to mitigate the virtualization aspect of CVE-2011-4127 before the
RHSA-2011:1849 kernel update is installed on the host.

This mitigation is only required if you do not have the RHSA-2011:1849
kernel update installed on the host and you are using raw format virtio
disks backed by a partition or LVM volume.

If you run guests by invoking /usr/libexec/qemu-kvm directly, use the
-global virtio-blk-pci.scsi=off option to apply the mitigation. If you
are using libvirt, as recommended by Red Hat, and have the RHBA-2012:0013
libvirt update installed, no manual action is required: guests will
automatically use scsi=off. (BZ#767721)

Note: After installing the RHSA-2011:1849 kernel update, SCSI requests
issued by guests via the SG_IO IOCTL will not be passed to the underlying
block device when using raw format virtio disks backed by a partition or
LVM volume, even if scsi=on is used.

As well, this update adds the following enhancement:

* Prior to this update, qemu-kvm was not built with RELRO or PIE support.
qemu-kvm is now built with full RELRO and PIE support as a security
enhancement. (BZ#767906)

All users of qemu-kvm should upgrade to these updated packages, which
correct these issues and add this enhancement. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-0050.html

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0029
https://bugzilla.redhat.com/show_bug.cgi?id=772075
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://www.redhat.com/support/errata/RHSA-2012-0050.html
RedHat Security Advisories: RHSA-2012:0370
http://rhn.redhat.com/errata/RHSA-2012-0370.html
SuSE Security Announcement: openSUSE-SU-2012:0207 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
SuSE Security Announcement: SUSE-SU-2012:1320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
http://www.ubuntu.com/usn/USN-1339-1
BugTraq ID: 51642
http://www.securityfocus.com/bid/51642
http://secunia.com/advisories/47740
http://secunia.com/advisories/47741
http://secunia.com/advisories/47992
http://secunia.com/advisories/48318
XForce ISS Database: qemu-processtxdesc-bo(72656)
http://xforce.iss.net/xforce/xfdb/72656
Common Vulnerability Exposure (CVE) ID: CVE-2011-4127
http://www.openwall.com/lists/oss-security/2011/12/22/5
http://secunia.com/advisories/48898

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.70662
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2012:0050
Summary:	Redhat Security Advisory RHSA-2012:0050
Description:	The remote host is missing updates announced in advisory RHSA-2012:0050. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) Red Hat would like to thank Nicolae Mogoreanu for reporting this issue. This update also fixes the following bug: * qemu-kvm has a scsi option, to be used, for example, with the -device option: -device virtio-blk-pci,drive=[drive name],scsi=off. Previously, however, it only masked the feature bit, and did not reject SCSI commands if a malicious guest ignored the feature bit and issued a request. This update corrects this issue. The scsi=off option can be used to mitigate the virtualization aspect of CVE-2011-4127 before the RHSA-2011:1849 kernel update is installed on the host. This mitigation is only required if you do not have the RHSA-2011:1849 kernel update installed on the host and you are using raw format virtio disks backed by a partition or LVM volume. If you run guests by invoking /usr/libexec/qemu-kvm directly, use the -global virtio-blk-pci.scsi=off option to apply the mitigation. If you are using libvirt, as recommended by Red Hat, and have the RHBA-2012:0013 libvirt update installed, no manual action is required: guests will automatically use scsi=off. (BZ#767721) Note: After installing the RHSA-2011:1849 kernel update, SCSI requests issued by guests via the SG_IO IOCTL will not be passed to the underlying block device when using raw format virtio disks backed by a partition or LVM volume, even if scsi=on is used. As well, this update adds the following enhancement: * Prior to this update, qemu-kvm was not built with RELRO or PIE support. qemu-kvm is now built with full RELRO and PIE support as a security enhancement. (BZ#767906) All users of qemu-kvm should upgrade to these updated packages, which correct these issues and add this enhancement. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-0050.html Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0029 https://bugzilla.redhat.com/show_bug.cgi?id=772075 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html http://www.redhat.com/support/errata/RHSA-2012-0050.html RedHat Security Advisories: RHSA-2012:0370 http://rhn.redhat.com/errata/RHSA-2012-0370.html SuSE Security Announcement: openSUSE-SU-2012:0207 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html SuSE Security Announcement: SUSE-SU-2012:1320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html http://www.ubuntu.com/usn/USN-1339-1 BugTraq ID: 51642 http://www.securityfocus.com/bid/51642 http://secunia.com/advisories/47740 http://secunia.com/advisories/47741 http://secunia.com/advisories/47992 http://secunia.com/advisories/48318 XForce ISS Database: qemu-processtxdesc-bo(72656) http://xforce.iss.net/xforce/xfdb/72656 Common Vulnerability Exposure (CVE) ID: CVE-2011-4127 http://www.openwall.com/lists/oss-security/2011/12/22/5 http://secunia.com/advisories/48898
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com