Scientific Linux Security Update : kvm on SL5.4 i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The x86 emulator implementation was missing a check for the Current
Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a
guest could leverage these flaws to cause a denial of service (guest
crash) or possibly escalate their privileges within that guest.
(CVE-2010-0298, CVE-2010-0306)

A flaw was found in the Programmable Interval Timer (PIT) emulation.
Access to the internal data structure pit_state, which represents the
data state of the emulated PIT, was not properly validated in the
pit_ioport_read() function. A privileged guest user could use this
flaw to crash the host. (CVE-2010-0309)

A flaw was found in the USB passthrough handling code. A specially
crafted USB packet sent from inside a guest could be used to trigger a
buffer overflow in the usb_host_handle_control() function, which runs
under the QEMU-KVM context on the host. A user in a guest could
leverage this flaw to cause a denial of service (guest hang or crash)
or possibly escalate their privileges within the host. (CVE-2010-0297)

This update also fixes the following bugs :

- pvclock MSR values were not preserved during remote
migration, causing time drift for guests. (BZ#537028)

- SMBIOS table 4 data is now generated for Windows guests.
(BZ#545874)

- if the qemu-kvm '-net user' option was used, unattended
Windows XP installations did not receive an IP address
after reboot. (BZ#546562)

- when being restored from migration, a race condition
caused Windows Server 2008 R2 guests to hang during
shutdown. (BZ#546563)

- the kernel symbol checking on the kvm-kmod build process
has a safety check for ABI changes. (BZ#547293)

- on hosts without high-res timers, Windows Server 2003
guests experienced significant time drift. (BZ#547625)

- in some situations, installing Windows Server 2008 R2
from an ISO image resulted in a blue screen
'BAD_POOL_HEADER' stop error. (BZ#548368)

- a bug in the grow_refcount_table() error handling caused
infinite recursion in some cases. This caused the
qemu-kvm process to hang and eventually crash.
(BZ#552159)

- for Windows Server 2003 R2, Service Pack 2, 32-bit
guests, an 'unhandled vm exit' error could occur during
reboot on some systems. (BZ#552518)

- for Windows guests, QEMU could attempt to stop a stopped
audio device, resulting in a 'snd_playback_stop: ASSERT
playback_channel->base.active failed' error. (BZ#552519)

- the Hypercall driver did not reset the device on
power-down. (BZ#552528)

- mechanisms have been added to make older savevm versions
to be emitted in some cases. (BZ#552529)

- an error in the Makefile prevented users from using the
source RPM to install KVM. (BZ#552530)

- guests became unresponsive and could use up to 100% CPU
when running certain benchmark tests with more than 7
guests running simultaneously. (BZ#553249)

- QEMU could terminate randomly with virtio-net and SMP
enabled. (BZ#561022)

NOTE - The following procedure must be performed before this update
will take effect :

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove
(using 'modprobe -r [module]') and reload (using 'modprobe [module]')
all of the following modules which are currently running (determined
using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

See also :

http://www.nessus.org/u?1bc3c4b5
https://bugzilla.redhat.com/show_bug.cgi?id=537028
https://bugzilla.redhat.com/show_bug.cgi?id=545874
https://bugzilla.redhat.com/show_bug.cgi?id=546562
https://bugzilla.redhat.com/show_bug.cgi?id=546563
https://bugzilla.redhat.com/show_bug.cgi?id=547293
https://bugzilla.redhat.com/show_bug.cgi?id=547625
https://bugzilla.redhat.com/show_bug.cgi?id=548368
https://bugzilla.redhat.com/show_bug.cgi?id=552159
https://bugzilla.redhat.com/show_bug.cgi?id=552518
https://bugzilla.redhat.com/show_bug.cgi?id=552519
https://bugzilla.redhat.com/show_bug.cgi?id=552528
https://bugzilla.redhat.com/show_bug.cgi?id=552529
https://bugzilla.redhat.com/show_bug.cgi?id=552530
https://bugzilla.redhat.com/show_bug.cgi?id=553249
https://bugzilla.redhat.com/show_bug.cgi?id=561022

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60730 ()

Bugtraq ID:

CVE ID: CVE-2010-0297
CVE-2010-0298
CVE-2010-0306
CVE-2010-0309