Scientific Linux Security Update : qemu-kvm on SL6.x x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space
component for running virtual machines using KVM.

It was found that qemu-kvm did not properly drop supplemental group
privileges when the root user started guests from the command line
('/usr/libexec/qemu-kvm') with the '-runas' option. A qemu-kvm process
started this way could use this flaw to gain access to files on the
host that are accessible to the supplementary groups and not
accessible to the primary group. (CVE-2011-2527)

Note: This issue only affected qemu-kvm when it was started directly
from the command line. It did not affect applications that start
qemu-kvm via libvirt, such as the Virtual Machine Manager
(virt-manager).

A flaw was found in the way qemu-kvm handled VSC_ATR messages when a
guest was configured for a CCID (Chip/Smart Card Interface Devices)
USB smart card reader in passthrough mode. An attacker able to connect
to the port on the host being used for such a device could use this
flaw to crash the qemu-kvm process on the host or, possibly, escalate
their privileges on the host. (CVE-2011-4111)

All users of qemu-kvm should upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing
this update, shut down all running virtual machines. Once all virtual
machines have shut down, start them again for this update to take
effect.

A number of additional packages were added to the security repository
so that this package could be installed on older SL systems.

See also :

http://www.nessus.org/u?36ed1087

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61195 ()

Bugtraq ID:

CVE ID: CVE-2011-4111