RHBA-2016:1556 - Bug Fix Advisory
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
An out-of-bounds read/write access flaw was found in the way QEMU's VGA
emulation with VESA BIOS Extensions (VBE) support performed read/write
operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
- Red Hat Virtualization 3 for RHEL 6 x86_64
Red Hat Virtualization 3 for RHEL 6