Re: [Fwd: Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities]
On Wed, Mar 10, 2010 at 05:44:10PM -0500, Michael Gilbert wrote:
> On Wed, 10 Mar 2010 17:21:45 -0500, Daniel Kahn Gillmor wrote:
> > We recommend that you upgrade your kvm package. If your system is
> > currently using a kvm-modules package built from previous versions of
> > the kvm-source package, we recommend that you upgrade your kvm-source
> > package, re-build a new kvm-modules package and install it. You should
> > subsequently unload the old kvm modules from your kernel and reload the
> > newly built kernel modules. The simplest way to accomplish this kernel
> > module unload/reload is a system restart.
> a restart is (almost) never the answer. i think a better approach would
> be the following simple instructions
> if you have previously installed the kvm modules on your system, they
> need to be refreshed following an upgrade of your kvm packages. please
> execute the following commands as root after the new packages are
> # m-a a-i kvm-source
> # modprobe kvm
If kvm is running, the above commands will succeed w/o error - but
still leave you with a vulnerable system.
You would need to shutdown all users of kvm and unload the existing
module as well.