Red Hat Security Advisory 2015-1718-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU’s RTL8139 emulation implementation processed network packets under RTL8139 controller’s C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.

Red Hat Security Advisory 2015-1723-01 – OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A denial of service flaw was found in the OpenStack Compute instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance.

Red Hat Security Advisory 2015-1736-01 – Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Improper error handling in the API server can cause the master process to crash. A user with network access to the master could cause this to happen. This issue was discovered by Jordan Liggitt of the Red Hat OpenShift Enterprise Team.