AXSA:2019-4177:04

Release date: 
Tuesday, August 20, 2019 - 06:59
Subject: 
qemu-kvm-1.5.3-167.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

* QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. qemu-kvm-1.5.3-167.el7.src.rpm
    MD5: 9b5bf8ce3bd9ccdd3661c78a445086de
    SHA-256: 76ee49d177bb5907914007dbe4506fce5f942c03c8e3638657531e110fa1eafd
    Size: 14.90 MB

Asianux Server 7 for x86_64
  1. qemu-img-1.5.3-167.el7.x86_64.rpm
    MD5: ba201a414e50b4287d405570e26f0fe5
    SHA-256: bdc8195a19e3052ee992145a90c4e20803b4db89116bfd7c26b837ab35d9f277
    Size: 697.36 kB
  2. qemu-kvm-1.5.3-167.el7.x86_64.rpm
    MD5: c0fcd2c0252d6b8715561d7f59f1e26e
    SHA-256: 29d95c28ee48307a9792acbc9b1ab7c49adb2f62acf1681c20f85ce98913bf65
    Size: 1.90 MB
  3. qemu-kvm-common-1.5.3-167.el7.x86_64.rpm
    MD5: 637d68b7fb026ce6e0c45b7491cf53e2
    SHA-256: f14297088fc190b3ecf220c12ae004705ad721ce4bb4f7af60b4e20c65b772cc
    Size: 433.34 kB
  4. qemu-kvm-tools-1.5.3-167.el7.x86_64.rpm
    MD5: 67828696bec5b8c7baec69179aa637b5
    SHA-256: a54fff5bd2c9449efd3f2d8457f4f73d814cba63171cea25c2899a66d2629ba9
    Size: 231.37 kB
Copyright© 2007-2015 Asianux. All rights reserved.