AXSA:2019-4177:04

Release date: 
Tuesday, August 20, 2019 - 06:59
Subject: 
qemu-kvm-1.5.3-167.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

* QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
1. qemu-kvm-1.5.3-167.el7.src.rpm
md5sum: 9b5bf8ce3bd9ccdd3661c78a445086de
sha256sum: 76ee49d177bb5907914007dbe4506fce5f942c03c8e3638657531e110fa1eafd
Size: 15,253 Kb

Asianux Server 7.0 for x86_64
1. qemu-img-1.5.3-167.el7.x86_64.rpm
md5sum: ba201a414e50b4287d405570e26f0fe5
sha256sum: bdc8195a19e3052ee992145a90c4e20803b4db89116bfd7c26b837ab35d9f277
Size: 697 Kb
2. qemu-kvm-1.5.3-167.el7.x86_64.rpm
md5sum: c0fcd2c0252d6b8715561d7f59f1e26e
sha256sum: 29d95c28ee48307a9792acbc9b1ab7c49adb2f62acf1681c20f85ce98913bf65
Size: 1,947 Kb
3. qemu-kvm-common-1.5.3-167.el7.x86_64.rpm
md5sum: 637d68b7fb026ce6e0c45b7491cf53e2
sha256sum: f14297088fc190b3ecf220c12ae004705ad721ce4bb4f7af60b4e20c65b772cc
Size: 433 Kb
4. qemu-kvm-tools-1.5.3-167.el7.x86_64.rpm
md5sum: 67828696bec5b8c7baec69179aa637b5
sha256sum: a54fff5bd2c9449efd3f2d8457f4f73d814cba63171cea25c2899a66d2629ba9
Size: 231 Kb
Copyright© 2007-2015 Asianux. All rights reserved.