qemu-kvm-0.12.1.2-2.506.AXS4.5

エラータID: AXSA:2019-4314:03

Release date: 
Wednesday, September 25, 2019 - 07:43
Subject: 
qemu-kvm-0.12.1.2-2.506.AXS4.5
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

* QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806)

* QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)

* QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839)

* QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962)

* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-10839
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-17962
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2019-12155
interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.
CVE-2019-6778
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

Solution: 

Update packages.

CVEs: 
CVE-2018-10839
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-17962
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2019-12155
interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.
Additional Info: 

N/A

Download: 

SRPMS
  1. qemu-kvm-0.12.1.2-2.506.AXS4.5.src.rpm
    MD5: 4b5ed29e96dbe3e62d98bd6176bbf8ca
    SHA-256: 8aa52e8b237bdd25feca77e557952d94e884bcc25401f8a9205e505800d09eda
    Size: 10.92 MB

Asianux Server 4 for x86
  1. qemu-guest-agent-0.12.1.2-2.506.AXS4.5.i686.rpm
    MD5: 27ae95ba4aa5dd49330348e479d346b6
    SHA-256: aec51039229851b339dcd3fd8554051996647e71b240b292eaed22698be71267
    Size: 513.34 kB

Asianux Server 4 for x86_64
  1. qemu-guest-agent-0.12.1.2-2.506.AXS4.5.x86_64.rpm
    MD5: c8a607a5b52e0e68f9cbab2595e98c58
    SHA-256: 1f919bec1e1879835a9c6a0d1a7fac679ff963d8e3f48c503fc8056ff1b61502
    Size: 510.39 kB
  2. qemu-img-0.12.1.2-2.506.AXS4.5.x86_64.rpm
    MD5: afa60af4bbce5245c8de021e60ea839e
    SHA-256: 16379ae4cd1d6820aefd0613fc6e1bc520299ab32e2b64081ef9a704076f7a2d
    Size: 848.77 kB
  3. qemu-kvm-0.12.1.2-2.506.AXS4.5.x86_64.rpm
    MD5: dd48de4d57df05b68b2fc758f529dd46
    SHA-256: b36f0ad51f68123f38cd4f7895227355f2feea57068db032962426ca12071dca
    Size: 1.62 MB
  4. qemu-kvm-tools-0.12.1.2-2.506.AXS4.5.x86_64.rpm
    MD5: c5a8b0b9bbc22ee353ea0e4507d7cca2
    SHA-256: 69403671878f60cf4b77d07850a8fc6a5e9af14a9dc26f59e4279f6b9a7c68e5
    Size: 436.05 kB