qemu-kvm-0.12.1.2-2.506.6.0.1.AXS4

エラータID: AXSA:2020-078:02

Release date: 
Wednesday, May 20, 2020 - 11:52
Subject: 
qemu-kvm-0.12.1.2-2.506.6.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)

* QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)

* QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-14378
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVE-2019-15890
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
CVE-2020-7039
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

Solution: 

Update packages.

CVEs: 
CVE-2019-14378
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVE-2019-15890
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
CVE-2020-7039
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Additional Info: 

N/A

Download: 

SRPMS
  1. qemu-kvm-0.12.1.2-2.506.6.0.1.AXS4.src.rpm
    MD5: 850d07fc4f740caad7575fe9f26da781
    SHA-256: 97237e1f17007458e9a89901122ef08f370c69547012619ff06811d9a89bdca8
    Size: 10.92 MB

Asianux Server 4 for x86
  1. qemu-guest-agent-0.12.1.2-2.506.6.0.1.AXS4.i686.rpm
    MD5: 72f17a52fd59bfa62ab97eaf3155f6ea
    SHA-256: 032fa82196ad3ccbd4ae4f4daced18a093a96ef43f6fc4401cb47c18c799f9ec
    Size: 514.30 kB

Asianux Server 4 for x86_64
  1. qemu-guest-agent-0.12.1.2-2.506.6.0.1.AXS4.x86_64.rpm
    MD5: f894d248c92509b18f75ba2274da8dda
    SHA-256: a4a7e01bf4c6c4c0aca8f59700bd6e118a2ba40cf1da4de63ff48613f135d4d1
    Size: 511.15 kB
  2. qemu-img-0.12.1.2-2.506.6.0.1.AXS4.x86_64.rpm
    MD5: b985e503ff46334d2121f876ee6b809c
    SHA-256: ccda8e7156935e5e0f655072c4bcc102fa3ab3aaf01d7418bc022fddca851a1a
    Size: 848.86 kB
  3. qemu-kvm-0.12.1.2-2.506.6.0.1.AXS4.x86_64.rpm
    MD5: cb188e9abeb1a44673b20e22e69fd613
    SHA-256: fad593b25e0f672b657776b41c1326960fcd6ca8a678eecd1902dae0a1497024
    Size: 1.62 MB
  4. qemu-kvm-tools-0.12.1.2-2.506.6.0.1.AXS4.x86_64.rpm
    MD5: 28ce61cb7ba2f0e2875ac94b474a3f69
    SHA-256: a8dcdf6aebe6ec0a9a04ebe18757abdcf81c5294eb07f85a73d0c5d994ee565d
    Size: 437.00 kB