qemu-kvm-1.5.3-175.el7.1

エラータID: AXSA:2020-748:04

Release date: 
Friday, October 16, 2020 - 06:13
Subject: 
qemu-kvm-1.5.3-175.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)
QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-14364
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
CVE-2020-1983
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

Solution: 

Update packages.

CVEs: 
CVE-2020-14364
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
CVE-2020-1983
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. qemu-kvm-1.5.3-175.el7.1.src.rpm
    MD5: 878cbeb26f24d146e582f1e6e941e1a7
    SHA-256: e56488ed3ab68e1bf39f6708967153fd105e86692a4fa2107fc57bfdd8122903
    Size: 14.95 MB

Asianux Server 7 for x86_64
  1. qemu-img-1.5.3-175.el7.1.x86_64.rpm
    MD5: 7443ba862c6a284ef662e6afc033d9af
    SHA-256: fc85c813f79818e399225e50125a6b3c77bf0d734c56964bebd19db50fb3cacf
    Size: 702.68 kB
  2. qemu-kvm-1.5.3-175.el7.1.x86_64.rpm
    MD5: e0ff43a0633e935f412297596a366bae
    SHA-256: 93c1c5ad096dd7e2f916e9ed9fa64e2aa72db0eeb3c08cfbb233d569ab6511fd
    Size: 1.91 MB
  3. qemu-kvm-common-1.5.3-175.el7.1.x86_64.rpm
    MD5: c714797b5cbdc8c18fec534743952f72
    SHA-256: 4bd4a67809e334f47d1b1b4f96773e881e74efc199fd667ea3cc10e86ef802f1
    Size: 438.53 kB
  4. qemu-kvm-tools-1.5.3-175.el7.1.x86_64.rpm
    MD5: c377b60983bc6b5edc21f0c5cb4c46fe
    SHA-256: ee53d245a215bc27e1942ee56026ee2de6855bf0d65c43426d3065271f2f812e
    Size: 236.54 kB