qemu-kvm-1.5.3-175.el7.3
エラータID: AXSA:2021-1371:01
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
* QEMU: loader: OOB access while loading registered ROM may lead to code execution (CVE-2020-13765)
* QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* qemu-kvm FTBFS
CVE-2020-13765
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
CVE-2020-16092
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
Update packages.
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
N/A
SRPMS
- qemu-kvm-1.5.3-175.el7.3.src.rpm
MD5: c6178622e4c0dbf5b7a0bdc7046d3536
SHA-256: 557218f6ab112ca014dd007c7c16162ee6d408dc63efb0df9e9235db5b851e36
Size: 14.96 MB
Asianux Server 7 for x86_64
- qemu-img-1.5.3-175.el7.3.x86_64.rpm
MD5: 84afd8edad41f1303b8309909a71c5da
SHA-256: 84a4b203bc5a83cef87ca85e2d1cc7983a85c9a05ad3914a96f569d753d9e999
Size: 703.34 kB - qemu-kvm-1.5.3-175.el7.3.x86_64.rpm
MD5: 074ae7c198be63ad11eb39b75b406aec
SHA-256: dad4a9cd2482110fbaa756853452413f3af04dd9ed31feb886ed56bfed213fd7
Size: 1.91 MB - qemu-kvm-common-1.5.3-175.el7.3.x86_64.rpm
MD5: 8be1a9bb306ee3741182ce0555cd1a70
SHA-256: f15a18b88fe308ec710ed081150cc164fa328b639ae9f339f200e720165965dd
Size: 439.16 kB - qemu-kvm-tools-1.5.3-175.el7.3.x86_64.rpm
MD5: a0ad329c8e7a0666643de26ad40b99ee
SHA-256: fcb2cc8f3a8673956086271dd41577b09c8e6058357c36d84e65a53f20f05e73
Size: 237.20 kB