qemu-kvm-0.12.1.2-2.415.AXS4.8
エラータID: AXSA:2014-285:04
Release date:
Tuesday, April 29, 2014 - 18:29
Subject:
qemu-kvm-0.12.1.2-2.415.AXS4.8
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware.
Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
Security issues fixed with this release:
• CVE-2014-0142
• CVE-2014-0143
• CVE-2014-0144
• CVE-2014-0145
• CVE-2014-0146
• CVE-2014-0147
• CVE-2014-0148
No information available at the time of writing, please refer to the CVE links below.
• CVE-2014-0150
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
Solution:
Update packages.
CVEs:
CVE-2014-0142
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
CVE-2014-0143
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
CVE-2014-0144
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2014-0145
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
CVE-2014-0146
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
CVE-2014-0147
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2014-0148
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2014-0150
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
Additional Info:
N/A
Download:
SRPMS
- qemu-kvm-0.12.1.2-2.415.AXS4.8.src.rpm
MD5: d04ff6d5843e609bc86462aca53ed539
SHA-256: 5d1abe6100776473f512c33519e55cfcfeba479d1454ac12413d6cb9b914711d
Size: 9.43 MB
Asianux Server 4 for x86
- qemu-guest-agent-0.12.1.2-2.415.AXS4.8.i686.rpm
MD5: 7c8438097001f2287a7a655fcee32395
SHA-256: 33837da8bb713f5c980a3335f3ac6087275a5e9ec383fed7b9651ba71cdf8990
Size: 435.15 kB
Asianux Server 4 for x86_64
- qemu-guest-agent-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: 7ccff4b7a195ad236247d0ffbe5786d8
SHA-256: 3e91fb8f39777e0f1ab8cdd337be8747eb0b1a89a81b219eea6672ad7f418d7a
Size: 432.14 kB - qemu-img-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: 2ef7872a0b4c1b18b638525a4306861c
SHA-256: 432f735bf487b1578e2651342699340d8c2ec1f79dfebf91ffb7a6315f90b8c0
Size: 593.67 kB - qemu-kvm-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: a3e58b7564d9294bc1fc078022315f56
SHA-256: a16a57ea2ada7bab5eb4b0a18afce7dd5cd9f132820f0d8e61beada6cfa9d7cb
Size: 1.48 MB - qemu-kvm-tools-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: d4b466b01dca1bd974ed08a2ac1d7edd
SHA-256: e2970e32bc7042230dc3535595daf2a64fea041473216355efc081ed99f5bd28
Size: 362.80 kB
日本語