qemu-kvm-0.12.1.2-2.503.AXS4.3
エラータID: AXSA:2017-1644:04
KVM (for Kernel-based Virtual Machine) is a full virtualization solution
for Linux on x86 hardware.
Using KVM, one can run multiple virtual machines running unmodified Linux
or Windows images. Each virtual machine has private virtualized hardware:
a network card, disk, graphics adapter, etc.
Security issues fixed with this release:
CVE-2016-9603
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-2633
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7718
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local
guest OS privileged users to cause a denial of service (out-of-bounds
read and QEMU process crash) via vectors related to copying VGA data
via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_
functions.
CVE-2017-7980
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update package.
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
N/A
SRPMS
- qemu-kvm-0.12.1.2-2.503.AXS4.3.src.rpm
MD5: c6abdd685720cd4af465669cdcf1b36f
SHA-256: 4b3152769a80f47fd9199764be2428eede45ecf8637795f4691d9380437542bc
Size: 10.88 MB
Asianux Server 4 for x86
- qemu-guest-agent-0.12.1.2-2.503.AXS4.3.i686.rpm
MD5: e8e49a84ad7173cc9bed6849cc19f9fe
SHA-256: d12e87b107dcb6a2cf4107f7e461c367f3d2923bcf3f342419a8527ec7fc71c1
Size: 509.34 kB
Asianux Server 4 for x86_64
- qemu-guest-agent-0.12.1.2-2.503.AXS4.3.x86_64.rpm
MD5: e280202e4f9342b40580c55f821159d8
SHA-256: cc638159ab25bc5b681ffa486ca77e3b602c29a4c49bc057463fc4649cd66e11
Size: 506.37 kB - qemu-img-0.12.1.2-2.503.AXS4.3.x86_64.rpm
MD5: fbfd78c572a6c721e19d3bc7dc6da382
SHA-256: b7d72541261e22157c3e0bb35ea257fb4b9776b4d8ca1ad360391757f4d16514
Size: 844.74 kB - qemu-kvm-0.12.1.2-2.503.AXS4.3.x86_64.rpm
MD5: 00ee80f5ea0fc566d04f69eb1d667216
SHA-256: 0dbfaffd12b9586d436938414e2c4adc00c5ffbc1c2c8cb62a0f1822217f53ff
Size: 1.62 MB - qemu-kvm-tools-0.12.1.2-2.503.AXS4.3.x86_64.rpm
MD5: 49e2e939535971e11d3fefffb088d614
SHA-256: 61f63c4e4b23037780a1f444b6c442b8e39167817c95e74a5a096989bc516e1b
Size: 432.02 kB