qemu-kvm-1.5.3-156.el7

エラータID: AXSA:2018-2655:03

Release date: 
Tuesday, April 10, 2018 - 19:41
Subject: 
qemu-kvm-1.5.3-156.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

* Qemu: vga: OOB read access during display update (CVE-2017-13672)

* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)

* Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124)

* Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268)

* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank David Buchanan for reporting CVE-2017-13672; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15124 issue was discovered by Daniel Berrange (Asianux).

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.5 Release Notes linked from the References section.

CVE-2017-13672
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2017-13711
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
CVE-2017-15124
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
CVE-2017-15268
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

Solution: 

Update packages.

CVEs: 
CVE-2017-13672
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2017-13711
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
CVE-2017-15124
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
CVE-2017-15268
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
Additional Info: 

N/A

Download: 

SRPMS
  1. qemu-kvm-1.5.3-156.el7.src.rpm
    MD5: 925e89429b16b93b8768f86e65c71f5b
    SHA-256: 556f612d0ad9a0f82c64966efb2a80496d1f154d3d63a5e7a38cbbef805a5e7f
    Size: 14.83 MB

Asianux Server 7 for x86_64
  1. qemu-img-1.5.3-156.el7.x86_64.rpm
    MD5: a473ff9e307960564c81fd154f6862e8
    SHA-256: 869360702256a02cabd8f3fb41c6a132a130ccbd2be80a1bad5780d667fcbbc0
    Size: 689.26 kB
  2. qemu-kvm-1.5.3-156.el7.x86_64.rpm
    MD5: eded541ff691470b0cad9a1a7ddd67f0
    SHA-256: 060b76bcc97090607aff4c2ceb1cd98ec68682ad1cc186d4e43a0e31f8ebdc1d
    Size: 1.91 MB
  3. qemu-kvm-common-1.5.3-156.el7.x86_64.rpm
    MD5: 1c212dbf77c5ce178e335cc7ba601d2b
    SHA-256: 1b89934ae6ad3060c82255135a1a3218296bd7dcfba625e9cc21b0459a8f5df8
    Size: 426.44 kB
  4. qemu-kvm-tools-1.5.3-156.el7.x86_64.rpm
    MD5: 87e053c2ae522988d6a81f4ab2042241
    SHA-256: c37790406e3ded5e68c47fb9466303bc5d25c3963b7c0eed58157997db261c6d
    Size: 224.55 kB