qemu-kvm-0.12.1.2-2.506.AXS4.1
エラータID: AXSA:2018-3247:04
Release date:
Wednesday, July 11, 2018 - 01:21
Subject:
qemu-kvm-0.12.1.2-2.506.AXS4.1
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load
Solution:
Update packages.
CVEs:
CVE-2017-13672
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2018-7858
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
Additional Info:
N/A
Download:
SRPMS
- qemu-kvm-0.12.1.2-2.506.AXS4.1.src.rpm
MD5: 04e5c3906130144ed1b8c62c4e76e671
SHA-256: 6a773736b5c0497e7b884fed4f29ff919a935d485a9c9fcd85eb237938f870ff
Size: 10.90 MB
Asianux Server 4 for x86
- qemu-guest-agent-0.12.1.2-2.506.AXS4.1.i686.rpm
MD5: b8193ba5942da4a91272e74238760fef
SHA-256: 17d1d095dbb4eb567cd1fab1c1ea5f6ee0162488eec734dc2ef40cc6ac34dbd3
Size: 511.11 kB
Asianux Server 4 for x86_64
- qemu-guest-agent-0.12.1.2-2.506.AXS4.1.x86_64.rpm
MD5: bed31e0be175686cbc16e775dd359245
SHA-256: 8a9e20773e529010eecd8193bdb17dcaf2cbad63b69f53517ed9e888772dcf39
Size: 508.17 kB - qemu-img-0.12.1.2-2.506.AXS4.1.x86_64.rpm
MD5: 72963a43243b0ad1ee359e9042a1733f
SHA-256: 68abacad0a812b7ba22ac859593778829cb36bf2083d69abf7102f3e471418f0
Size: 846.55 kB - qemu-kvm-0.12.1.2-2.506.AXS4.1.x86_64.rpm
MD5: 503d8b603a00d065821b365435d4b11a
SHA-256: 96dcf2ab129260642d4e26cd89feb5e11caa35348b5c1ea8e3353439966ed089
Size: 1.62 MB - qemu-kvm-tools-0.12.1.2-2.506.AXS4.1.x86_64.rpm
MD5: fbf9cef80b6e5eaa69093f150bd4ed1e
SHA-256: 7e4ceb8dbed73ba05b29dd3163bcb01560744480230c51529e873e78d736b727
Size: 433.82 kB