qemu-kvm-1.5.3-156.el7.5
エラータID: AXSA:2018-3289:06
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Security Fix(es):
* QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806)
* QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Asianux would like to thank Jskz - Zero Day Initiative (trendmicro.com) for reporting CVE-2018-11806 and Cyrille Chatras (Orange.com) and CERT-CC (Orange.com) for reporting CVE-2018-7550.
Bug Fix(es):
* Previously, live migrating a Windows guest in some cases caused the guest to become unresponsive. This update ensures that Real-time Clock (RTC) interrupts are not missed, which prevents the problem from occurring. (BZ#1596302)
CVE-2018-7550
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
Update packages.
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
N/A
SRPMS
- qemu-kvm-1.5.3-156.el7.5.src.rpm
MD5: 91fd0c99f808aa20fd92761fb74a0c93
SHA-256: e61e7a0363d81ec9f7e66b3f23f454e73790f943e7ec7f601de6a35b35dbb8bd
Size: 14.85 MB
Asianux Server 7 for x86_64
- qemu-img-1.5.3-156.el7.5.x86_64.rpm
MD5: d67caefc042c88a8552bbb5ac90fd290
SHA-256: 52b3cee81ca35a534512152af09f46ef992b1db3fdd32f9c6da89fcddeb360f6
Size: 691.54 kB - qemu-kvm-1.5.3-156.el7.5.x86_64.rpm
MD5: 3f41304e7031a0e90ec4f62df2ef8189
SHA-256: ee98b90a7837f70657ff0c30cf800b497bc634821902bd7233e17e8abcfe3883
Size: 1.92 MB - qemu-kvm-common-1.5.3-156.el7.5.x86_64.rpm
MD5: 33008b85838af32ba1bf2711796ceef8
SHA-256: 7e9702986a108bec45fb57540bf597306414965f2b3b9cbee638b58c8cb9032c
Size: 428.68 kB - qemu-kvm-tools-1.5.3-156.el7.5.x86_64.rpm
MD5: 9e1d657ac4f61c558867fe95bdae691f
SHA-256: 4843861d8959dd723f4bb29a4a4139e14226bfc7d587cdb0e427c7efef9b81bc
Size: 226.72 kB