qemu-kvm-0.12.1.2-2.491.AXS4.6
エラータID: AXSA:2017-1305:01
リリース日:
2017/02/24 Friday - 02:35
題名:
qemu-kvm-0.12.1.2-2.491.AXS4.6
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- QEMU の net/checksum.c の net_checksum_calculate 関数には,巧妙に細
工されたパケットのペイロード長によって,ローカルのゲスト OS ユーザが
サービス拒否 (境界外のヒープの読み込みとクラッシュ) を引き起こす脆弱
性があります。(CVE-2016-2857)
- 現時点では CVE-2017-2615 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-2857
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2017-2615
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
追加情報:
N/A
ダウンロード:
SRPMS
- qemu-kvm-0.12.1.2-2.491.AXS4.6.src.rpm
MD5: 90fc8159de222fc027b464adb2edbf52
SHA-256: 09b29b57c4675cff97dfe600d3957563343a64ca23bae721ac3fae56a196fce5
Size: 10.77 MB
Asianux Server 4 for x86
- qemu-guest-agent-0.12.1.2-2.491.AXS4.6.i686.rpm
MD5: 2f98f3dd043b7c3bb75bbe38e2caa968
SHA-256: aff3a78df3df079ac8cf10f19a5b7e56d5e87ac95a2707687691c39facf876b5
Size: 503.18 kB
Asianux Server 4 for x86_64
- qemu-guest-agent-0.12.1.2-2.491.AXS4.6.x86_64.rpm
MD5: a07106453535d58f149ff576be54ee02
SHA-256: 8b95f7b1ca885845afdc5bf2425794f77d8f72525693099d3b242d3b61033278
Size: 500.21 kB - qemu-img-0.12.1.2-2.491.AXS4.6.x86_64.rpm
MD5: d60f1ca15161bb9a0e85c5127ed8ad08
SHA-256: fa525b69c2d5339f70d7f241517ccc0cf41d1d67a19fc3f8c620877e2b53d9a5
Size: 838.03 kB - qemu-kvm-0.12.1.2-2.491.AXS4.6.x86_64.rpm
MD5: 1a6bd3e7c60080882969b62881a06ab2
SHA-256: 7433e7341687cff0be427a1dda969600a1670c7ac30c2d5d1795c9f1ca25db98
Size: 1.61 MB - qemu-kvm-tools-0.12.1.2-2.491.AXS4.6.x86_64.rpm
MD5: 9648841070be631074003a40e1e31b65
SHA-256: 67e437bdca134ec9495ccc7ab65ab9ff7fb2d656749cafefec45c9b9e2f8a05e
Size: 425.87 kB