Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-0309

Опубликовано: 23 фев. 2017
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2017-0309: qemu-kvm security and bug fix update (IMPORTANT)

[0.12.1.2-2.491.el6_8.6]

  • kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1418230 bz#1419416]
  • kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418230 bz#1419416]
  • kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418230 bz#1419416]
  • kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418230 bz#1419416]
  • kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418230 bz#1419416]
  • kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418230 bz#1419416]
  • kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418230 bz#1419416]
  • kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418230 bz#1419416]
  • Resolves: bz#1418230 (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.8.z])
  • Resolves: bz#1419416 (CVE-2017-2615 qemu-kvm-rhev: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.8.z])

[0.12.1.2-2.491.el6_8.5]

  • kvm-net-check-packet-payload-length.patch [bz#1398213]
  • Resolves: bz#1398213 (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-6.8.z])

[0.12.1.2-2.491.el6.4]

  • kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1408389]
  • kvm-virtio-introduce-virtqueue_discard.patch [bz#1408389]
  • kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1408389]
  • kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1408389]
  • kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1408389]
  • kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1408389]
  • Resolves: bz#1408389 ([RHEL6.8.z] KVM guest shuts itself down after 128th reboot)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

qemu-guest-agent

0.12.1.2-2.491.el6_8.6

qemu-img

0.12.1.2-2.491.el6_8.6

qemu-kvm

0.12.1.2-2.491.el6_8.6

qemu-kvm-tools

0.12.1.2-2.491.el6_8.6

Oracle Linux i686

qemu-guest-agent

0.12.1.2-2.491.el6_8.6

Связанные CVE

CVE-2017-2615
CVE-2016-2857

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2016-2857

CVSS3: 8.4
ubuntu
больше 9 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

redhat логотип

CVE-2016-2857

CVSS3: 4.7
redhat
больше 9 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

nvd логотип

CVE-2016-2857

CVSS3: 8.4
nvd
больше 9 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

debian логотип

CVE-2016-2857

CVSS3: 8.4
debian
больше 9 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows l ...

ubuntu логотип

CVE-2017-2615

CVSS3: 5.5
ubuntu
больше 7 лет назад

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Уязвимость ELSA-2017-0309