Описание
ELSA-2019-1650: qemu-kvm security update (LOW)
[0.12.1.2-2.506.el6_10.4]
- kvm-target-i386-Sanitize-the-XSAVE-related-feature-bits.patch [bz#1673779]
- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1689790]
- Resolves: bz#1673779 (RHEL8 VM's do not install on RHEL6 KVM hypervisor)
- Resolves: bz#1689790 (CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [rhel-6])
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
qemu-guest-agent
0.12.1.2-2.506.el6_10.4
qemu-img
0.12.1.2-2.506.el6_10.4
qemu-kvm
0.12.1.2-2.506.el6_10.4
qemu-kvm-tools
0.12.1.2-2.506.el6_10.4
Oracle Linux i686
qemu-guest-agent
0.12.1.2-2.506.el6_10.4
Связанные CVE
Связанные уязвимости
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 u ...
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.