Описание
ELSA-2019-2607: qemu-kvm security update (LOW)
[1.5.3-167.el7_7.1]
- kvm-qxl-check-release-info-object.patch [bz#1732337]
- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748]
- Resolves: bz#1732337 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z])
- Resolves: bz#1734748 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z])
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
qemu-img
1.5.3-167.el7_7.1
qemu-kvm
1.5.3-167.el7_7.1
qemu-kvm-common
1.5.3-167.el7_7.1
qemu-kvm-tools
1.5.3-167.el7_7.1
Связанные CVE
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 6 лет назад
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVSS3: 3.8
redhat
около 6 лет назад
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVSS3: 7.5
nvd
около 6 лет назад
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVSS3: 7.5
debian
около 6 лет назад
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4 ...
github
около 3 лет назад
interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.