ELSA-2020-1116

Опубликовано: 06 апр. 2020

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2020-1116: qemu-kvm security, bug fix, and enhancement update (IMPORTANT)

[1.5.3-173.el7]

kvm-tcp_emu-Fix-oob-access.patch [bz#1791560]
kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560]
kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560]
Resolves: bz#1791560 (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8])

[1.5.3-172.el7]

kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771961]
kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771961]
Resolves: bz#1771961 (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8])

[1.5.3-171.el7]

kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1638471]
kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch [bz#1638471]
kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch [bz#1638471]
kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch [bz#1760607]
Resolves: bz#1638471 ([Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model)
Resolves: bz#1760607 (Corrupted EAX values due to missing brackets at CPUID[0x800000008] code)

[1.5.3-170.el7]

kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749735]
kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1709971]
kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1709971]
kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1709971]
kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1709971]
kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1709971]
kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1709971]
kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1709971]
kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1709971]
kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1709971]
kvm-Remove-arch-capabilities-deprecation.patch [bz#1709971]
kvm-target-i386-add-MDS-NO-feature.patch [bz#1714791]
Resolves: bz#1709971 ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm)
Resolves: bz#1714791 ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm)
Resolves: bz#1749735 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7])

[1.5.3-169.el7]

kvm-target-i386-Support-invariant-tsc-flag.patch [bz#1626871]
kvm-target-i386-block-migration-and-savevm-if-invariant-.patch [bz#1626871]
kvm-i386-Don-t-copy-host-virtual-address-limit.patch [bz#1706658]
Resolves: bz#1626871 ([RFE] request for using TscInvariant feature with qemu-kvm.)
Resolves: bz#1706658 ([Intel 7.8 Bug] qemu-kvm fail with 'err:kvm_init_vcpu() invalidate argumant' on ICX platform)

[1.5.3-168.el7]

kvm-qxl-check-release-info-object.patch [bz#1712703]
kvm-bswap.h-Remove-cpu_to_be16wu.patch [bz#1270166]
kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch [bz#1270166]
kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734749]
Resolves: bz#1270166 (UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.)
Resolves: bz#1712703 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7])
Resolves: bz#1734749 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8])

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

qemu-img

1.5.3-173.el7

qemu-kvm

1.5.3-173.el7

qemu-kvm-common

1.5.3-173.el7

qemu-kvm-tools

1.5.3-173.el7

Связанные CVE

CVE-2020-7039

Ссылки на источники

Связанные уязвимости

CVE-2020-7039

CVSS3: 5.6

ubuntu

больше 5 лет назад

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.