Описание
ELSA-2020-1403: qemu-kvm security and bug fix update (IMPORTANT)
[0.12.1.2-2.506.el6_10.7]
- kvm-slirp-disable-tcp_emu.patch [bz#1791680]
- kvm-slirp-add-slirp_fmt-helpers.patch [bz#1798966]
- kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798966]
- Resolves: bz#1791680 (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6])
- Resolves: bz#1798966 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-6.10.z])
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
qemu-guest-agent
0.12.1.2-2.506.el6_10.7
qemu-img
0.12.1.2-2.506.el6_10.7
qemu-kvm
0.12.1.2-2.506.el6_10.7
qemu-kvm-tools
0.12.1.2-2.506.el6_10.7
Oracle Linux i686
qemu-guest-agent
0.12.1.2-2.506.el6_10.7
Связанные CVE
Связанные уязвимости
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...
