Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-3906

Опубликовано: 06 окт. 2020
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2020-3906: qemu-kvm security, bug fix, and enhancement update (LOW)

[1.5.3-175.el7]

  • kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1810408]
  • Resolves: bz#1810408 (CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-7])

[1.5.3-174.el7]

  • kvm-util-add-slirp_fmt-helpers2.patch [bz#1800515]
  • kvm-tcp_emu-fix-unsafe-snprintf-usages2.patch [bz#1800515]
  • kvm-slirp-disable-tcp_emu.patch [bz#1791679]
  • kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1802215]
  • kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1802215]
  • kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
  • Resolves: bz#1618503 (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])
  • Resolves: bz#1791679 (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-7])
  • Resolves: bz#1800515 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.9])
  • Resolves: bz#1802215 (Add support for newer glusterfs)

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

qemu-img

1.5.3-175.el7

qemu-kvm

1.5.3-175.el7

qemu-kvm-common

1.5.3-175.el7

qemu-kvm-tools

1.5.3-175.el7

Связанные CVE

CVE-2018-15746
CVE-2019-20382

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-20382

CVSS3: 3.5
ubuntu
больше 5 лет назад

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

redhat логотип

CVE-2019-20382

CVSS3: 3.5
redhat
почти 6 лет назад

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

nvd логотип

CVE-2019-20382

CVSS3: 3.5
nvd
больше 5 лет назад

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

debian логотип

CVE-2019-20382

CVSS3: 3.5
debian
больше 5 лет назад

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...

ubuntu логотип

CVE-2018-15746

CVSS3: 5.5
ubuntu
почти 7 лет назад

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.