Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-5576

Опубликовано: 17 мар. 2020
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2020-5576: qemu security update (IMPORTANT)

[15:3.1.0-7.el7]

  • qemu-img: Add --target-is-zero to convert (David Edmondson)

[15:3.1.0-6.el7]

  • qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 30858754]
  • target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 30652327]
  • iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 30807256] {CVE-2020-1711}
  • scsi: lsi: exit infinite loop while executing script (CVE-2019-12068) (Paolo Bonzini) [Orabug: 30351703] {CVE-2019-12068}
  • lsi: use enum type for s->waiting (Sven Schnelle) {CVE-2019-12068}
  • json: Fix % handling when not interpolating (Christophe Fergeau) [Orabug: 30640103]
  • qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 30640103]
  • Fix heap overflow in ip_reass on big packet input (Samuel Thibault) [Orabug: 30229916] {CVE-2019-14378}
  • Make poll_control_msr default 1 (Mark Kanda)
  • Remove redundant check for host support of halt polling (Mark Kanda) [Orabug: 30240121]
  • Enable '-Werror' compiler flag (Mark Kanda) [Orabug: 30213025]
  • qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30729551]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

qemu

3.1.0-7.el7

qemu-block-gluster

3.1.0-7.el7

qemu-block-iscsi

3.1.0-7.el7

qemu-block-rbd

3.1.0-7.el7

qemu-common

3.1.0-7.el7

qemu-img

3.1.0-7.el7

qemu-kvm

3.1.0-7.el7

qemu-kvm-core

3.1.0-7.el7

Oracle Linux x86_64

qemu

3.1.0-7.el7

qemu-block-gluster

3.1.0-7.el7

qemu-block-iscsi

3.1.0-7.el7

qemu-block-rbd

3.1.0-7.el7

qemu-common

3.1.0-7.el7

qemu-img

3.1.0-7.el7

qemu-kvm

3.1.0-7.el7

qemu-kvm-core

3.1.0-7.el7

qemu-system-x86

3.1.0-7.el7

qemu-system-x86-core

3.1.0-7.el7

Связанные CVE

CVE-2020-1711
CVE-2019-14378
CVE-2019-12068

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2020:1538-1

suse-cvrf
около 5 лет назад

Security update for qemu

suse-cvrf логотип

SUSE-SU-2020:1526-1

suse-cvrf
около 5 лет назад

Security update for qemu

suse-cvrf логотип

SUSE-SU-2020:1514-1

suse-cvrf
около 5 лет назад

Security update for qemu

ubuntu логотип

CVE-2020-1711

CVSS3: 7.7
ubuntu
больше 5 лет назад

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

redhat логотип

CVE-2020-1711

CVSS3: 6
redhat
больше 5 лет назад

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.