SCIENTIFIC-LINUX-ERRATA Archives

December 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: qemu-kvm on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 1 Dec 2017 17:12:00 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (32 lines) 
Synopsis:          Moderate: qemu-kvm security update
Advisory ID:       SLSA-2017:3368-1
Issue Date:        2017-11-30
CVE Numbers:       CVE-2017-14167
                   CVE-2017-15289
--

Security Fix(es):

* Quick Emulator (QEMU), compiled with the PC System Emulator with
multiboot feature support, is vulnerable to an OOB r/w memory access
issue. The issue could occur due to an integer overflow while loading a
kernel image during a guest boot. A user or process could use this flaw to
potentially achieve arbitrary code execution on a host. (CVE-2017-14167)

* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator
support, is vulnerable to an OOB write access issue. The issue could occur
while writing to VGA memory via mode4and5 write functions. A privileged
user inside guest could use this flaw to crash the QEMU process resulting
in Denial of Serivce (DoS). (CVE-2017-15289)
--

SL7
  x86_64
    qemu-img-1.5.3-141.el7_4.4.x86_64.rpm
    qemu-kvm-1.5.3-141.el7_4.4.x86_64.rpm
    qemu-kvm-common-1.5.3-141.el7_4.4.x86_64.rpm
    qemu-kvm-debuginfo-1.5.3-141.el7_4.4.x86_64.rpm
    qemu-kvm-tools-1.5.3-141.el7_4.4.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2