logo
DATABASE RESOURCES PRICING ABOUT US

Important: qemu

Description

**Issue Overview:** A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. (CVE-2018-20815) hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. (CVE-2019-5008) Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) **Affected Packages:** qemu **Issue Correction:** Run _yum update qemu_ to update your system. **New Packages:** aarch64:     qemu-3.1.0-7.amzn2.0.1.aarch64     qemu-common-3.1.0-7.amzn2.0.1.aarch64     qemu-guest-agent-3.1.0-7.amzn2.0.1.aarch64     qemu-img-3.1.0-7.amzn2.0.1.aarch64     ivshmem-tools-3.1.0-7.amzn2.0.1.aarch64     qemu-block-curl-3.1.0-7.amzn2.0.1.aarch64     qemu-block-dmg-3.1.0-7.amzn2.0.1.aarch64     qemu-block-iscsi-3.1.0-7.amzn2.0.1.aarch64     qemu-block-nfs-3.1.0-7.amzn2.0.1.aarch64     qemu-block-rbd-3.1.0-7.amzn2.0.1.aarch64     qemu-block-ssh-3.1.0-7.amzn2.0.1.aarch64     qemu-audio-alsa-3.1.0-7.amzn2.0.1.aarch64     qemu-audio-oss-3.1.0-7.amzn2.0.1.aarch64     qemu-audio-pa-3.1.0-7.amzn2.0.1.aarch64     qemu-audio-sdl-3.1.0-7.amzn2.0.1.aarch64     qemu-ui-curses-3.1.0-7.amzn2.0.1.aarch64     qemu-ui-gtk-3.1.0-7.amzn2.0.1.aarch64     qemu-ui-sdl-3.1.0-7.amzn2.0.1.aarch64     qemu-kvm-3.1.0-7.amzn2.0.1.aarch64     qemu-kvm-core-3.1.0-7.amzn2.0.1.aarch64     qemu-user-3.1.0-7.amzn2.0.1.aarch64     qemu-user-binfmt-3.1.0-7.amzn2.0.1.aarch64     qemu-user-static-3.1.0-7.amzn2.0.1.aarch64     qemu-system-aarch64-3.1.0-7.amzn2.0.1.aarch64     qemu-system-aarch64-core-3.1.0-7.amzn2.0.1.aarch64     qemu-system-x86-3.1.0-7.amzn2.0.1.aarch64     qemu-system-x86-core-3.1.0-7.amzn2.0.1.aarch64     qemu-debuginfo-3.1.0-7.amzn2.0.1.aarch64 i686:     qemu-3.1.0-7.amzn2.0.1.i686     qemu-common-3.1.0-7.amzn2.0.1.i686     qemu-guest-agent-3.1.0-7.amzn2.0.1.i686     qemu-img-3.1.0-7.amzn2.0.1.i686     ivshmem-tools-3.1.0-7.amzn2.0.1.i686     qemu-block-curl-3.1.0-7.amzn2.0.1.i686     qemu-block-dmg-3.1.0-7.amzn2.0.1.i686     qemu-block-iscsi-3.1.0-7.amzn2.0.1.i686     qemu-block-nfs-3.1.0-7.amzn2.0.1.i686     qemu-block-ssh-3.1.0-7.amzn2.0.1.i686     qemu-audio-alsa-3.1.0-7.amzn2.0.1.i686     qemu-audio-oss-3.1.0-7.amzn2.0.1.i686     qemu-audio-pa-3.1.0-7.amzn2.0.1.i686     qemu-audio-sdl-3.1.0-7.amzn2.0.1.i686     qemu-ui-curses-3.1.0-7.amzn2.0.1.i686     qemu-ui-gtk-3.1.0-7.amzn2.0.1.i686     qemu-ui-sdl-3.1.0-7.amzn2.0.1.i686     qemu-kvm-3.1.0-7.amzn2.0.1.i686     qemu-kvm-core-3.1.0-7.amzn2.0.1.i686     qemu-user-3.1.0-7.amzn2.0.1.i686     qemu-user-binfmt-3.1.0-7.amzn2.0.1.i686     qemu-user-static-3.1.0-7.amzn2.0.1.i686     qemu-system-aarch64-3.1.0-7.amzn2.0.1.i686     qemu-system-aarch64-core-3.1.0-7.amzn2.0.1.i686     qemu-system-x86-3.1.0-7.amzn2.0.1.i686     qemu-system-x86-core-3.1.0-7.amzn2.0.1.i686     qemu-debuginfo-3.1.0-7.amzn2.0.1.i686 src:     qemu-3.1.0-7.amzn2.0.1.src x86_64:     qemu-3.1.0-7.amzn2.0.1.x86_64     qemu-common-3.1.0-7.amzn2.0.1.x86_64     qemu-guest-agent-3.1.0-7.amzn2.0.1.x86_64     qemu-img-3.1.0-7.amzn2.0.1.x86_64     ivshmem-tools-3.1.0-7.amzn2.0.1.x86_64     qemu-block-curl-3.1.0-7.amzn2.0.1.x86_64     qemu-block-dmg-3.1.0-7.amzn2.0.1.x86_64     qemu-block-iscsi-3.1.0-7.amzn2.0.1.x86_64     qemu-block-nfs-3.1.0-7.amzn2.0.1.x86_64     qemu-block-rbd-3.1.0-7.amzn2.0.1.x86_64     qemu-block-ssh-3.1.0-7.amzn2.0.1.x86_64     qemu-audio-alsa-3.1.0-7.amzn2.0.1.x86_64     qemu-audio-oss-3.1.0-7.amzn2.0.1.x86_64     qemu-audio-pa-3.1.0-7.amzn2.0.1.x86_64     qemu-audio-sdl-3.1.0-7.amzn2.0.1.x86_64     qemu-ui-curses-3.1.0-7.amzn2.0.1.x86_64     qemu-ui-gtk-3.1.0-7.amzn2.0.1.x86_64     qemu-ui-sdl-3.1.0-7.amzn2.0.1.x86_64     qemu-kvm-3.1.0-7.amzn2.0.1.x86_64     qemu-kvm-core-3.1.0-7.amzn2.0.1.x86_64     qemu-user-3.1.0-7.amzn2.0.1.x86_64     qemu-user-binfmt-3.1.0-7.amzn2.0.1.x86_64     qemu-user-static-3.1.0-7.amzn2.0.1.x86_64     qemu-system-aarch64-3.1.0-7.amzn2.0.1.x86_64     qemu-system-aarch64-core-3.1.0-7.amzn2.0.1.x86_64     qemu-system-x86-3.1.0-7.amzn2.0.1.x86_64     qemu-system-x86-core-3.1.0-7.amzn2.0.1.x86_64     qemu-debuginfo-3.1.0-7.amzn2.0.1.x86_64 ### Additional References Red Hat: [CVE-2018-20815](<https://access.redhat.com/security/cve/CVE-2018-20815>), [CVE-2019-12155](<https://access.redhat.com/security/cve/CVE-2019-12155>), [CVE-2019-5008](<https://access.redhat.com/security/cve/CVE-2019-5008>), [CVE-2019-9824](<https://access.redhat.com/security/cve/CVE-2019-9824>) Mitre: [CVE-2018-20815](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20815>), [CVE-2019-12155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12155>), [CVE-2019-5008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5008>), [CVE-2019-9824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9824>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 qemu 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-common 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-guest-agent 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-img 3.1.0-7.amzn2.0.1
Amazon Linux 2 ivshmem-tools 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-curl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-dmg 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-iscsi 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-nfs 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-rbd 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-ssh 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-alsa 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-oss 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-pa 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-sdl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-curses 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-gtk 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-sdl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-kvm 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-kvm-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user-binfmt 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user-static 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-aarch64 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-aarch64-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-x86 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-x86-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-debuginfo 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-common 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-guest-agent 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-img 3.1.0-7.amzn2.0.1
Amazon Linux 2 ivshmem-tools 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-curl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-dmg 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-iscsi 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-nfs 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-ssh 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-alsa 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-oss 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-pa 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-sdl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-curses 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-gtk 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-sdl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-kvm 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-kvm-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user-binfmt 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user-static 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-aarch64 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-aarch64-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-x86 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-x86-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-debuginfo 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-common 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-guest-agent 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-img 3.1.0-7.amzn2.0.1
Amazon Linux 2 ivshmem-tools 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-curl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-dmg 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-iscsi 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-nfs 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-rbd 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-block-ssh 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-alsa 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-oss 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-pa 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-audio-sdl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-curses 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-gtk 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-ui-sdl 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-kvm 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-kvm-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user-binfmt 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-user-static 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-aarch64 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-aarch64-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-x86 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-system-x86-core 3.1.0-7.amzn2.0.1
Amazon Linux 2 qemu-debuginfo 3.1.0-7.amzn2.0.1

Related