Lucene search
AmazonALAS2-2020-1485HistorySep 01, 2020 - 12:40 a.m.
Medium: qemu
2020-09-0100:40:00
alas.aws.amazon.com
24
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
22.3%
Issue Overview:
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host, resulting in a denial of service. (CVE-2020-1983)
Affected Packages:
qemu
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qemu to update your system.
New Packages:
aarch64:
qemu-3.1.0-8.amzn2.0.4.aarch64
qemu-common-3.1.0-8.amzn2.0.4.aarch64
qemu-guest-agent-3.1.0-8.amzn2.0.4.aarch64
qemu-img-3.1.0-8.amzn2.0.4.aarch64
ivshmem-tools-3.1.0-8.amzn2.0.4.aarch64
qemu-block-curl-3.1.0-8.amzn2.0.4.aarch64
qemu-block-dmg-3.1.0-8.amzn2.0.4.aarch64
qemu-block-iscsi-3.1.0-8.amzn2.0.4.aarch64
qemu-block-nfs-3.1.0-8.amzn2.0.4.aarch64
qemu-block-rbd-3.1.0-8.amzn2.0.4.aarch64
qemu-block-ssh-3.1.0-8.amzn2.0.4.aarch64
qemu-audio-alsa-3.1.0-8.amzn2.0.4.aarch64
qemu-audio-oss-3.1.0-8.amzn2.0.4.aarch64
qemu-audio-pa-3.1.0-8.amzn2.0.4.aarch64
qemu-audio-sdl-3.1.0-8.amzn2.0.4.aarch64
qemu-ui-curses-3.1.0-8.amzn2.0.4.aarch64
qemu-ui-gtk-3.1.0-8.amzn2.0.4.aarch64
qemu-ui-sdl-3.1.0-8.amzn2.0.4.aarch64
qemu-kvm-3.1.0-8.amzn2.0.4.aarch64
qemu-kvm-core-3.1.0-8.amzn2.0.4.aarch64
qemu-user-3.1.0-8.amzn2.0.4.aarch64
qemu-user-binfmt-3.1.0-8.amzn2.0.4.aarch64
qemu-user-static-3.1.0-8.amzn2.0.4.aarch64
qemu-system-aarch64-3.1.0-8.amzn2.0.4.aarch64
qemu-system-aarch64-core-3.1.0-8.amzn2.0.4.aarch64
qemu-system-x86-3.1.0-8.amzn2.0.4.aarch64
qemu-system-x86-core-3.1.0-8.amzn2.0.4.aarch64
qemu-debuginfo-3.1.0-8.amzn2.0.4.aarch64
i686:
qemu-3.1.0-8.amzn2.0.4.i686
qemu-common-3.1.0-8.amzn2.0.4.i686
qemu-guest-agent-3.1.0-8.amzn2.0.4.i686
qemu-img-3.1.0-8.amzn2.0.4.i686
ivshmem-tools-3.1.0-8.amzn2.0.4.i686
qemu-block-curl-3.1.0-8.amzn2.0.4.i686
qemu-block-dmg-3.1.0-8.amzn2.0.4.i686
qemu-block-iscsi-3.1.0-8.amzn2.0.4.i686
qemu-block-nfs-3.1.0-8.amzn2.0.4.i686
qemu-block-ssh-3.1.0-8.amzn2.0.4.i686
qemu-audio-alsa-3.1.0-8.amzn2.0.4.i686
qemu-audio-oss-3.1.0-8.amzn2.0.4.i686
qemu-audio-pa-3.1.0-8.amzn2.0.4.i686
qemu-audio-sdl-3.1.0-8.amzn2.0.4.i686
qemu-ui-curses-3.1.0-8.amzn2.0.4.i686
qemu-ui-gtk-3.1.0-8.amzn2.0.4.i686
qemu-ui-sdl-3.1.0-8.amzn2.0.4.i686
qemu-kvm-3.1.0-8.amzn2.0.4.i686
qemu-kvm-core-3.1.0-8.amzn2.0.4.i686
qemu-user-3.1.0-8.amzn2.0.4.i686
qemu-user-binfmt-3.1.0-8.amzn2.0.4.i686
qemu-user-static-3.1.0-8.amzn2.0.4.i686
qemu-system-aarch64-3.1.0-8.amzn2.0.4.i686
qemu-system-aarch64-core-3.1.0-8.amzn2.0.4.i686
qemu-system-x86-3.1.0-8.amzn2.0.4.i686
qemu-system-x86-core-3.1.0-8.amzn2.0.4.i686
qemu-debuginfo-3.1.0-8.amzn2.0.4.i686
src:
qemu-3.1.0-8.amzn2.0.4.src
x86_64:
qemu-3.1.0-8.amzn2.0.4.x86_64
qemu-common-3.1.0-8.amzn2.0.4.x86_64
qemu-guest-agent-3.1.0-8.amzn2.0.4.x86_64
qemu-img-3.1.0-8.amzn2.0.4.x86_64
ivshmem-tools-3.1.0-8.amzn2.0.4.x86_64
qemu-block-curl-3.1.0-8.amzn2.0.4.x86_64
qemu-block-dmg-3.1.0-8.amzn2.0.4.x86_64
qemu-block-iscsi-3.1.0-8.amzn2.0.4.x86_64
qemu-block-nfs-3.1.0-8.amzn2.0.4.x86_64
qemu-block-rbd-3.1.0-8.amzn2.0.4.x86_64
qemu-block-ssh-3.1.0-8.amzn2.0.4.x86_64
qemu-audio-alsa-3.1.0-8.amzn2.0.4.x86_64
qemu-audio-oss-3.1.0-8.amzn2.0.4.x86_64
qemu-audio-pa-3.1.0-8.amzn2.0.4.x86_64
qemu-audio-sdl-3.1.0-8.amzn2.0.4.x86_64
qemu-ui-curses-3.1.0-8.amzn2.0.4.x86_64
qemu-ui-gtk-3.1.0-8.amzn2.0.4.x86_64
qemu-ui-sdl-3.1.0-8.amzn2.0.4.x86_64
qemu-kvm-3.1.0-8.amzn2.0.4.x86_64
qemu-kvm-core-3.1.0-8.amzn2.0.4.x86_64
qemu-user-3.1.0-8.amzn2.0.4.x86_64
qemu-user-binfmt-3.1.0-8.amzn2.0.4.x86_64
qemu-user-static-3.1.0-8.amzn2.0.4.x86_64
qemu-system-aarch64-3.1.0-8.amzn2.0.4.x86_64
qemu-system-aarch64-core-3.1.0-8.amzn2.0.4.x86_64
qemu-system-x86-3.1.0-8.amzn2.0.4.x86_64
qemu-system-x86-core-3.1.0-8.amzn2.0.4.x86_64
qemu-debuginfo-3.1.0-8.amzn2.0.4.x86_64
Additional References
Red Hat: CVE-2020-1983
Mitre: CVE-2020-1983
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | qemu | < 3.1.0-8.amzn2.0.4 | qemu-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-common | < 3.1.0-8.amzn2.0.4 | qemu-common-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-guest-agent | < 3.1.0-8.amzn2.0.4 | qemu-guest-agent-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-img | < 3.1.0-8.amzn2.0.4 | qemu-img-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | ivshmem-tools | < 3.1.0-8.amzn2.0.4 | ivshmem-tools-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-block-curl | < 3.1.0-8.amzn2.0.4 | qemu-block-curl-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-block-dmg | < 3.1.0-8.amzn2.0.4 | qemu-block-dmg-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-block-iscsi | < 3.1.0-8.amzn2.0.4 | qemu-block-iscsi-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-block-nfs | < 3.1.0-8.amzn2.0.4 | qemu-block-nfs-3.1.0-8.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | qemu-block-rbd | < 3.1.0-8.amzn2.0.4 | qemu-block-rbd-3.1.0-8.amzn2.0.4.aarch64.rpm |
Related
altlinux
altlinux
Security fix for the ALT Linux 9 package libslirp version 4.3.0-alt1
2020-07-22 00:00:00
nessus
nessus
Oracle Linux 8 : container-tools:ol8 (ELSA-2020-3053)
2020-08-13 00:00:00
SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1516-1)
2020-06-18 00:00:00
openSUSE Security Update : slirp4netns (openSUSE-2020-636)
2020-05-11 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:1197-1)
2021-06-09 00:00:00
Fedora: Security Advisory for libslirp (FEDORA-2020-1608d52724)
2020-05-11 00:00:00
openSUSE: Security Advisory for slirp4netns (openSUSE-SU-2020:0636-1)
2020-05-12 00:00:00
alpinelinux
alpinelinux
CVE-2020-1983
2020-04-22 20:15:00
fedora
fedora
[SECURITY] Fedora 32 Update: libslirp-4.2.0-2.fc32
2020-05-01 00:37:26
[SECURITY] Fedora 31 Update: libslirp-4.1.0-2.fc31
2020-05-09 04:12:56
prion
prion
Design/Logic Flaw
2020-04-22 20:15:00
redhatcve
redhatcve
CVE-2020-1983
2020-05-14 11:10:02
osv
osv
CVE-2020-1983
2020-04-22 20:15:11
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2020-07-21 15:01:40
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2020-07-21 15:01:40
suse
suse
Security update for slirp4netns (important)
2020-05-11 00:00:00
Security update for qemu (moderate)
2020-06-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:27:42
ubuntucve
ubuntucve
CVE-2020-1983
2020-04-22 00:00:00
cve
cve
CVE-2020-1983
2020-04-22 20:15:00
almalinux
almalinux
debiancve
debiancve
CVE-2020-1983
2020-04-22 20:15:00
redhat
redhat
(RHSA-2021:0346) Moderate: qemu-kvm-ma security update
2021-02-02 09:29:12
(RHSA-2020:3053) Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2020-07-21 15:01:40
(RHSA-2020:4290) Important: virt:8.1 and virt-devel:8.1 security update
2020-10-20 09:06:19
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2020-07-21 15:01:40
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2020-11-03 12:26:07
oraclelinux
oraclelinux
qemu-kvm security update
2020-10-08 00:00:00
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
2020-11-10 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2020-08-06 00:00:00
centos
centos
qemu security update
2020-11-06 22:05:12
debian
debian
[SECURITY] [DSA 4665-1] qemu security update
2020-04-27 17:55:43
[SECURITY] [DLA 2262-1] qemu security update
2020-06-29 20:49:03
[SECURITY] [DLA 2288-1] qemu security update
2020-07-26 11:51:28
amazon
amazon
Important: qemu-kvm
2020-11-14 01:23:00
ubuntu
ubuntu
QEMU vulnerabilities
2020-05-21 00:00:00
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
22.3%
Related for ALAS2-2020-1485