qemu security update

CentOS Errata and Security Advisory CESA-2020:4079

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

• QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)

• QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-November/032951.html

Affected packages:
qemu-img
qemu-kvm
qemu-kvm-common
qemu-kvm-tools

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:4079