qemu-kvm security update

2019-07-3000:00:00

linux.oracle.com

159

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

17.5%

JSON

[1.5.3-160.el7_6.3]

kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1669067]
kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669067]
kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669067]
kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669067]
Resolves: bz#1669067
(CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z])

OSVersionArchitecturePackageVersionFilename
oracle linux7srcqemu-kvm< 1.5.3-160.el7_6.3qemu-kvm-1.5.3-160.el7_6.3.src.rpm
oracle linux7x86_64qemu-img< 1.5.3-160.el7_6.3qemu-img-1.5.3-160.el7_6.3.x86_64.rpm
oracle linux7x86_64qemu-kvm< 1.5.3-160.el7_6.3qemu-kvm-1.5.3-160.el7_6.3.x86_64.rpm
oracle linux7x86_64qemu-kvm-common< 1.5.3-160.el7_6.3qemu-kvm-common-1.5.3-160.el7_6.3.x86_64.rpm
oracle linux7x86_64qemu-kvm-tools< 1.5.3-160.el7_6.3qemu-kvm-tools-1.5.3-160.el7_6.3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	qemu-kvm	< 1.5.3-160.el7_6.3	qemu-kvm-1.5.3-160.el7_6.3.src.rpm
oracle linux	7	x86_64	qemu-img	< 1.5.3-160.el7_6.3	qemu-img-1.5.3-160.el7_6.3.x86_64.rpm
oracle linux	7	x86_64	qemu-kvm	< 1.5.3-160.el7_6.3	qemu-kvm-1.5.3-160.el7_6.3.x86_64.rpm
oracle linux	7	x86_64	qemu-kvm-common	< 1.5.3-160.el7_6.3	qemu-kvm-common-1.5.3-160.el7_6.3.x86_64.rpm
oracle linux	7	x86_64	qemu-kvm-tools	< 1.5.3-160.el7_6.3	qemu-kvm-tools-1.5.3-160.el7_6.3.x86_64.rpm