Lucene search
OracleLinuxELSA-2019-2892HistorySep 24, 2019 - 12:00 a.m.
qemu-kvm security update
2019-09-2400:00:00
linux.oracle.com
43
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
[0.12.1.2-2.506.el6_10.5]
- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669066]
- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669066]
- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669066]
- kvm-qxl-check-release-info-object.patch [bz#1712728]
- kvm-net-Use-iov-helper-functions.patch [bz#1636415]
- kvm-net-increase-buffer-size-to-accommodate-Jumbo-frame-.patch [bz#1636415]
- kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636415]
- kvm-net-drop-too-large-packet-early.patch [bz#1636415]
- kvm-PATCH-slirp-fix-buffer-overrun.patch [bz#1586251]
- kvm-Fix-build-from-previous-commit.patch [bz#1586251]
- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586251]
- kvm-slirp-Convert-mbufs-to-use-g_malloc-and-g_free.patch [bz#1586251]
- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586251]
- kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636774]
- Resolves: bz#1586251
(CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-6.10.z]) - Resolves: bz#1636415
(CVE-2018-10839 qemu-kvm: Qemu: ne2000: integer overflow leads to buffer overflow issue [rhel-6]) - Resolves: bz#1636774
(CVE-2018-17962 qemu-kvm: Qemu: pcnet: integer overflow leads to buffer overflow [rhel-6]) - Resolves: bz#1669066
(CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-6.10.z]) - Resolves: bz#1712728
(CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-6])
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 6 | src | qemu-kvm | < 0.12.1.2-2.506.el6_10.5 | qemu-kvm-0.12.1.2-2.506.el6_10.5.src.rpm |
| oracle linux | 6 | i686 | qemu-guest-agent | < 0.12.1.2-2.506.el6_10.5 | qemu-guest-agent-0.12.1.2-2.506.el6_10.5.i686.rpm |
| oracle linux | 6 | src | qemu-kvm | < 0.12.1.2-2.506.el6_10.5 | qemu-kvm-0.12.1.2-2.506.el6_10.5.src.rpm |
| oracle linux | 6 | x86_64 | qemu-guest-agent | < 0.12.1.2-2.506.el6_10.5 | qemu-guest-agent-0.12.1.2-2.506.el6_10.5.x86_64.rpm |
| oracle linux | 6 | x86_64 | qemu-img | < 0.12.1.2-2.506.el6_10.5 | qemu-img-0.12.1.2-2.506.el6_10.5.x86_64.rpm |
| oracle linux | 6 | x86_64 | qemu-kvm | < 0.12.1.2-2.506.el6_10.5 | qemu-kvm-0.12.1.2-2.506.el6_10.5.x86_64.rpm |
| oracle linux | 6 | x86_64 | qemu-kvm-tools | < 0.12.1.2-2.506.el6_10.5 | qemu-kvm-tools-0.12.1.2-2.506.el6_10.5.x86_64.rpm |
Related
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2019:2892)
2019-09-25 00:00:00
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20190924)
2019-09-25 00:00:00
redhat
redhat
(RHSA-2019:2892) Important: qemu-kvm security update
2019-09-24 12:48:33
(RHSA-2019:2607) Low: qemu-kvm security update
2019-09-03 13:20:18
(RHSA-2019:1883) Important: qemu-kvm security update
2019-07-29 12:48:42
openvas
openvas
CentOS Update for qemu-guest-agent CESA-2019:2892 centos6
2019-10-01 00:00:00
Debian: Security Advisory (DSA-4338-1)
2018-11-10 00:00:00
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1368)
2020-01-23 00:00:00
centos
centos
qemu security update
2019-09-27 12:14:41
qemu security update
2019-09-18 18:53:46
qemu security update
2019-07-31 13:40:38
osv
osv
qemu - security update
2018-11-11 00:00:00
CVE-2018-10839
2018-10-16 14:29:01
CVE-2018-17962
2018-10-09 22:29:00
debian
debian
[SECURITY] [DSA 4338-1] qemu security update
2018-11-11 17:59:48
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
[SECURITY] [DLA 1694-1] qemu security update
2019-02-28 08:42:29
debiancve
debiancve
prion
prion
Buffer overflow
2018-10-09 22:29:00
Integer overflow
2018-10-16 14:29:00
Null pointer dereference
2019-05-24 16:29:00
f5
f5
K48641455 : QEMU buffer-overflow vulnerability CVE-2018-17962
2021-01-06 00:00:00
K75042242 : QEMU 4.0 vulnerability CVE-2019-12155
2020-12-21 00:00:00
K17520069 : QEMU 3.0.0 heap-based buffer overflow CVE-2019-6778
2020-12-21 00:00:00
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2019-09-25 00:45:50
Denial Of Service (DoS)
2019-09-25 00:45:49
Denial Of Service (DoS)
2019-09-04 00:09:43
ubuntucve
ubuntucve
cve
cve
oraclelinux
oraclelinux
qemu security update
2018-10-29 00:00:00
qemu-kvm security update
2019-07-30 00:00:00
qemu-kvm security update
2019-09-04 00:00:00
suse
suse
Security update for qemu (moderate)
2018-12-16 00:09:23
Security update for qemu (important)
2018-12-07 12:23:09
Security update for qemu (important)
2019-09-03 00:00:00
zdi
zdi
ubuntu
ubuntu
QEMU vulnerabilities
2018-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29
2018-12-04 03:05:00
[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29
2019-03-25 06:10:52
[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29
2019-07-09 02:25:09
amazon
amazon
Important: qemu-kvm
2018-09-05 19:33:00
Important: qemu-kvm
2018-09-12 22:19:00
rocky
rocky
virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
almalinux
almalinux
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related for ELSA-2019-2892