Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2019:2425
HistoryAug 09, 2019 - 12:35 a.m.

(RHSA-2019:2425) Important: qemu-kvm-rhev security and bug fix update

2019-08-0900:35:44
access.redhat.com
113

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

  • QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)

  • QEMU: rtl8139: integer overflow leads to buffer overflow (CVE-2018-17958)

  • QEMU: net: ignore packets with large size (CVE-2018-17963)

  • QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746)

  • QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501)

  • QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Update qemu-kvm-rhev for RHEL 7.7 compatibility [OSP-14] (BZ#1728358)

  • Update qemu-kvm-rhev for RHEL 7.7 compatibility [OSP-13] (BZ#1728359)

  • Update qemu-kvm-rhev for RHEL 7.7 compatibility [OSP-10] (BZ#1728360)

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64leqemu-img-rhev< 2.12.0-33.el7qemu-img-rhev-2.12.0-33.el7.ppc64le.rpm
RedHat7x86_64qemu-kvm-rhev< 2.12.0-33.el7qemu-kvm-rhev-2.12.0-33.el7.x86_64.rpm
RedHat7x86_64qemu-img-rhev< 2.12.0-33.el7qemu-img-rhev-2.12.0-33.el7.x86_64.rpm
RedHat7ppc64leqemu-kvm-rhev-debuginfo< 2.12.0-33.el7qemu-kvm-rhev-debuginfo-2.12.0-33.el7.ppc64le.rpm
RedHat7x86_64qemu-kvm-tools-rhev< 2.12.0-33.el7qemu-kvm-tools-rhev-2.12.0-33.el7.x86_64.rpm
RedHat7ppc64leqemu-kvm-common-rhev< 2.12.0-33.el7qemu-kvm-common-rhev-2.12.0-33.el7.ppc64le.rpm
RedHat7x86_64qemu-kvm-common-rhev< 2.12.0-33.el7qemu-kvm-common-rhev-2.12.0-33.el7.x86_64.rpm
RedHat7x86_64qemu-kvm-rhev-debuginfo< 2.12.0-33.el7qemu-kvm-rhev-debuginfo-2.12.0-33.el7.x86_64.rpm
RedHat7ppc64leqemu-kvm-tools-rhev< 2.12.0-33.el7qemu-kvm-tools-rhev-2.12.0-33.el7.ppc64le.rpm
RedHat7ppc64leqemu-kvm-rhev< 2.12.0-33.el7qemu-kvm-rhev-2.12.0-33.el7.ppc64le.rpm

Related

redhat 10
nessus 66
openvas 35
suse 5
oraclelinux 8
fedora 5
osv 12
cve 7
prion 6
veracode 6
ubuntucve 6
redhatcve 6
debiancve 6
centos 4
ibm 1
f5 2
debian 5
gentoo 1
amazon 4
citrix 1
rocky 1
almalinux 1
ubuntu 1
redhat
redhat
(RHSA-2019:2166) Moderate: qemu-kvm-ma security and bug fix update
2019-08-06 08:09:06
(RHSA-2019:2553) Important: qemu-kvm-rhev security, bug fix, and enhancement update
2019-08-22 09:08:03
(RHSA-2019:2078) Low: qemu-kvm security, bug fix, and enhancement update
2019-08-06 07:58:28
nessus
nessus
RHEL 7 : qemu-kvm-ma (RHSA-2019:2166)
2019-08-12 00:00:00
SUSE SLES11 Security Update : xen (SUSE-SU-2019:14001-1)
2019-04-02 00:00:00
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:0891-1)
2019-04-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:14001-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0891-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4147-1)
2018-12-18 00:00:00
suse
suse
Security update for qemu (moderate)
2018-12-16 00:09:23
Security update for qemu (important)
2018-12-07 12:23:09
Security update for xen (important)
2019-04-17 00:00:00
oraclelinux
oraclelinux
qemu-kvm security, bug fix, and enhancement update
2019-08-13 00:00:00
qemu security update
2018-10-29 00:00:00
qemu-kvm security update
2019-07-02 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29
2018-12-04 03:05:00
[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29
2019-03-25 06:10:52
[SECURITY] Fedora 30 Update: qemu-3.1.0-6.fc30
2019-03-28 17:41:26
osv
osv
CVE-2018-17958
2018-10-09 22:29:00
CVE-2018-15746
2018-08-29 19:29:00
CVE-2018-17963
2018-10-09 22:29:01
cve
cve
CVE-2018-17958
2018-10-09 22:29:00
CVE-2018-17963
2018-10-09 22:29:00
CVE-2018-15746
2018-08-29 19:29:00
prion
prion
Code injection
2018-10-09 22:29:00
Design/Logic Flaw
2018-08-29 19:29:00
Information disclosure
2019-06-03 21:29:00
veracode
veracode
Denial Of Service (Dos)
2019-08-10 00:07:07
Denial Of Service (Dos)
2019-08-10 00:07:07
Denial Of Service (Dos)
2019-08-10 00:07:07
ubuntucve
ubuntucve
CVE-2018-17963
2018-10-09 00:00:00
CVE-2018-15746
2018-08-29 00:00:00
CVE-2018-17958
2018-10-09 00:00:00
redhatcve
redhatcve
CVE-2018-15746
2019-11-01 10:12:21
CVE-2018-17958
2019-10-16 06:35:39
CVE-2018-17963
2019-10-09 05:56:50
debiancve
debiancve
CVE-2018-17958
2018-10-09 22:29:00
CVE-2018-17963
2018-10-09 22:29:00
CVE-2018-15746
2018-08-29 19:29:00
centos
centos
qemu security update
2019-07-03 17:01:43
qemu security update
2019-08-30 04:04:53
qemu security update
2019-07-31 13:40:38
ibm
ibm
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Open Source vulnerabilities
2020-01-10 08:06:20
f5
f5
K17520069 : QEMU 3.0.0 heap-based buffer overflow CVE-2019-6778
2020-12-21 00:00:00
K29103455 : QEMU 3.0.0 vulnerability CVE-2019-9824
2020-12-19 00:00:00
debian
debian
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
[SECURITY] [DSA 4338-1] qemu security update
2018-11-11 17:59:48
[SECURITY] [DLA 1646-1] qemu security update
2019-01-29 17:32:19
gentoo
gentoo
QEMU: Multiple vulnerabilities
2019-04-24 00:00:00
amazon
amazon
Important: qemu
2020-07-21 16:34:00
Important: qemu-kvm
2020-07-27 23:58:00
Important: qemu-kvm
2020-07-14 20:27:00
citrix
citrix
Citrix Hypervisor Security Update
2020-08-24 04:00:00
rocky
rocky
virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
almalinux
almalinux
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
ubuntu
ubuntu
QEMU vulnerabilities
2018-11-26 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON
Related for RHSA-2019:2425
redhat10nessus66openvas35suse5oraclelinux8fedora5osv12cve7prion6veracode6ubuntucve6redhatcve6debiancve6centos4ibm1f52debian5gentoo1amazon4citrix1rocky1almalinux1ubuntu1