安全公告详情

NS-SA-2020-0019

2020-03-04 10:24:28

简介

important: qemu-kvm/openssl security update

严重级别

important

主题

An update for qemu-kvm/openssl is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

qemu-kvm: This package provides a qemu guest agent daemon to be running inside of linux guests to provide the guest information.
openssl: The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.


Security Fix(es):
qemu-kvm: A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process.(CVE-2018-11806)
qemu-kvm: An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario.(CVE-2018-10839)
qemu-kvm: An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS.(CVE-2018-17962)
qemu-kvm: A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process.(CVE-2019-6778)
qemu-kvm: interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.(CVE-2019-12155)
qemu-kvm: bugfix
openssl: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).(CVE-2019-1559)
openssl: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F17.

影响组件

  • qemu-kvm
  • openssl

影响产品

  • CGSL MAIN 4.05

更新包

{"fix":[{"product":"CGSL MAIN 4.05","pkgs":[{"binary":["qemu-guest-agent-0.12.1.2-2.506.el6_10.5.x86_64.rpm","qemu-img-0.12.1.2-2.506.el6_10.5.x86_64.rpm","qemu-kvm-0.12.1.2-2.506.el6_10.5.x86_64.rpm","qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.5.x86_64.rpm","qemu-kvm-tools-0.12.1.2-2.506.el6_10.5.x86_64.rpm"],"source":"qemu-kvm-0.12.1.2-2.506.el6_10.5.src.rpm"},{"binary":["openssl-1.0.1e-58.el6_10.x86_64.rpm","openssl-debuginfo-1.0.1e-58.el6_10.x86_64.rpm","openssl-devel-1.0.1e-58.el6_10.x86_64.rpm","openssl-perl-1.0.1e-58.el6_10.x86_64.rpm","openssl-static-1.0.1e-58.el6_10.x86_64.rpm"],"source":"openssl-1.0.1e-58.el6_10.src.rpm"}]}]}

CVE

参考