important: qemu-kvm/openssl security update
An update for qemu-kvm/openssl is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
qemu-kvm: This package provides a qemu guest agent daemon to be running inside of linux guests to provide the guest information.
openssl: The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
qemu-kvm: A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process.(CVE-2018-11806)
qemu-kvm: An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario.(CVE-2018-10839)
qemu-kvm: An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS.(CVE-2018-17962)
qemu-kvm: A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process.(CVE-2019-6778)
qemu-kvm: interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.(CVE-2019-12155)
openssl: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).(CVE-2019-1559)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Remember the build tag is 4.05.F17.