安全公告详情

NS-SA-2022-0072

2022-05-08 20:54:47

简介

moderate: NetworkManager/qemu security update

严重级别

moderate

主题

An update for NetworkManager/qemu is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

NetworkManager: This package provides debug information for package NetworkManager-ppp. Debug information is useful when developing applications that use this package or when debugging this package.
qemu: This package provides debug information for package qemu-img. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
NetworkManager: An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings.(CVE-2020-13529)
NetworkManager: bugfix
qemu: A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service.(CVE-2019-15890)
qemu: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.80CP2B9.

影响组件

  • NetworkManager
  • qemu

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["NetworkManager-ppp-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-bluetooth-1.32.10-4.el8.x86_64.rpm","NetworkManager-team-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-ppp-1.32.10-4.el8.x86_64.rpm","NetworkManager-wifi-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-dispatcher-routing-rules-1.32.10-4.el8.noarch.rpm","NetworkManager-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-cloud-setup-1.32.10-4.el8.x86_64.rpm","NetworkManager-libnm-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-config-connectivity-redhat-1.32.10-4.el8.noarch.rpm","NetworkManager-wwan-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-cloud-setup-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-wwan-1.32.10-4.el8.x86_64.rpm","NetworkManager-tui-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-config-server-1.32.10-4.el8.noarch.rpm","NetworkManager-1.32.10-4.el8.x86_64.rpm","NetworkManager-wifi-1.32.10-4.el8.x86_64.rpm","NetworkManager-ovs-1.32.10-4.el8.x86_64.rpm","NetworkManager-bluetooth-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-libnm-1.32.10-4.el8.x86_64.rpm","NetworkManager-debugsource-1.32.10-4.el8.x86_64.rpm","NetworkManager-adsl-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-adsl-1.32.10-4.el8.x86_64.rpm","NetworkManager-ovs-debuginfo-1.32.10-4.el8.x86_64.rpm","NetworkManager-tui-1.32.10-4.el8.x86_64.rpm","NetworkManager-team-1.32.10-4.el8.x86_64.rpm","NetworkManager-libnm-devel-1.32.10-4.el8.x86_64.rpm"],"source":"NetworkManager-1.32.10-4.el8.src.rpm"},{"binary":["qemu-block-gluster-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-kvm-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-block-iscsi-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-img-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-debuginfo-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-guest-agent-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-tools-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-debugsource-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-block-ssh-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-block-curl-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-common-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-img-debuginfo-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-guest-agent-debuginfo-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-common-debuginfo-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-block-dmg-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm","qemu-block-rbd-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.x86_64.rpm"],"source":"qemu-4.1.0-2.el8.cgslv6_2.209.3.gf3409af5b.src.rpm"}]}]}

CVE

参考