Synopsis: Low: qemu-kvm security, bug fix, and enhancement update
Advisory ID: SLSA-2018:0816-1
Issue Date: 2018-04-10
CVE Numbers: CVE-2017-13711
CVE-2017-13672
CVE-2017-15268
CVE-2017-15124
CVE-2018-5683
—
Security Fix(es):
* Qemu: vga: OOB read access during display update (CVE-2017-13672)
* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)
* Qemu: memory exhaustion through framebuffer update request message in
VNC server (CVE-2017-15124)
* Qemu: I/O: potential memory exhaustion via websock connection to VNC
(CVE-2017-15268)
* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)
Additional Changes:
—
SL7
x86_64
qemu-img-1.5.3-156.el7.x86_64.rpm
qemu-kvm-1.5.3-156.el7.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7.x86_64.rpm
– Scientific Linux Development Team
