FEDORA-2017-9149114fba

security update in Fedora 26 for qemu

Status: stable 2 years ago
  • Fix usb3 drive issues with windows guests (bz #1493196)
  • CVE-2017-15038: 9p: information disclosure when reading extended attributes (bz #1499111)
  • CVE-2017-15268: potential memory exhaustion via websock connection to VNC (bz #1496882)
  • CVE-2017-14167: multiboot OOB access while loading kernel image (bz #1489376)
  • CVE-2017-13672: vga: OOB read access during display update (bz #1486561)
  • CVE-2017-12809: flushing of empty CDROM drives leads to NULL deref (bz #1483536)
  • CVE-2017-11434 slirp: out-of-bounds read while parsing dhcp options (bz #1472612)
  • Fix sending multimedia keys through spice (bz #1471758)
  • Another ppc64le binfmt fix (bz #1500526)

How to install

sudo dnf upgrade --advisory=FEDORA-2017-9149114fba

Comments 15

This update has been submitted for testing by crobinso.

No regressions noted.

karma: +1 critpath: +1

This update has been pushed to testing.

works for me in a VM

karma: +1

WFM

karma: +1 critpath: +1

Seems to work in a VM.

karma: +1

no regressions noted

karma: +1

Works

karma: +1

Looks good to me.

karma: +1 critpath: +1

my VM works

karma: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

This update has been submitted for stable by crobinso.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+8
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 15

0+1 #1471758 Keys to control audio are not forwarded to the guest
00 #1472611 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options
00 #1472612 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options [fedora-all]
00 #1483534 CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference
00 #1483536 CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference [fedora-all]
00 #1486560 CVE-2017-13672 Qemu: vga: OOB read access during display update
00 #1486561 CVE-2017-13672 Qemu: vga: OOB read access during display update [fedora-all]
00 #1489375 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading kernel image
00 #1489376 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading kernel image [fedora-all]
00 #1493196 USB 3.0 drive is not accessible in Windows guest under kvm/qemu
00 #1496879 CVE-2017-15268 Qemu: I/O: potential memory exhaustion via websock connection to VNC
00 #1496882 CVE-2017-15268. qemu: CVE-2017-15268. . Qemu: I/O: potential memory exhaustion via websock connection to VNC [fedora-all]
00 #1499110 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes
00 #1499111 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes [fedora-all]
00 #1500526 binfmt config for ppc64le is incorrect

Automated Test Results