FEDORA-2019-0664c7724d — security update for qemu

qemu-3.1.0-6.fc30

FEDORA-2019-0664c7724d created by crobinso 2 years ago for Fedora 30

stable

fix crash with virgl enabled (bz #1692323)
linux-user: make pwrite64/pread64(fd, NULL, 0, offset) return 0 (bz #1174267)
Fix build with latest gluster (bz #1684298)
CVE-2018-20123: pvrdma: memory leakage in device hotplug (bz #1658964)
CVE-2018-16872: usb-mtp: path traversal issue (bz #1659150)
CVE-2018-20191: pvrdma: uar_read leads to NULL deref (bz #1660315)
CVE-2019-6501: scsi-generic: possible OOB access (bz #1669005)
CVE-2019-6778: slirp: heap buffer overflow (bz #1669072)
CVE-2019-3812: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure (bz #1678081)

How to install

sudo dnf upgrade --advisory=FEDORA-2019-0664c7724d

This update has been submitted for testing by crobinso.

2 years ago

This update has been pushed to testing.

2 years ago

mattf commented & provided feedback 2 years ago

I don't see the qemu-block-rbd error while running dnf system-upgrade in #1688117 now that 3.1.0-5.fc30 is in updates-testing. Thanks.

danniel commented & provided feedback 2 years ago

karma

works

cserpentis commented & provided feedback 2 years ago

karma

works for me in a VM

frantisekz commented & provided feedback 2 years ago

karma

Works just fine

adamwill edited this update.

New build(s):

qemu-3.1.0-6.fc30

Removed build(s):

qemu-3.1.0-5.fc30

Karma has been reset.

2 years ago

This update has been submitted for testing by adamwill.

2 years ago

adamwill commented & provided feedback 2 years ago

karma

Tested with Beta-1.8. After installing direct from the Workstation live image and not installing any updates, I can successfully run a Boxes VM booting from the same image just fine. Looks good to me.

This update has been pushed to testing.

2 years ago

frantisekz commented & provided feedback 2 years ago

karma

Works fine, I didn't spot any issues.

BZ#1692323 qemu crashes with virgl enabled on some GPUs

atim commented & provided feedback 2 years ago

karma

virgl now works even on Nvidia in virt-manager, but crashing virt-manager itself when running some Linux machines in VM. :)

This update has been submitted for batched by adamwill.

2 years ago

This update has been submitted for stable by adamwill.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

Builds

qemu-3.1.0-6.fc30

Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

2 years ago

in testing

2 years ago

in stable

2 years ago

modified

2 years ago

BZ#1174267 qemu linux-user syscall pwrite64 does not handle the case when the length of buffer is = 0

BZ#1656114 CVE-2018-16872 QEMU: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP)

BZ#1658963 CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug

BZ#1658964 CVE-2018-20123 qemu: pvrdma: memory leakage in device hotplug [fedora-all]

BZ#1659150 CVE-2018-16872 qemu: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) [fedora-all]

BZ#1660314 CVE-2018-20191 QEMU: pvrdma: uar_read leads to NULL dereference

BZ#1660315 CVE-2018-20191 qemu: pvrdma: uar_read leads to NULL dereference [fedora-all]

BZ#1664205 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu()

BZ#1665792 CVE-2019-3812 qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure

BZ#1668160 CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling inquiry request

BZ#1669005 CVE-2019-6501 qemu: scsi-generic: possible OOB access while handling inquiry request [fedora-all]

BZ#1669072 CVE-2019-6778 qemu: slirp: heap buffer overflow in tcp_emu() [fedora-all]

BZ#1678081 CVE-2019-3812 qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure [fedora-all]

BZ#1692323 qemu crashes with virgl enabled on some GPUs

qemu-3.1.0-6.fc30

How to install

Automated Test Results