FEDORA-2019-52a8f5468e

security update in Fedora 30 for qemu

Status: stable a month ago
  • CVE-2019-12155: qxl: null pointer dereference while releasing spice resources (bz #1712727, bz #1712670)
  • CVE-2019-5008: NULL pointer dereference in hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz #1705915)
  • CVE-2018-20815: device_tree: heap buffer overflow while loading device tree blob (bz #1693117, bz #1693101)
  • CVE-2019-9824: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (bz #1689794, bz #1678515)

Comments 16

This update has been submitted for testing by crobinso.

This update test gating status has been changed to 'waiting'.

This update test gating status has been changed to 'ignored'.

This update has been pushed to testing.

karma: +1 critpath: +1

+1

karma: +1 critpath: +1
karma: +1 critpath: +1

Works fine

karma: +1 critpath: +1
karma: +1 critpath: +1

my VMs in virt-manager still work fine

karma: +1 critpath: +1
karma: +1 critpath: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

karma: +1 critpath: +1
karma: +1 critpath: +1

This update has been submitted for stable by crobinso.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+8
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 months ago
in testing 2 months ago
in stable a month ago

Related Bugs 8

00 #1678515 CVE-2019-9824 QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables
00 #1689794 CVE-2019-9824 qemu: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [fedora-all]
00 #1693101 CVE-2018-20815 QEMU: device_tree: heap buffer overflow while loading device tree blob
00 #1693117 CVE-2018-20815 qemu: device_tree: heap buffer overflow while loading device tree blob [fedora-all]
00 #1705915 CVE-2019-5008 QEMU: NULL pointer dereference in hw/sparc64/sun4u.c leading to DoS
00 #1705916 CVE-2019-5008 qemu: NULL pointer dereference in hw/sparc64/sun4u.c leading to DoS [fedora-all]
00 #1712670 CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources
00 #1712727 CVE-2019-12155 qemu: qxl: null pointer dereference while releasing spice resources [fedora-all]

Automated Test Results