FEDORA-2019-88a98ce795

security update in Fedora 29 for qemu

Status: stable 5 months ago

CVE-2018-19364: 9pfs: use-after-free (bz #1651359) CVE-2018-19489: 9pfs: use-after-free renaming files (bz #1653157) CVE-2018-16867: usb-mtp: path traversal issue (bz #1656746) CVE-2018-16872: usb-mtp: path traversal issue (bz #1659150) CVE-2018-20191: pvrdma: uar_read leads to NULL deref (bz #1660315) CVE-2019-6778: slirp: heap buffer overflow (bz #1669072) CVE-2019-3812: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure (bz #1678081)

Comments 9

This update has been submitted for testing by crobinso.

This update has been pushed to testing.

LGTM.

karma: +1 critpath: +1

Works great! LGTM! =)

karma: +1
karma: +1 critpath: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

No regressions noted.

karma: +1 critpath: +1

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 5 months ago
in testing 5 months ago
in stable 5 months ago

Related Bugs 7

00 #1651359 CVE-2018-19364 qemu: 9pfs: Use-after-free due to race condition while updating fid path [fedora-all]
00 #1653157 CVE-2018-19489 qemu: 9pfs: use-after-free due to race condition in renaming files [fedora-all]
00 #1656746 CVE-2018-16867 qemu: path traversal in usb_mtp_write_data in hw/usb/dev-mtp.c of the Media Transfer Protocol (MTP) [fedora-all]
00 #1659150 CVE-2018-16872 qemu: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) [fedora-all]
00 #1660315 CVE-2018-20191 qemu: pvrdma: uar_read leads to NULL dereference [fedora-all]
00 #1669072 CVE-2019-6778 qemu: slirp: heap buffer overflow in tcp_emu() [fedora-all]
00 #1678081 CVE-2019-3812 qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure [fedora-all]

Automated Test Results