FEDORA-2019-88a98ce795 created by crobinso 9 months ago for Fedora 29
stable

CVE-2018-19364: 9pfs: use-after-free (bz #1651359) CVE-2018-19489: 9pfs: use-after-free renaming files (bz #1653157) CVE-2018-16867: usb-mtp: path traversal issue (bz #1656746) CVE-2018-16872: usb-mtp: path traversal issue (bz #1659150) CVE-2018-20191: pvrdma: uar_read leads to NULL deref (bz #1660315) CVE-2019-6778: slirp: heap buffer overflow (bz #1669072) CVE-2019-3812: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure (bz #1678081)

How to install

sudo dnf upgrade --advisory=FEDORA-2019-88a98ce795

This update has been submitted for testing by crobinso.

9 months ago

This update has been pushed to testing.

9 months ago
User Icon atim commented & provided feedback 9 months ago
karma

LGTM.

User Icon besser82 commented & provided feedback 9 months ago
karma

Works great! LGTM! =)

User Icon vinumoses provided feedback 9 months ago
karma

This update has been submitted for batched by bodhi.

9 months ago

This update has been submitted for stable by bodhi.

9 months ago
User Icon dhgutteridge commented & provided feedback 9 months ago
karma

No regressions noted.

This update has been pushed to stable.

9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
9 months ago
in testing
9 months ago
in stable
9 months ago
BZ#1651359 CVE-2018-19364 qemu: 9pfs: Use-after-free due to race condition while updating fid path [fedora-all]
0
0
BZ#1653157 CVE-2018-19489 qemu: 9pfs: use-after-free due to race condition in renaming files [fedora-all]
0
0
BZ#1656746 CVE-2018-16867 qemu: path traversal in usb_mtp_write_data in hw/usb/dev-mtp.c of the Media Transfer Protocol (MTP) [fedora-all]
0
0
BZ#1659150 CVE-2018-16872 qemu: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) [fedora-all]
0
0
BZ#1660315 CVE-2018-20191 qemu: pvrdma: uar_read leads to NULL dereference [fedora-all]
0
0
BZ#1669072 CVE-2019-6778 qemu: slirp: heap buffer overflow in tcp_emu() [fedora-all]
0
0
BZ#1678081 CVE-2019-3812 qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure [fedora-all]
0
0

Automated Test Results