Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202005-6: qemu: multiple issues

    Date
    125
    Posted By
    The package qemu before version 5.0.0-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
    Arch Linux Security Advisory ASA-202005-6
    =========================================
    
    Severity: High
    Date    : 2020-05-07
    CVE-ID  : CVE-2019-20382 CVE-2020-1711 CVE-2020-7039
    Package : qemu
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1110
    
    Summary
    =======
    
    The package qemu before version 5.0.0-1 is vulnerable to multiple
    issues including arbitrary code execution and denial of service.
    
    Resolution
    ==========
    
    Upgrade to 5.0.0-1.
    
    # pacman -Syu "qemu>=5.0.0-1"
    
    The problems have been fixed upstream in version 5.0.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-20382 (denial of service)
    
    A memory leak has been found in in the way VNC display driver of QEMU
    <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is
    enabled. It creates two vncState objects, one of which allocates memory
    for Zlib's data object. This allocated memory is not free'd upon
    disconnection resulting in the said memory leakage issue.
    A user able to connect to the VNC server could use this flaw to leak
    host memory leading to a potential DoS scenario.
    
    - CVE-2020-1711 (arbitrary code execution)
    
    An out-of-bounds heap buffer access flaw was found in the way the iSCSI
    Block driver in QEMU handled a response coming from an iSCSI server
    while checking the status of a Logical Address Block (LBA) in an
    iscsi_co_block_status() routine. A remote user could use this flaw to
    crash the QEMU process, resulting in a denial of service or potential
    execution of arbitrary code with privileges of the QEMU process on the
    host.
    
    - CVE-2020-7039 (arbitrary code execution)
    
    A heap buffer overflow issue was found in the SLiRP networking
    implementation of the QEMU emulator. This flaw occurs in the tcp_emu()
    routine while emulating IRC and other protocols. An attacker could use
    this flaw to crash the QEMU process on the host, resulting in a denial
    of service or potential execution of arbitrary code with privileges of
    the QEMU process.
    
    Impact
    ======
    
    A remote attacker can crash the QEMU process, and potentially execute
    arbitrary code on the host.
    
    References
    ==========
    
    https://www.openwall.com/lists/oss-security/2020/03/05/1
    https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
    https://www.openwall.com/lists/oss-security/2020/01/23/3
    https://www.openwall.com/lists/oss-security/2020/01/16/2
    https://security.archlinux.org/CVE-2019-20382
    https://security.archlinux.org/CVE-2020-1711
    https://security.archlinux.org/CVE-2020-7039
    
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.