SB2020050725 - Arch Linux update for qemu
Published: May 7, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2019-20382)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zrle_compress_data() function in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. A remote attacker can perform a denial of service attack.
2) Heap-based buffer overflow (CVE-ID: CVE-2020-1711)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary error in the way the iSCSI Block driver handles a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an "iscsi_co_block_status()" routine. A remote authenticated attacker can trigger heap-based buffer overflow and cause a denial of service condition or potentially execute arbitrary code with privileges of the QEMU process on the host.
3) Use-after-free (CVE-ID: CVE-2020-1983)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when processing packets within the ip_reass() function in ip_input.c in libslirp. A remote attacker can send a specially crafted packet to the application, trigger a use-after-free error and crash it.
4) Heap-based buffer overflow (CVE-ID: CVE-2020-7039)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.