Arch Linux Security Advisory ASA-202005-6
========================================
Severity: High
Date    : 2020-05-07
CVE-ID  : CVE-2019-20382 CVE-2020-1711 CVE-2020-7039
Package : qemu
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1110

Summary
======
The package qemu before version 5.0.0-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
=========
Upgrade to 5.0.0-1.

# pacman -Syu "qemu>=5.0.0-1"

The problems have been fixed upstream in version 5.0.0.

Workaround
=========
None.

Description
==========
- CVE-2019-20382 (denial of service)

A memory leak has been found in in the way VNC display driver of QEMU
<= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is
enabled. It creates two vncState objects, one of which allocates memory
for Zlib's data object. This allocated memory is not free'd upon
disconnection resulting in the said memory leakage issue.
A user able to connect to the VNC server could use this flaw to leak
host memory leading to a potential DoS scenario.

- CVE-2020-1711 (arbitrary code execution)

An out-of-bounds heap buffer access flaw was found in the way the iSCSI
Block driver in QEMU handled a response coming from an iSCSI server
while checking the status of a Logical Address Block (LBA) in an
iscsi_co_block_status() routine. A remote user could use this flaw to
crash the QEMU process, resulting in a denial of service or potential
execution of arbitrary code with privileges of the QEMU process on the
host.

- CVE-2020-7039 (arbitrary code execution)

A heap buffer overflow issue was found in the SLiRP networking
implementation of the QEMU emulator. This flaw occurs in the tcp_emu()
routine while emulating IRC and other protocols. An attacker could use
this flaw to crash the QEMU process on the host, resulting in a denial
of service or potential execution of arbitrary code with privileges of
the QEMU process.

Impact
=====
A remote attacker can crash the QEMU process, and potentially execute
arbitrary code on the host.

References
=========
https://www.openwall.com/lists/oss-security/2020/03/05/1
https://gitlab.com/qemu-project/;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
https://www.openwall.com/lists/oss-security/2020/01/23/3
https://www.openwall.com/lists/oss-security/2020/01/16/2
https://security.archlinux.org/CVE-2019-20382
https://security.archlinux.org/CVE-2020-1711
https://security.archlinux.org/CVE-2020-7039

ArchLinux: 202005-6: qemu: multiple issues

May 20, 2020

Summary

- CVE-2019-20382 (denial of service) A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue. A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.
- CVE-2020-1711 (arbitrary code execution)
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
- CVE-2020-7039 (arbitrary code execution)
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while emulating IRC and other protocols. An attacker could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process.

Resolution

Upgrade to 5.0.0-1. # pacman -Syu "qemu>=5.0.0-1"
The problems have been fixed upstream in version 5.0.0.

References

https://www.openwall.com/lists/oss-security/2020/03/05/1 https://gitlab.com/qemu-project/;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 https://www.openwall.com/lists/oss-security/2020/01/23/3 https://www.openwall.com/lists/oss-security/2020/01/16/2 https://security.archlinux.org/CVE-2019-20382 https://security.archlinux.org/CVE-2020-1711 https://security.archlinux.org/CVE-2020-7039

Severity
Package : qemu
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1110

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved