ELSA-2019-4640

Affecting qemu-block-rbd package, versions oracle:7: <15:3.1.0-3.el7

high severity
Do your applications use this vulnerable package? Test your applications

Overview

[15:3.1.0-3.el7] - x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as fixed (Mark Kanda) [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} [15:3.1.0-2.el7] - x86: Add mds feature (Karl Heubaum) - e1000: Never increment the RX undersize count register (Chris Kenna) - qemu.spec: audioflags set but never passed to configure script (Liam Merwick) [Orabug: 29715562] - parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 29715548] - parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 29715548] - parfait: provide option to upload results (Liam Merwick) [Orabug: 29715548] - parfait: disable misaligned-access check (Liam Merwick) [Orabug: 29715548] - Document CVE-2019-8934 and CVE-2019-5008 as fixed (Mark Kanda) [Orabug: 29715605] {CVE-2019-5008} {CVE-2019-8934} - device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29715527] {CVE-2018-20815} - slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29715525] {CVE-2019-9824} - i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29715520] {CVE-2019-3812} - scsi-generic: avoid possible out-of-bounds access to r->buf (Paolo Bonzini) [Orabug: 29259700] {CVE-2019-6501} - slirp: check data length while emulating ident function (Prasad J Pandit) [Orabug: 29715755] {CVE-2019-6778}

CVE
ELSA-2019-4640
Snyk ID
SNYK-LINUX-QEMUBLOCKRBD-446335
Published
15 May, 2019