Lucene search
AmazonALAS-2020-1466HistoryDec 16, 2020 - 8:31 p.m.
Medium: qemu-kvm
2020-12-1620:31:00
alas.aws.amazon.com
65
0.009 Low
EPSS
Percentile
82.9%
Issue Overview:
A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service. (CVE-2019-15890 __)
Affected Packages:
qemu-kvm
Issue Correction:
Run yum update qemu-kvm to update your system.
New Packages:
src:
qemu-kvm-1.5.3-156.25.amzn1.src
x86_64:
qemu-kvm-1.5.3-156.25.amzn1.x86_64
qemu-kvm-tools-1.5.3-156.25.amzn1.x86_64
qemu-kvm-common-1.5.3-156.25.amzn1.x86_64
qemu-img-1.5.3-156.25.amzn1.x86_64
qemu-kvm-debuginfo-1.5.3-156.25.amzn1.x86_64
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | x86_64 | qemu-kvm | < 1.5.3-156.25.amzn1 | qemu-kvm-1.5.3-156.25.amzn1.x86_64.rpm |
| Amazon Linux | 1 | src | qemu-kvm | < 1.5.3-156.25.amzn1 | qemu-kvm-1.5.3-156.25.amzn1.src.rpm |
| Amazon Linux | 1 | x86_64 | qemu-kvm-common | < 1.5.3-156.25.amzn1 | qemu-kvm-common-1.5.3-156.25.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | qemu-kvm-debuginfo | < 1.5.3-156.25.amzn1 | qemu-kvm-debuginfo-1.5.3-156.25.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | qemu-img | < 1.5.3-156.25.amzn1 | qemu-img-1.5.3-156.25.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | qemu-kvm-tools | < 1.5.3-156.25.amzn1 | qemu-kvm-tools-1.5.3-156.25.amzn1.x86_64.rpm |
Related
ubuntucve
ubuntucve
CVE-2019-15890
2019-09-06 00:00:00
nessus
nessus
Amazon Linux AMI : qemu-kvm (ALAS-2021-1467)
2021-01-14 00:00:00
NewStart CGSL MAIN 6.02 : qemu Vulnerability (NS-SA-2022-0072)
2022-05-09 00:00:00
Amazon Linux AMI : qemu-img (ALAS-2020-1466) (deprecated)
2020-12-18 00:00:00
prion
prion
Design/Logic Flaw
2019-09-06 17:15:00
cve
cve
CVE-2019-15890
2019-09-06 17:15:11
veracode
veracode
Use-after-free
2020-09-21 06:39:39
debiancve
debiancve
CVE-2019-15890
2019-09-06 17:15:11
amazon
amazon
Medium: qemu-kvm
2021-01-12 22:51:00
Medium: qemu
2020-12-08 21:30:00
f5
f5
K75952001 : QEMU vulnerability CVE-2019-15890
2021-01-05 00:00:00
osv
osv
CVE-2019-15890
2019-09-06 17:15:11
Important: container-tools:rhel8 security, bug fix, and enhancement update
2020-02-04 11:39:46
qemu - security update
2020-02-02 00:00:00
cvelist
cvelist
CVE-2019-15890
2019-09-06 16:55:12
redhatcve
redhatcve
CVE-2019-15890
2020-04-02 08:47:48
nvd
nvd
CVE-2019-15890
2019-09-06 17:15:11
redhat
redhat
(RHSA-2020:0348) Important: container-tools:rhel8 security, bug fix, and enhancement update
2020-02-04 11:39:46
(RHSA-2020:0775) Important: qemu-kvm security update
2020-03-10 11:01:33
(RHSA-2020:0889) Important: slirp4netns security update
2020-03-17 17:40:28
openvas
openvas
Debian: Security Advisory (DSA-4616-1)
2020-02-04 00:00:00
CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)
2020-03-11 00:00:00
Ubuntu: Security Advisory (USN-4191-1)
2019-11-14 00:00:00
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2020-02-04 11:39:46
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2020-11-03 12:26:07
centos
centos
qemu security update
2020-03-10 20:44:03
debian
debian
[SECURITY] [DSA 4616-1] qemu security update
2020-02-02 20:47:01
[SECURITY] [DLA 1927-1] qemu security update
2019-09-20 09:19:02
oraclelinux
oraclelinux
qemu-kvm security update
2020-03-10 00:00:00
qemu-kvm security, bug fix, and enhancement update
2020-04-06 00:00:00
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
2020-11-10 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2019-11-14 00:00:00
QEMU vulnerabilities
2019-11-14 00:00:00
suse
suse
Security update for qemu (important)
2019-11-14 00:00:00
Security update for qemu (important)
2021-07-11 00:00:00
Security update for qemu (moderate)
2021-07-14 00:00:00
almalinux
almalinux