ALSA-2019:3345

See a problem?
Source
https://errata.almalinux.org/8/ALSA-2019-3345.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:3345.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2019:3345
Related
Published
2019-11-05T17:33:34Z
Modified
2021-12-23T15:15:25Z
Summary
Low: virt:rhel security, bug fix, and enhancement update
Details

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)

  • QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)

  • QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / libiscsi

Package

Name
libiscsi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.6.0+2880+7d9e3703

AlmaLinux:8 / libiscsi

Package

Name
libiscsi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.5.0+2608+72063365

AlmaLinux:8 / libiscsi

Package

Name
libiscsi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.3.0+2048+e7a0a3ea

AlmaLinux:8 / libiscsi-devel

Package

Name
libiscsi-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.6.0+2880+7d9e3703

AlmaLinux:8 / libiscsi-devel

Package

Name
libiscsi-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.3.0+2048+e7a0a3ea

AlmaLinux:8 / libiscsi-devel

Package

Name
libiscsi-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.5.0+2608+72063365

AlmaLinux:8 / libiscsi-utils

Package

Name
libiscsi-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.3.0+2048+e7a0a3ea

AlmaLinux:8 / libiscsi-utils

Package

Name
libiscsi-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.6.0+2880+7d9e3703

AlmaLinux:8 / libiscsi-utils

Package

Name
libiscsi-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.0-8.module_el8.5.0+2608+72063365

AlmaLinux:8 / netcf

Package

Name
netcf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.5.0+2608+72063365

AlmaLinux:8 / netcf

Package

Name
netcf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.6.0+2880+7d9e3703

AlmaLinux:8 / netcf

Package

Name
netcf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.3.0+2048+e7a0a3ea

AlmaLinux:8 / netcf-devel

Package

Name
netcf-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.3.0+2048+e7a0a3ea

AlmaLinux:8 / netcf-devel

Package

Name
netcf-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.5.0+2608+72063365

AlmaLinux:8 / netcf-devel

Package

Name
netcf-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.6.0+2880+7d9e3703

AlmaLinux:8 / netcf-libs

Package

Name
netcf-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.6.0+2880+7d9e3703

AlmaLinux:8 / netcf-libs

Package

Name
netcf-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.5.0+2608+72063365

AlmaLinux:8 / netcf-libs

Package

Name
netcf-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.8-12.module_el8.3.0+2048+e7a0a3ea

AlmaLinux:8 / sgabios

Package

Name
sgabios

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.20170427git-3.module_el8.5.0+2608+72063365

AlmaLinux:8 / sgabios

Package

Name
sgabios

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.20170427git-3.module_el8.3.0+2048+e7a0a3ea

AlmaLinux:8 / sgabios-bin

Package

Name
sgabios-bin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.20170427git-3.module_el8.5.0+2608+72063365

AlmaLinux:8 / sgabios-bin

Package

Name
sgabios-bin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.20170427git-3.module_el8.6.0+2880+7d9e3703