RHSA-2019:2892 - Security Advisory - Type/Severity: Important - Topic: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. - Description: - Security Fix(es): - CVE-2018-10839: QEMU: integer overflow leads to buffer overflow issue - CVE-2018-11806: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams - CVE-2018-17962: QEMU: pnet: integer overflow leads to buffer overflow - CVE-2019-6778: QEMU: slirp: heap buffer overflow in tcp_emu () - CVE-2019-12155: QEMU: qxl: null pointer dereference while releasing spice resources - Affected Products: - Red Hat Enterprise Linux Server 6 x86_64 - Red Hat Enterprise Linux Server 6 i386 - Red Hat Enterprise Linux Server - Extended Lifecycle Support 6 x86_64 - Red Hat Enterprise Linux Server - Extended Lifecycle Support 6 i386 - Red Hat Enterprise Linux Workstation 6 x86_64 - Red Hat Enterprise Linux Workstation 6 i386 - Red Hat Enterprise Linux Desktop 6 x86_64 - Red Hat Enterprise Linux Desktop 6 i386 - Red Hat Enterprise Linux for Power, big endian 6 ppc64 - Red Hat Enterprise Linux for Scientific Computing 6 x86_64 - Red Hat Enterprise Linux Server - Extended Lifecycle Support Extension 6 x86_64 - Red Hat Enterprise Linux Server - Extended Lifecycle Support Extension 6 i386 - Fixes: - BZ - 1581013 - CVE-2018-10839 QEMU: ne2000: integer overflow leads to buffer overflow issue - BZ - 1586245 - CVE-2018-11806 QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams - BZ - 1636773 - CVE-2018-17962 QEMU: pnet: integer overflow leads to buffer overflow - BZ - 1664205 - CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu () - BZ - 1712670 - CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources - CVEs: - CVE-2018-10839 - CVE-2018-11806 - CVE-2018-17962 - CVE-2019-6778 - CVE-2019-12155