1943399 – qemu-kvm-ev: usb: out-of-bounds r/w(CVE-2020-14364

Bug 1943399 - qemu-kvm-ev: usb: out-of-bounds r/w(CVE-2020-14364

Summary: qemu-kvm-ev: usb: out-of-bounds r/w(CVE-2020-14364

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-distribution
Classification:	oVirt
Component:	qemu-kvm-ev
Sub Component:
Version:	---
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Sandro Bonazzola
QA Contact:	meital avital
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-03-26 01:41 UTC by jasonrao
Modified:	2021-04-07 09:41 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-03-26 09:16:50 UTC
oVirt Team:	Virt
Embargoed:

Attachments	(Terms of Use)

Description jasonrao 2021-03-26 01:41:59 UTC

Description of problem:
 The qemu-kvm-rhev has fixed the issue, but CentOS community hasn't updated the repaired version of qemu-kvm-ev;

Comment 1 Michal Skrivanek 2021-03-26 09:16:50 UTC

oVirt 4.3 is superseded by oVirt 4.4 for 10 months now. Please upgrade.

if this is for other use case just to consume qemu-kvm-ev from CentOS Virt SIG then please open an issue on CentOS side or push an update yourself, as otherwise this package is there primarily for oVirt.

Note You need to log in before you can comment on or make changes to this bug.