Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:2340-1

Опубликовано: 15 авг. 2018
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu to version 2.11.2 fixes the following issues:

Security issue fixed:

  • CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223).
  • CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082).
  • CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291)

Bug fixes:

  • bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1.
  • bsc#1094898: qemu-guest-agent service doesn't work in version Leap 15.0.
  • bsc#1094725: virsh blockresize does not work with Xen qdisks.
  • bsc#1094913: QEMU crashes when starting a guest with more than 7.999TB.

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15
qemu-tools-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15
qemu-2.11.2-9.4.1
qemu-arm-2.11.2-9.4.1
qemu-block-curl-2.11.2-9.4.1
qemu-block-iscsi-2.11.2-9.4.1
qemu-block-rbd-2.11.2-9.4.1
qemu-block-ssh-2.11.2-9.4.1
qemu-guest-agent-2.11.2-9.4.1
qemu-ipxe-1.0.0-9.4.1
qemu-kvm-2.11.2-9.4.1
qemu-lang-2.11.2-9.4.1
qemu-ppc-2.11.2-9.4.1
qemu-s390-2.11.2-9.4.1
qemu-seabios-1.11.0-9.4.1
qemu-sgabios-8-9.4.1
qemu-vgabios-1.11.0-9.4.1
qemu-x86-2.11.2-9.4.1

Ссылки

Описание

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.4.1
Ссылки

Описание

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.4.1
Ссылки

Описание

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.4.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.4.1
Ссылки
Уязвимость SUSE-SU-2018:2340-1