ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Security update for kvm
This update for kvm fixes the following security issues:
- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735)
- CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223)
With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885).
Π‘ΠΏΠΈΡΠΎΠΊ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ²
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Π‘ΡΡΠ»ΠΊΠΈ
- Link for SUSE-SU-2018:2650-1
- E-Mail link for SUSE-SU-2018:2650-1
- SUSE Security Ratings
- SUSE Bug 1092885
- SUSE Bug 1096223
- SUSE Bug 1098735
- SUSE CVE CVE-2018-11806 page
- SUSE CVE CVE-2018-12617 page
- SUSE CVE CVE-2018-3639 page
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2018-11806
- SUSE Bug 1096223
- SUSE Bug 1096224
- SUSE Bug 1178658
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2018-12617
- SUSE Bug 1098735
- SUSE Bug 1098744
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2018-3639
- SUSE Bug 1074701
- SUSE Bug 1085235
- SUSE Bug 1085308
- SUSE Bug 1087078
- SUSE Bug 1087082
- SUSE Bug 1092631
- SUSE Bug 1092885
- SUSE Bug 1094912
- SUSE Bug 1098813
- SUSE Bug 1100394
- SUSE Bug 1102640
- SUSE Bug 1105412
- SUSE Bug 1111963
- SUSE Bug 1172781
- SUSE Bug 1172782
- SUSE Bug 1172783
- SUSE Bug 1173489
- SUSE Bug 1178658
- SUSE Bug 1201877