Описание
Security update for qemu
This update for qemu fixes the following issues:
Security issue fixed:
- CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529).
Non-security issue fixed:
- Fixed serial console issue in SLES 12 SP2 that triggered a qemu-kvm bug (bsc#1108474).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
qemu-tools-2.11.2-9.17.1
SUSE Linux Enterprise Module for Server Applications 15
qemu-2.11.2-9.17.1
qemu-arm-2.11.2-9.17.1
qemu-block-curl-2.11.2-9.17.1
qemu-block-iscsi-2.11.2-9.17.1
qemu-block-rbd-2.11.2-9.17.1
qemu-block-ssh-2.11.2-9.17.1
qemu-guest-agent-2.11.2-9.17.1
qemu-ipxe-1.0.0+-9.17.1
qemu-kvm-2.11.2-9.17.1
qemu-lang-2.11.2-9.17.1
qemu-ppc-2.11.2-9.17.1
qemu-s390-2.11.2-9.17.1
qemu-seabios-1.11.0-9.17.1
qemu-sgabios-8-9.17.1
qemu-vgabios-1.11.0-9.17.1
qemu-x86-2.11.2-9.17.1
Ссылки
- Link for SUSE-SU-2018:4086-1
- E-Mail link for SUSE-SU-2018:4086-1
- SUSE Security Ratings
- SUSE Bug 1108474
- SUSE Bug 1114529
- SUSE CVE CVE-2018-16847 page
Описание
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.17.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.17.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.17.1
SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.17.1
Ссылки
- CVE-2018-16847
- SUSE Bug 1114529
- SUSE Bug 1114540