Описание
Security update for qemu
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
qemu-2.0.2-48.49.3
qemu-block-curl-2.0.2-48.49.3
qemu-block-rbd-2.0.2-48.49.3
qemu-guest-agent-2.0.2-48.49.3
qemu-ipxe-1.0.0-48.49.3
qemu-kvm-2.0.2-48.49.3
qemu-lang-2.0.2-48.49.3
qemu-ppc-2.0.2-48.49.3
qemu-s390-2.0.2-48.49.3
qemu-seabios-1.7.4-48.49.3
qemu-sgabios-8-48.49.3
qemu-tools-2.0.2-48.49.3
qemu-vgabios-1.7.4-48.49.3
qemu-x86-2.0.2-48.49.3
Ссылки
- Link for SUSE-SU-2019:0457-1
- E-Mail link for SUSE-SU-2019:0457-1
- SUSE Security Ratings
- SUSE Bug 1116717
- SUSE Bug 1117275
- SUSE Bug 1123156
- SUSE CVE CVE-2018-19364 page
- SUSE CVE CVE-2018-19489 page
- SUSE CVE CVE-2019-6778 page
Описание
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.49.3
Ссылки
- CVE-2018-19364
- SUSE Bug 1116717
- SUSE Bug 1116726
Описание
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.49.3
Ссылки
- CVE-2018-19489
- SUSE Bug 1117275
- SUSE Bug 1117279
Описание
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.49.3
SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.49.3
Ссылки
- CVE-2019-6778
- SUSE Bug 1123156
- SUSE Bug 1123157
- SUSE Bug 1178658