Описание
Security update for qemu
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).
- CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604).
- CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function.
- CVE-2017-13672: Fixed a denial of service via vectors involving display update.
Non-security issues fixed:
- Fixed bad guest time after migration (bsc#1113231).
Список пакетов
SUSE Enterprise Storage 4
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE OpenStack Cloud 7
Ссылки
- Link for SUSE-SU-2019:0489-1
- E-Mail link for SUSE-SU-2019:0489-1
- SUSE Security Ratings
- SUSE Bug 1084604
- SUSE Bug 1113231
- SUSE Bug 1116717
- SUSE Bug 1117275
- SUSE Bug 1119493
- SUSE Bug 1123156
- SUSE CVE CVE-2017-13672 page
- SUSE CVE CVE-2017-13673 page
- SUSE CVE CVE-2018-16872 page
- SUSE CVE CVE-2018-19364 page
- SUSE CVE CVE-2018-19489 page
- SUSE CVE CVE-2018-7858 page
- SUSE CVE CVE-2019-6778 page
Описание
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
Затронутые продукты
Ссылки
- CVE-2017-13672
- SUSE Bug 1056334
- SUSE Bug 1056336
- SUSE Bug 1084604
Описание
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
Затронутые продукты
Ссылки
- CVE-2017-13673
- SUSE Bug 1056386
- SUSE Bug 1056387
- SUSE Bug 1084604
Описание
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
Затронутые продукты
Ссылки
- CVE-2018-16872
- SUSE Bug 1119493
- SUSE Bug 1119494
Описание
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
Затронутые продукты
Ссылки
- CVE-2018-19364
- SUSE Bug 1116717
- SUSE Bug 1116726
Описание
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
Затронутые продукты
Ссылки
- CVE-2018-19489
- SUSE Bug 1117275
- SUSE Bug 1117279
Описание
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
Затронутые продукты
Ссылки
- CVE-2018-7858
- SUSE Bug 1084604
Описание
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2019-6778
- SUSE Bug 1123156
- SUSE Bug 1123157
- SUSE Bug 1178658