Описание
Security update for kvm
This update for kvm fixes the following issues:
Security issues fixed:
- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).
Non-security issue fixed:
- Fixed LAPIC TSC deadline timer save/restore (bsc#1109544)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
kvm-1.4.2-60.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
kvm-1.4.2-60.21.1
Ссылки
- Link for SUSE-SU-2019:13962-1
- E-Mail link for SUSE-SU-2019:13962-1
- SUSE Security Ratings
- SUSE Bug 1109544
- SUSE Bug 1116717
- SUSE Bug 1117275
- SUSE Bug 1123156
- SUSE CVE CVE-2018-19364 page
- SUSE CVE CVE-2018-19489 page
- SUSE CVE CVE-2019-6778 page
Описание
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.21.1
Ссылки
- CVE-2018-19364
- SUSE Bug 1116717
- SUSE Bug 1116726
Описание
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.21.1
Ссылки
- CVE-2018-19489
- SUSE Bug 1117275
- SUSE Bug 1117279
Описание
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.21.1
Ссылки
- CVE-2019-6778
- SUSE Bug 1123156
- SUSE Bug 1123157
- SUSE Bug 1178658