Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:14151-1

Опубликовано: 21 авг. 2019
Источник: suse-cvrf

Описание

Security update for kvm

This update for kvm fixes the following issues:

Security issues fixed:

  • CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).
  • CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902).
  • CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).

Список пакетов

SUSE Linux Enterprise Server 11 SP4-LTSS
kvm-1.4.2-60.27.1

Описание

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.


Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.27.1

Ссылки

Описание

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.


Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.27.1

Ссылки

Описание

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.


Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.27.1

Ссылки
Уязвимость SUSE-SU-2019:14151-1