Описание
Security update for virglrenderer
This update for virglrenderer fixes the following issues:
- CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479).
- CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478).
- CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482).
- CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486).
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2020:0016-1
- E-Mail link for SUSE-SU-2020:0016-1
- SUSE Security Ratings
- SUSE Bug 1159478
- SUSE Bug 1159479
- SUSE Bug 1159482
- SUSE Bug 1159486
- SUSE CVE CVE-2019-18388 page
- SUSE CVE CVE-2019-18389 page
- SUSE CVE CVE-2019-18390 page
- SUSE CVE CVE-2019-18391 page
Описание
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.
Затронутые продукты
Ссылки
- CVE-2019-18388
- SUSE Bug 1159479
Описание
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
Затронутые продукты
Ссылки
- CVE-2019-18389
- SUSE Bug 1159482
Описание
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
Затронутые продукты
Ссылки
- CVE-2019-18390
- SUSE Bug 1159478
Описание
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
Затронутые продукты
Ссылки
- CVE-2019-18391
- SUSE Bug 1159486