Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1523-1

Опубликовано: 03 июн. 2020
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

Security issues fixed:

  • CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
  • CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect (bsc#1165776).
  • CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
  • CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
  • CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
  • Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).

Non-security issue fixed:

  • Miscellaneous fixes to the in-package support documentation.

Список пакетов

Image SLES15-EC2-CHOST-HVM-BYOS
qemu-tools-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
qemu-2.11.2-9.36.1
qemu-arm-2.11.2-9.36.1
qemu-block-curl-2.11.2-9.36.1
qemu-block-iscsi-2.11.2-9.36.1
qemu-block-rbd-2.11.2-9.36.1
qemu-block-ssh-2.11.2-9.36.1
qemu-guest-agent-2.11.2-9.36.1
qemu-ipxe-1.0.0+-9.36.1
qemu-kvm-2.11.2-9.36.1
qemu-lang-2.11.2-9.36.1
qemu-seabios-1.11.0-9.36.1
qemu-sgabios-8-9.36.1
qemu-tools-2.11.2-9.36.1
qemu-vgabios-1.11.0-9.36.1
qemu-x86-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
qemu-2.11.2-9.36.1
qemu-arm-2.11.2-9.36.1
qemu-block-curl-2.11.2-9.36.1
qemu-block-iscsi-2.11.2-9.36.1
qemu-block-rbd-2.11.2-9.36.1
qemu-block-ssh-2.11.2-9.36.1
qemu-guest-agent-2.11.2-9.36.1
qemu-ipxe-1.0.0+-9.36.1
qemu-kvm-2.11.2-9.36.1
qemu-lang-2.11.2-9.36.1
qemu-seabios-1.11.0-9.36.1
qemu-sgabios-8-9.36.1
qemu-tools-2.11.2-9.36.1
qemu-vgabios-1.11.0-9.36.1
qemu-x86-2.11.2-9.36.1
SUSE Linux Enterprise Server 15-LTSS
qemu-2.11.2-9.36.1
qemu-arm-2.11.2-9.36.1
qemu-block-curl-2.11.2-9.36.1
qemu-block-iscsi-2.11.2-9.36.1
qemu-block-rbd-2.11.2-9.36.1
qemu-block-ssh-2.11.2-9.36.1
qemu-guest-agent-2.11.2-9.36.1
qemu-ipxe-1.0.0+-9.36.1
qemu-kvm-2.11.2-9.36.1
qemu-lang-2.11.2-9.36.1
qemu-ppc-2.11.2-9.36.1
qemu-s390-2.11.2-9.36.1
qemu-seabios-1.11.0-9.36.1
qemu-sgabios-8-9.36.1
qemu-tools-2.11.2-9.36.1
qemu-vgabios-1.11.0-9.36.1
qemu-x86-2.11.2-9.36.1
SUSE Linux Enterprise Server for SAP Applications 15
qemu-2.11.2-9.36.1
qemu-block-curl-2.11.2-9.36.1
qemu-block-iscsi-2.11.2-9.36.1
qemu-block-rbd-2.11.2-9.36.1
qemu-block-ssh-2.11.2-9.36.1
qemu-guest-agent-2.11.2-9.36.1
qemu-ipxe-1.0.0+-9.36.1
qemu-kvm-2.11.2-9.36.1
qemu-lang-2.11.2-9.36.1
qemu-ppc-2.11.2-9.36.1
qemu-seabios-1.11.0-9.36.1
qemu-sgabios-8-9.36.1
qemu-tools-2.11.2-9.36.1
qemu-vgabios-1.11.0-9.36.1
qemu-x86-2.11.2-9.36.1

Ссылки

Описание

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

Затронутые продукты
Image SLES15-EC2-CHOST-HVM-BYOS:qemu-tools-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-arm-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-block-curl-2.11.2-9.36.1
Ссылки

Описание

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

Затронутые продукты
Image SLES15-EC2-CHOST-HVM-BYOS:qemu-tools-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-arm-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-block-curl-2.11.2-9.36.1
Ссылки

Описание

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

Затронутые продукты
Image SLES15-EC2-CHOST-HVM-BYOS:qemu-tools-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-arm-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-block-curl-2.11.2-9.36.1
Ссылки

Описание

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

Затронутые продукты
Image SLES15-EC2-CHOST-HVM-BYOS:qemu-tools-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-arm-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-block-curl-2.11.2-9.36.1
Ссылки

Описание

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

Затронутые продукты
Image SLES15-EC2-CHOST-HVM-BYOS:qemu-tools-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-arm-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-block-curl-2.11.2-9.36.1
Ссылки

Описание

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

Затронутые продукты
Image SLES15-EC2-CHOST-HVM-BYOS:qemu-tools-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-arm-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:qemu-block-curl-2.11.2-9.36.1
Ссылки
Уязвимость SUSE-SU-2020:1523-1