Описание
Security update for qemu
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).
- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).
Non-security issue fixed:
- Make sure that required memory is mapped properly during an incoming migration of a Xen HVM domU (bsc#1160024).
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2020:1538-1
- E-Mail link for SUSE-SU-2020:1538-1
- SUSE Security Ratings
- SUSE Bug 1123156
- SUSE Bug 1146873
- SUSE Bug 1149811
- SUSE Bug 1160024
- SUSE Bug 1161066
- SUSE Bug 1163018
- SUSE Bug 1166240
- SUSE Bug 1170940
- SUSE CVE CVE-2019-12068 page
- SUSE CVE CVE-2019-15890 page
- SUSE CVE CVE-2019-6778 page
- SUSE CVE CVE-2020-1711 page
- SUSE CVE CVE-2020-1983 page
- SUSE CVE CVE-2020-7039 page
- SUSE CVE CVE-2020-8608 page
Описание
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Затронутые продукты
Ссылки
- CVE-2019-12068
- SUSE Bug 1146873
- SUSE Bug 1146874
- SUSE Bug 1178658
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658
Описание
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2019-6778
- SUSE Bug 1123156
- SUSE Bug 1123157
- SUSE Bug 1178658
Описание
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Затронутые продукты
Ссылки
- CVE-2020-1711
- SUSE Bug 1166240
Описание
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-1983
- SUSE Bug 1170940
Описание
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2020-7039
- SUSE Bug 1161066
Описание
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Затронутые продукты
Ссылки
- CVE-2020-8608
- SUSE Bug 1163018
- SUSE Bug 1163019