Описание
Security update for qemu
This update for qemu to version 4.2.1 fixes the following issues:
- CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710).
- CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495).
- CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386).
- CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383).
- CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384).
Список пакетов
Container suse/sles/15.2/virt-handler:0.38.1
Container suse/sles/15.2/virt-launcher:0.38.1
Image SLES15-SP2-EC2-ECS-HVM
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
Ссылки
- Link for SUSE-SU-2020:2015-1
- E-Mail link for SUSE-SU-2020:2015-1
- SUSE Security Ratings
- SUSE Bug 1172383
- SUSE Bug 1172384
- SUSE Bug 1172386
- SUSE Bug 1172495
- SUSE Bug 1172710
- SUSE CVE CVE-2020-10761 page
- SUSE CVE CVE-2020-13361 page
- SUSE CVE CVE-2020-13362 page
- SUSE CVE CVE-2020-13659 page
- SUSE CVE CVE-2020-13800 page
Описание
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-10761
- SUSE Bug 1172710
Описание
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
Затронутые продукты
Ссылки
- CVE-2020-13361
- SUSE Bug 1172384
Описание
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
Затронутые продукты
Ссылки
- CVE-2020-13362
- SUSE Bug 1172383
Описание
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
Затронутые продукты
Ссылки
- CVE-2020-13659
- SUSE Bug 1172386
Описание
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
Затронутые продукты
Ссылки
- CVE-2020-13800
- SUSE Bug 1172495