Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2743-1

Опубликовано: 24 сент. 2020
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

  • CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384).
  • CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441).
  • CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641).
  • CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386).
  • Fix OOB access in ROM loading

Список пакетов

Image SLES12-SP5-EC2-ECS-On-Demand
qemu-tools-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5
qemu-3.1.1.1-45.1
qemu-arm-3.1.1.1-45.1
qemu-audio-alsa-3.1.1.1-45.1
qemu-audio-oss-3.1.1.1-45.1
qemu-audio-pa-3.1.1.1-45.1
qemu-audio-sdl-3.1.1.1-45.1
qemu-block-curl-3.1.1.1-45.1
qemu-block-iscsi-3.1.1.1-45.1
qemu-block-rbd-3.1.1.1-45.1
qemu-block-ssh-3.1.1.1-45.1
qemu-guest-agent-3.1.1.1-45.1
qemu-ipxe-1.0.0+-45.1
qemu-kvm-3.1.1.1-45.1
qemu-lang-3.1.1.1-45.1
qemu-ppc-3.1.1.1-45.1
qemu-s390-3.1.1.1-45.1
qemu-seabios-1.12.0-45.1
qemu-sgabios-8-45.1
qemu-tools-3.1.1.1-45.1
qemu-ui-curses-3.1.1.1-45.1
qemu-ui-gtk-3.1.1.1-45.1
qemu-ui-sdl-3.1.1.1-45.1
qemu-vgabios-1.12.0-45.1
qemu-x86-3.1.1.1-45.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
qemu-3.1.1.1-45.1
qemu-arm-3.1.1.1-45.1
qemu-audio-alsa-3.1.1.1-45.1
qemu-audio-oss-3.1.1.1-45.1
qemu-audio-pa-3.1.1.1-45.1
qemu-audio-sdl-3.1.1.1-45.1
qemu-block-curl-3.1.1.1-45.1
qemu-block-iscsi-3.1.1.1-45.1
qemu-block-rbd-3.1.1.1-45.1
qemu-block-ssh-3.1.1.1-45.1
qemu-guest-agent-3.1.1.1-45.1
qemu-ipxe-1.0.0+-45.1
qemu-kvm-3.1.1.1-45.1
qemu-lang-3.1.1.1-45.1
qemu-ppc-3.1.1.1-45.1
qemu-s390-3.1.1.1-45.1
qemu-seabios-1.12.0-45.1
qemu-sgabios-8-45.1
qemu-tools-3.1.1.1-45.1
qemu-ui-curses-3.1.1.1-45.1
qemu-ui-gtk-3.1.1.1-45.1
qemu-ui-sdl-3.1.1.1-45.1
qemu-vgabios-1.12.0-45.1
qemu-x86-3.1.1.1-45.1

Ссылки

Описание

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-45.1
Ссылки

Описание

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-45.1
Ссылки

Описание

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-45.1
Ссылки

Описание

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-45.1
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-45.1
Ссылки
Уязвимость SUSE-SU-2020:2743-1