Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:1918-1

Опубликовано: 09 июн. 2021
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

  • CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply (bsc#1172380)

Список пакетов

Image SLES15-SP1-CHOST-BYOS-Azure
qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2
qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE
qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6
qemu-3.1.1.1-9.27.2
qemu-arm-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
qemu-3.1.1.1-9.27.2
qemu-arm-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
qemu-3.1.1.1-9.27.2
qemu-arm-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Linux Enterprise Module for Server Applications 15 SP2
qemu-audio-oss-3.1.1.1-9.27.2
SUSE Linux Enterprise Server 15 SP1-BCL
qemu-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Linux Enterprise Server 15 SP1-LTSS
qemu-3.1.1.1-9.27.2
qemu-arm-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-ppc-3.1.1.1-9.27.2
qemu-s390-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
qemu-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-ppc-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Manager Proxy 4.0
qemu-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Manager Retail Branch Server 4.0
qemu-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2
SUSE Manager Server 4.0
qemu-3.1.1.1-9.27.2
qemu-audio-alsa-3.1.1.1-9.27.2
qemu-audio-oss-3.1.1.1-9.27.2
qemu-audio-pa-3.1.1.1-9.27.2
qemu-block-curl-3.1.1.1-9.27.2
qemu-block-iscsi-3.1.1.1-9.27.2
qemu-block-rbd-3.1.1.1-9.27.2
qemu-block-ssh-3.1.1.1-9.27.2
qemu-guest-agent-3.1.1.1-9.27.2
qemu-ipxe-1.0.0+-9.27.2
qemu-kvm-3.1.1.1-9.27.2
qemu-lang-3.1.1.1-9.27.2
qemu-ppc-3.1.1.1-9.27.2
qemu-s390-3.1.1.1-9.27.2
qemu-seabios-1.12.0_0_ga698c89-9.27.2
qemu-sgabios-8-9.27.2
qemu-tools-3.1.1.1-9.27.2
qemu-ui-curses-3.1.1.1-9.27.2
qemu-ui-gtk-3.1.1.1-9.27.2
qemu-vgabios-1.12.0_0_ga698c89-9.27.2
qemu-x86-3.1.1.1-9.27.2

Ссылки

Описание

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Затронутые продукты
Image SLES15-SP1-CHOST-BYOS-Azure:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-EC2:qemu-tools-3.1.1.1-9.27.2
Image SLES15-SP1-CHOST-BYOS-GCE:qemu-tools-3.1.1.1-9.27.2
SUSE Enterprise Storage 6:qemu-3.1.1.1-9.27.2
Ссылки
Уязвимость SUSE-SU-2021:1918-1