Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:1151-1

Опубликовано: 11 апр. 2022
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

  • CVE-2021-20196: Fixed a denial of service in the floppy disk emulator (bsc#1181361).
  • CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525).

Non-security fixes:

  • Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737).

Список пакетов

Image SLES12-SP5-EC2-ECS-On-Demand
qemu-tools-3.1.1.1-63.4
SUSE Linux Enterprise Server 12 SP5
qemu-3.1.1.1-63.4
qemu-arm-3.1.1.1-63.4
qemu-audio-alsa-3.1.1.1-63.4
qemu-audio-oss-3.1.1.1-63.4
qemu-audio-pa-3.1.1.1-63.4
qemu-audio-sdl-3.1.1.1-63.4
qemu-block-curl-3.1.1.1-63.4
qemu-block-iscsi-3.1.1.1-63.4
qemu-block-rbd-3.1.1.1-63.4
qemu-block-ssh-3.1.1.1-63.4
qemu-guest-agent-3.1.1.1-63.4
qemu-ipxe-1.0.0+-63.4
qemu-kvm-3.1.1.1-63.4
qemu-lang-3.1.1.1-63.4
qemu-ppc-3.1.1.1-63.4
qemu-s390-3.1.1.1-63.4
qemu-seabios-1.12.0_0_ga698c89-63.4
qemu-sgabios-8-63.4
qemu-tools-3.1.1.1-63.4
qemu-ui-curses-3.1.1.1-63.4
qemu-ui-gtk-3.1.1.1-63.4
qemu-ui-sdl-3.1.1.1-63.4
qemu-vgabios-1.12.0_0_ga698c89-63.4
qemu-x86-3.1.1.1-63.4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
qemu-3.1.1.1-63.4
qemu-arm-3.1.1.1-63.4
qemu-audio-alsa-3.1.1.1-63.4
qemu-audio-oss-3.1.1.1-63.4
qemu-audio-pa-3.1.1.1-63.4
qemu-audio-sdl-3.1.1.1-63.4
qemu-block-curl-3.1.1.1-63.4
qemu-block-iscsi-3.1.1.1-63.4
qemu-block-rbd-3.1.1.1-63.4
qemu-block-ssh-3.1.1.1-63.4
qemu-guest-agent-3.1.1.1-63.4
qemu-ipxe-1.0.0+-63.4
qemu-kvm-3.1.1.1-63.4
qemu-lang-3.1.1.1-63.4
qemu-ppc-3.1.1.1-63.4
qemu-s390-3.1.1.1-63.4
qemu-seabios-1.12.0_0_ga698c89-63.4
qemu-sgabios-8-63.4
qemu-tools-3.1.1.1-63.4
qemu-ui-curses-3.1.1.1-63.4
qemu-ui-gtk-3.1.1.1-63.4
qemu-ui-sdl-3.1.1.1-63.4
qemu-vgabios-1.12.0_0_ga698c89-63.4
qemu-x86-3.1.1.1-63.4

Ссылки

Описание

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-63.4
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-63.4
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-63.4
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-63.4
Ссылки

Описание

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

Затронутые продукты
Image SLES12-SP5-EC2-ECS-On-Demand:qemu-tools-3.1.1.1-63.4
SUSE Linux Enterprise Server 12 SP5:qemu-3.1.1.1-63.4
SUSE Linux Enterprise Server 12 SP5:qemu-arm-3.1.1.1-63.4
SUSE Linux Enterprise Server 12 SP5:qemu-audio-alsa-3.1.1.1-63.4
Ссылки