SUSE-SU-2022:3660-1

Опубликовано: 19 окт. 2022

Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)

Список пакетов

Container suse/sle-micro-rancher/5.2:latest

qemu-guest-agent-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.1

qemu-5.2.0-150300.118.3

qemu-arm-5.2.0-150300.118.3

qemu-ipxe-1.0.0+-150300.118.3

qemu-s390x-5.2.0-150300.118.3

qemu-seabios-1.14.0_0_g155821a-150300.118.3

qemu-sgabios-8-150300.118.3

qemu-tools-5.2.0-150300.118.3

qemu-vgabios-1.14.0_0_g155821a-150300.118.3

qemu-x86-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.2

qemu-5.2.0-150300.118.3

qemu-arm-5.2.0-150300.118.3

qemu-audio-spice-5.2.0-150300.118.3

qemu-chardev-spice-5.2.0-150300.118.3

qemu-guest-agent-5.2.0-150300.118.3

qemu-hw-display-qxl-5.2.0-150300.118.3

qemu-hw-display-virtio-gpu-5.2.0-150300.118.3

qemu-hw-display-virtio-vga-5.2.0-150300.118.3

qemu-hw-usb-redirect-5.2.0-150300.118.3

qemu-ipxe-1.0.0+-150300.118.3

qemu-s390x-5.2.0-150300.118.3

qemu-seabios-1.14.0_0_g155821a-150300.118.3

qemu-sgabios-8-150300.118.3

qemu-tools-5.2.0-150300.118.3

qemu-ui-opengl-5.2.0-150300.118.3

qemu-ui-spice-core-5.2.0-150300.118.3

qemu-vgabios-1.14.0_0_g155821a-150300.118.3

qemu-x86-5.2.0-150300.118.3

SUSE Linux Enterprise Module for Basesystem 15 SP3

qemu-tools-5.2.0-150300.118.3

SUSE Linux Enterprise Module for Server Applications 15 SP3

qemu-5.2.0-150300.118.3

qemu-SLOF-5.2.0-150300.118.3

qemu-arm-5.2.0-150300.118.3

qemu-audio-alsa-5.2.0-150300.118.3

qemu-audio-pa-5.2.0-150300.118.3

qemu-audio-spice-5.2.0-150300.118.3

qemu-block-curl-5.2.0-150300.118.3

qemu-block-iscsi-5.2.0-150300.118.3

qemu-block-rbd-5.2.0-150300.118.3

qemu-block-ssh-5.2.0-150300.118.3

qemu-chardev-baum-5.2.0-150300.118.3

qemu-chardev-spice-5.2.0-150300.118.3

qemu-guest-agent-5.2.0-150300.118.3

qemu-hw-display-qxl-5.2.0-150300.118.3

qemu-hw-display-virtio-gpu-5.2.0-150300.118.3

qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3

qemu-hw-display-virtio-vga-5.2.0-150300.118.3

qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3

qemu-hw-usb-redirect-5.2.0-150300.118.3

qemu-ipxe-1.0.0+-150300.118.3

qemu-ksm-5.2.0-150300.118.3

qemu-kvm-5.2.0-150300.118.3

qemu-lang-5.2.0-150300.118.3

qemu-ppc-5.2.0-150300.118.3

qemu-s390x-5.2.0-150300.118.3

qemu-seabios-1.14.0_0_g155821a-150300.118.3

qemu-sgabios-8-150300.118.3

qemu-skiboot-5.2.0-150300.118.3

qemu-ui-curses-5.2.0-150300.118.3

qemu-ui-gtk-5.2.0-150300.118.3

qemu-ui-opengl-5.2.0-150300.118.3

qemu-ui-spice-app-5.2.0-150300.118.3

qemu-ui-spice-core-5.2.0-150300.118.3

qemu-vgabios-1.14.0_0_g155821a-150300.118.3

qemu-x86-5.2.0-150300.118.3

openSUSE Leap 15.3

qemu-5.2.0-150300.118.3

qemu-SLOF-5.2.0-150300.118.3

qemu-arm-5.2.0-150300.118.3

qemu-audio-alsa-5.2.0-150300.118.3

qemu-audio-pa-5.2.0-150300.118.3

qemu-audio-spice-5.2.0-150300.118.3

qemu-block-curl-5.2.0-150300.118.3

qemu-block-dmg-5.2.0-150300.118.3

qemu-block-gluster-5.2.0-150300.118.3

qemu-block-iscsi-5.2.0-150300.118.3

qemu-block-nfs-5.2.0-150300.118.3

qemu-block-rbd-5.2.0-150300.118.3

qemu-block-ssh-5.2.0-150300.118.3

qemu-chardev-baum-5.2.0-150300.118.3

qemu-chardev-spice-5.2.0-150300.118.3

qemu-extra-5.2.0-150300.118.3

qemu-guest-agent-5.2.0-150300.118.3

qemu-hw-display-qxl-5.2.0-150300.118.3

qemu-hw-display-virtio-gpu-5.2.0-150300.118.3

qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3

qemu-hw-display-virtio-vga-5.2.0-150300.118.3

qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3

qemu-hw-usb-redirect-5.2.0-150300.118.3

qemu-hw-usb-smartcard-5.2.0-150300.118.3

qemu-ipxe-1.0.0+-150300.118.3

qemu-ivshmem-tools-5.2.0-150300.118.3

qemu-ksm-5.2.0-150300.118.3

qemu-kvm-5.2.0-150300.118.3

qemu-lang-5.2.0-150300.118.3

qemu-linux-user-5.2.0-150300.118.2

qemu-microvm-5.2.0-150300.118.3

qemu-ppc-5.2.0-150300.118.3

qemu-s390x-5.2.0-150300.118.3

qemu-seabios-1.14.0_0_g155821a-150300.118.3

qemu-sgabios-8-150300.118.3

qemu-skiboot-5.2.0-150300.118.3

qemu-testsuite-5.2.0-150300.118.5

qemu-tools-5.2.0-150300.118.3

qemu-ui-curses-5.2.0-150300.118.3

qemu-ui-gtk-5.2.0-150300.118.3

qemu-ui-opengl-5.2.0-150300.118.3

qemu-ui-spice-app-5.2.0-150300.118.3

qemu-ui-spice-core-5.2.0-150300.118.3

qemu-vgabios-1.14.0_0_g155821a-150300.118.3

qemu-vhost-user-gpu-5.2.0-150300.118.3

qemu-x86-5.2.0-150300.118.3

openSUSE Leap Micro 5.2

qemu-5.2.0-150300.118.3

qemu-arm-5.2.0-150300.118.3

qemu-audio-spice-5.2.0-150300.118.3

qemu-chardev-spice-5.2.0-150300.118.3

qemu-guest-agent-5.2.0-150300.118.3

qemu-hw-display-qxl-5.2.0-150300.118.3

qemu-hw-display-virtio-gpu-5.2.0-150300.118.3

qemu-hw-display-virtio-vga-5.2.0-150300.118.3

qemu-hw-usb-redirect-5.2.0-150300.118.3

qemu-ipxe-1.0.0+-150300.118.3

qemu-seabios-1.14.0_0_g155821a-150300.118.3

qemu-sgabios-8-150300.118.3

qemu-tools-5.2.0-150300.118.3

qemu-ui-opengl-5.2.0-150300.118.3

qemu-ui-spice-core-5.2.0-150300.118.3

qemu-vgabios-1.14.0_0_g155821a-150300.118.3

qemu-x86-5.2.0-150300.118.3

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223660-1/
Link for SUSE-SU-2022:3660-1
https://lists.suse.com/pipermail/sle-security-updates/2022-October/012576.html
E-Mail link for SUSE-SU-2022:3660-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1192115
SUSE Bug 1192115
https://bugzilla.suse.com/1198038
SUSE Bug 1198038
https://bugzilla.suse.com/1201367
SUSE Bug 1201367
https://www.suse.com/security/cve/CVE-2022-0216/
SUSE CVE CVE-2022-0216 page
https://www.suse.com/security/cve/CVE-2022-35414/
SUSE CVE CVE-2022-35414 page

Описание

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Затронутые продукты

Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.1:qemu-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.1:qemu-arm-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.1:qemu-ipxe-1.0.0+-150300.118.3

Ссылки

https://www.suse.com/security/cve/CVE-2022-0216.html
CVE-2022-0216
https://bugzilla.suse.com/1198038
SUSE Bug 1198038

Описание

** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time."

Затронутые продукты

Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.1:qemu-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.1:qemu-arm-5.2.0-150300.118.3

SUSE Linux Enterprise Micro 5.1:qemu-ipxe-1.0.0+-150300.118.3

Ссылки

https://www.suse.com/security/cve/CVE-2022-35414.html
CVE-2022-35414
https://bugzilla.suse.com/1201367
SUSE Bug 1201367

SUSE-SU-2022:3660-1

Описание

Список пакетов

Container suse/sle-micro-rancher/5.2:latest

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Module for Basesystem 15 SP3

SUSE Linux Enterprise Module for Server Applications 15 SP3

openSUSE Leap 15.3

openSUSE Leap Micro 5.2

Ссылки

Уязвимость: CVE-2022-0216

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-35414

Описание

Затронутые продукты

Ссылки