Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968).
- CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001).
Список пакетов
Container suse/sle-micro-rancher/5.3:latest
qemu-guest-agent-6.2.0-150400.37.20.1
Container suse/sle-micro-rancher/5.4:latest
qemu-guest-agent-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.3
qemu-6.2.0-150400.37.20.1
qemu-accel-tcg-x86-6.2.0-150400.37.20.1
qemu-arm-6.2.0-150400.37.20.1
qemu-audio-spice-6.2.0-150400.37.20.1
qemu-chardev-spice-6.2.0-150400.37.20.1
qemu-guest-agent-6.2.0-150400.37.20.1
qemu-hw-display-qxl-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1
qemu-hw-usb-redirect-6.2.0-150400.37.20.1
qemu-ipxe-1.0.0+-150400.37.20.1
qemu-s390x-6.2.0-150400.37.20.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-sgabios-8-150400.37.20.1
qemu-tools-6.2.0-150400.37.20.1
qemu-ui-opengl-6.2.0-150400.37.20.1
qemu-ui-spice-core-6.2.0-150400.37.20.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-x86-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.4
qemu-6.2.0-150400.37.20.1
qemu-accel-tcg-x86-6.2.0-150400.37.20.1
qemu-arm-6.2.0-150400.37.20.1
qemu-audio-spice-6.2.0-150400.37.20.1
qemu-chardev-spice-6.2.0-150400.37.20.1
qemu-guest-agent-6.2.0-150400.37.20.1
qemu-hw-display-qxl-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1
qemu-hw-usb-redirect-6.2.0-150400.37.20.1
qemu-ipxe-1.0.0+-150400.37.20.1
qemu-s390x-6.2.0-150400.37.20.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-sgabios-8-150400.37.20.1
qemu-tools-6.2.0-150400.37.20.1
qemu-ui-opengl-6.2.0-150400.37.20.1
qemu-ui-spice-core-6.2.0-150400.37.20.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-x86-6.2.0-150400.37.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
qemu-tools-6.2.0-150400.37.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
qemu-6.2.0-150400.37.20.1
qemu-SLOF-6.2.0-150400.37.20.1
qemu-accel-tcg-x86-6.2.0-150400.37.20.1
qemu-arm-6.2.0-150400.37.20.1
qemu-audio-alsa-6.2.0-150400.37.20.1
qemu-audio-pa-6.2.0-150400.37.20.1
qemu-audio-spice-6.2.0-150400.37.20.1
qemu-block-curl-6.2.0-150400.37.20.1
qemu-block-iscsi-6.2.0-150400.37.20.1
qemu-block-rbd-6.2.0-150400.37.20.1
qemu-block-ssh-6.2.0-150400.37.20.1
qemu-chardev-baum-6.2.0-150400.37.20.1
qemu-chardev-spice-6.2.0-150400.37.20.1
qemu-guest-agent-6.2.0-150400.37.20.1
qemu-hw-display-qxl-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.20.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.20.1
qemu-hw-usb-host-6.2.0-150400.37.20.1
qemu-hw-usb-redirect-6.2.0-150400.37.20.1
qemu-ipxe-1.0.0+-150400.37.20.1
qemu-ksm-6.2.0-150400.37.20.1
qemu-kvm-6.2.0-150400.37.20.1
qemu-lang-6.2.0-150400.37.20.1
qemu-ppc-6.2.0-150400.37.20.1
qemu-s390x-6.2.0-150400.37.20.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-sgabios-8-150400.37.20.1
qemu-skiboot-6.2.0-150400.37.20.1
qemu-ui-curses-6.2.0-150400.37.20.1
qemu-ui-gtk-6.2.0-150400.37.20.1
qemu-ui-opengl-6.2.0-150400.37.20.1
qemu-ui-spice-app-6.2.0-150400.37.20.1
qemu-ui-spice-core-6.2.0-150400.37.20.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-x86-6.2.0-150400.37.20.1
openSUSE Leap 15.4
qemu-6.2.0-150400.37.20.1
qemu-SLOF-6.2.0-150400.37.20.1
qemu-accel-qtest-6.2.0-150400.37.20.1
qemu-accel-tcg-x86-6.2.0-150400.37.20.1
qemu-arm-6.2.0-150400.37.20.1
qemu-audio-alsa-6.2.0-150400.37.20.1
qemu-audio-jack-6.2.0-150400.37.20.1
qemu-audio-pa-6.2.0-150400.37.20.1
qemu-audio-spice-6.2.0-150400.37.20.1
qemu-block-curl-6.2.0-150400.37.20.1
qemu-block-dmg-6.2.0-150400.37.20.1
qemu-block-gluster-6.2.0-150400.37.20.1
qemu-block-iscsi-6.2.0-150400.37.20.1
qemu-block-nfs-6.2.0-150400.37.20.1
qemu-block-rbd-6.2.0-150400.37.20.1
qemu-block-ssh-6.2.0-150400.37.20.1
qemu-chardev-baum-6.2.0-150400.37.20.1
qemu-chardev-spice-6.2.0-150400.37.20.1
qemu-extra-6.2.0-150400.37.20.1
qemu-guest-agent-6.2.0-150400.37.20.1
qemu-hw-display-qxl-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.20.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.20.1
qemu-hw-usb-host-6.2.0-150400.37.20.1
qemu-hw-usb-redirect-6.2.0-150400.37.20.1
qemu-hw-usb-smartcard-6.2.0-150400.37.20.1
qemu-ipxe-1.0.0+-150400.37.20.1
qemu-ivshmem-tools-6.2.0-150400.37.20.1
qemu-ksm-6.2.0-150400.37.20.1
qemu-kvm-6.2.0-150400.37.20.1
qemu-lang-6.2.0-150400.37.20.1
qemu-microvm-6.2.0-150400.37.20.1
qemu-ppc-6.2.0-150400.37.20.1
qemu-s390x-6.2.0-150400.37.20.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-sgabios-8-150400.37.20.1
qemu-skiboot-6.2.0-150400.37.20.1
qemu-tools-6.2.0-150400.37.20.1
qemu-ui-curses-6.2.0-150400.37.20.1
qemu-ui-gtk-6.2.0-150400.37.20.1
qemu-ui-opengl-6.2.0-150400.37.20.1
qemu-ui-spice-app-6.2.0-150400.37.20.1
qemu-ui-spice-core-6.2.0-150400.37.20.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-vhost-user-gpu-6.2.0-150400.37.20.1
qemu-x86-6.2.0-150400.37.20.1
openSUSE Leap Micro 5.3
qemu-6.2.0-150400.37.20.1
qemu-accel-tcg-x86-6.2.0-150400.37.20.1
qemu-arm-6.2.0-150400.37.20.1
qemu-audio-spice-6.2.0-150400.37.20.1
qemu-chardev-spice-6.2.0-150400.37.20.1
qemu-guest-agent-6.2.0-150400.37.20.1
qemu-hw-display-qxl-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1
qemu-hw-usb-redirect-6.2.0-150400.37.20.1
qemu-ipxe-1.0.0+-150400.37.20.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-sgabios-8-150400.37.20.1
qemu-tools-6.2.0-150400.37.20.1
qemu-ui-opengl-6.2.0-150400.37.20.1
qemu-ui-spice-core-6.2.0-150400.37.20.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-x86-6.2.0-150400.37.20.1
openSUSE Leap Micro 5.4
qemu-6.2.0-150400.37.20.1
qemu-accel-tcg-x86-6.2.0-150400.37.20.1
qemu-arm-6.2.0-150400.37.20.1
qemu-audio-spice-6.2.0-150400.37.20.1
qemu-chardev-spice-6.2.0-150400.37.20.1
qemu-guest-agent-6.2.0-150400.37.20.1
qemu-hw-display-qxl-6.2.0-150400.37.20.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1
qemu-hw-usb-redirect-6.2.0-150400.37.20.1
qemu-ipxe-1.0.0+-150400.37.20.1
qemu-s390x-6.2.0-150400.37.20.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-sgabios-8-150400.37.20.1
qemu-tools-6.2.0-150400.37.20.1
qemu-ui-opengl-6.2.0-150400.37.20.1
qemu-ui-spice-core-6.2.0-150400.37.20.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1
qemu-x86-6.2.0-150400.37.20.1
Ссылки
- Link for SUSE-SU-2023:3234-1
- E-Mail link for SUSE-SU-2023:3234-1
- SUSE Security Ratings
- SUSE Bug 1212968
- SUSE Bug 1213001
- SUSE Bug 1213414
- SUSE CVE CVE-2023-2861 page
- SUSE CVE CVE-2023-3255 page
- SUSE CVE CVE-2023-3301 page
Описание
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.
Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.20.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.20.1
Ссылки
- CVE-2023-2861
- SUSE Bug 1212968
Описание
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.
Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.20.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.20.1
Ссылки
- CVE-2023-3255
- SUSE Bug 1213001
Описание
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.20.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.20.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.20.1
Ссылки
- CVE-2023-3301
- SUSE Bug 1213414