Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4056-1

Опубликовано: 12 окт. 2023
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

  • CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device (bsc#1213925).
  • CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free (bsc#1190011).
  • CVE-2021-3638: Fixed a buffer overflow in the ati-vga device (bsc#1188609).
  • CVE-2023-3354: Fixed an issue when performing a TLS handshake that could lead to remote denial of service via VNC connection (bsc#1212850).
  • CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device that could lead to a stack overflow (bsc#1207205).

Non-security fixes:

  • Fixed a potential build issue in the librm subcomponent (bsc#1215311).
  • Fixed a potential crash during VM migration (bsc#1213663).
  • Fixed potential issues during installation on a Xen host (bsc#1179993, bsc#1181740).

Список пакетов

Container suse/sle-micro-rancher/5.3:latest
qemu-guest-agent-6.2.0-150400.37.23.1
Container suse/sle-micro-rancher/5.4:latest
qemu-guest-agent-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3
qemu-6.2.0-150400.37.23.1
qemu-accel-tcg-x86-6.2.0-150400.37.23.1
qemu-arm-6.2.0-150400.37.23.1
qemu-audio-spice-6.2.0-150400.37.23.1
qemu-chardev-spice-6.2.0-150400.37.23.1
qemu-guest-agent-6.2.0-150400.37.23.1
qemu-hw-display-qxl-6.2.0-150400.37.23.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1
qemu-hw-usb-redirect-6.2.0-150400.37.23.1
qemu-ipxe-1.0.0+-150400.37.23.1
qemu-s390x-6.2.0-150400.37.23.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-sgabios-8-150400.37.23.1
qemu-tools-6.2.0-150400.37.23.1
qemu-ui-opengl-6.2.0-150400.37.23.1
qemu-ui-spice-core-6.2.0-150400.37.23.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-x86-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.4
qemu-6.2.0-150400.37.23.1
qemu-accel-tcg-x86-6.2.0-150400.37.23.1
qemu-arm-6.2.0-150400.37.23.1
qemu-audio-spice-6.2.0-150400.37.23.1
qemu-chardev-spice-6.2.0-150400.37.23.1
qemu-guest-agent-6.2.0-150400.37.23.1
qemu-hw-display-qxl-6.2.0-150400.37.23.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1
qemu-hw-usb-redirect-6.2.0-150400.37.23.1
qemu-ipxe-1.0.0+-150400.37.23.1
qemu-s390x-6.2.0-150400.37.23.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-sgabios-8-150400.37.23.1
qemu-tools-6.2.0-150400.37.23.1
qemu-ui-opengl-6.2.0-150400.37.23.1
qemu-ui-spice-core-6.2.0-150400.37.23.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-x86-6.2.0-150400.37.23.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
qemu-tools-6.2.0-150400.37.23.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
qemu-6.2.0-150400.37.23.1
qemu-SLOF-6.2.0-150400.37.23.1
qemu-accel-tcg-x86-6.2.0-150400.37.23.1
qemu-arm-6.2.0-150400.37.23.1
qemu-audio-alsa-6.2.0-150400.37.23.1
qemu-audio-pa-6.2.0-150400.37.23.1
qemu-audio-spice-6.2.0-150400.37.23.1
qemu-block-curl-6.2.0-150400.37.23.1
qemu-block-iscsi-6.2.0-150400.37.23.1
qemu-block-rbd-6.2.0-150400.37.23.1
qemu-block-ssh-6.2.0-150400.37.23.1
qemu-chardev-baum-6.2.0-150400.37.23.1
qemu-chardev-spice-6.2.0-150400.37.23.1
qemu-guest-agent-6.2.0-150400.37.23.1
qemu-hw-display-qxl-6.2.0-150400.37.23.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.23.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.23.1
qemu-hw-usb-host-6.2.0-150400.37.23.1
qemu-hw-usb-redirect-6.2.0-150400.37.23.1
qemu-ipxe-1.0.0+-150400.37.23.1
qemu-ksm-6.2.0-150400.37.23.1
qemu-kvm-6.2.0-150400.37.23.1
qemu-lang-6.2.0-150400.37.23.1
qemu-ppc-6.2.0-150400.37.23.1
qemu-s390x-6.2.0-150400.37.23.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-sgabios-8-150400.37.23.1
qemu-skiboot-6.2.0-150400.37.23.1
qemu-ui-curses-6.2.0-150400.37.23.1
qemu-ui-gtk-6.2.0-150400.37.23.1
qemu-ui-opengl-6.2.0-150400.37.23.1
qemu-ui-spice-app-6.2.0-150400.37.23.1
qemu-ui-spice-core-6.2.0-150400.37.23.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-x86-6.2.0-150400.37.23.1
openSUSE Leap 15.4
qemu-6.2.0-150400.37.23.1
qemu-SLOF-6.2.0-150400.37.23.1
qemu-accel-qtest-6.2.0-150400.37.23.1
qemu-accel-tcg-x86-6.2.0-150400.37.23.1
qemu-arm-6.2.0-150400.37.23.1
qemu-audio-alsa-6.2.0-150400.37.23.1
qemu-audio-jack-6.2.0-150400.37.23.1
qemu-audio-pa-6.2.0-150400.37.23.1
qemu-audio-spice-6.2.0-150400.37.23.1
qemu-block-curl-6.2.0-150400.37.23.1
qemu-block-dmg-6.2.0-150400.37.23.1
qemu-block-gluster-6.2.0-150400.37.23.1
qemu-block-iscsi-6.2.0-150400.37.23.1
qemu-block-nfs-6.2.0-150400.37.23.1
qemu-block-rbd-6.2.0-150400.37.23.1
qemu-block-ssh-6.2.0-150400.37.23.1
qemu-chardev-baum-6.2.0-150400.37.23.1
qemu-chardev-spice-6.2.0-150400.37.23.1
qemu-extra-6.2.0-150400.37.23.1
qemu-guest-agent-6.2.0-150400.37.23.1
qemu-hw-display-qxl-6.2.0-150400.37.23.1
qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.23.1
qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.23.1
qemu-hw-usb-host-6.2.0-150400.37.23.1
qemu-hw-usb-redirect-6.2.0-150400.37.23.1
qemu-hw-usb-smartcard-6.2.0-150400.37.23.1
qemu-ipxe-1.0.0+-150400.37.23.1
qemu-ivshmem-tools-6.2.0-150400.37.23.1
qemu-ksm-6.2.0-150400.37.23.1
qemu-kvm-6.2.0-150400.37.23.1
qemu-lang-6.2.0-150400.37.23.1
qemu-microvm-6.2.0-150400.37.23.1
qemu-ppc-6.2.0-150400.37.23.1
qemu-s390x-6.2.0-150400.37.23.1
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-sgabios-8-150400.37.23.1
qemu-skiboot-6.2.0-150400.37.23.1
qemu-tools-6.2.0-150400.37.23.1
qemu-ui-curses-6.2.0-150400.37.23.1
qemu-ui-gtk-6.2.0-150400.37.23.1
qemu-ui-opengl-6.2.0-150400.37.23.1
qemu-ui-spice-app-6.2.0-150400.37.23.1
qemu-ui-spice-core-6.2.0-150400.37.23.1
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1
qemu-vhost-user-gpu-6.2.0-150400.37.23.1
qemu-x86-6.2.0-150400.37.23.1

Ссылки

Описание

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.23.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.23.1
Ссылки

Описание

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.

Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.23.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.23.1
Ссылки

Описание

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.23.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.23.1
Ссылки

Описание

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.23.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.23.1
Ссылки

Описание

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Затронутые продукты
Container suse/sle-micro-rancher/5.3:latest:qemu-guest-agent-6.2.0-150400.37.23.1
Container suse/sle-micro-rancher/5.4:latest:qemu-guest-agent-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-6.2.0-150400.37.23.1
SUSE Linux Enterprise Micro 5.3:qemu-accel-tcg-x86-6.2.0-150400.37.23.1
Ссылки
Уязвимость SUSE-SU-2023:4056-1