Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:2402-1

Опубликовано: 17 авг. 2018
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu to version 2.11.2 fixes the following issues:

Security issue fixed:

  • CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223).
  • CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082).
  • CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291)

Bug fixes:

  • bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1.
  • bsc#1094898: qemu-guest-agent service doesn't work in version Leap 15.0.
  • bsc#1094725: virsh blockresize does not work with Xen qdisks.
  • bsc#1094913: QEMU crashes when starting a guest with more than 7.999TB.

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
qemu-2.11.2-lp150.7.6.1
qemu-arm-2.11.2-lp150.7.6.1
qemu-block-curl-2.11.2-lp150.7.6.1
qemu-block-dmg-2.11.2-lp150.7.6.1
qemu-block-gluster-2.11.2-lp150.7.6.1
qemu-block-iscsi-2.11.2-lp150.7.6.1
qemu-block-rbd-2.11.2-lp150.7.6.1
qemu-block-ssh-2.11.2-lp150.7.6.1
qemu-extra-2.11.2-lp150.7.6.1
qemu-guest-agent-2.11.2-lp150.7.6.1
qemu-ipxe-1.0.0-lp150.7.6.1
qemu-ksm-2.11.2-lp150.7.6.1
qemu-kvm-2.11.2-lp150.7.6.1
qemu-lang-2.11.2-lp150.7.6.1
qemu-linux-user-2.11.2-lp150.7.6.1
qemu-ppc-2.11.2-lp150.7.6.1
qemu-s390-2.11.2-lp150.7.6.1
qemu-seabios-1.11.0-lp150.7.6.1
qemu-sgabios-8-lp150.7.6.1
qemu-testsuite-2.11.2-lp150.7.6.1
qemu-tools-2.11.2-lp150.7.6.1
qemu-vgabios-1.11.0-lp150.7.6.1
qemu-x86-2.11.2-lp150.7.6.1

Ссылки

Описание

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

Затронутые продукты
openSUSE Leap 15.0:qemu-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.6.1
Ссылки

Описание

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Затронутые продукты
openSUSE Leap 15.0:qemu-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.6.1
Ссылки

Описание

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Затронутые продукты
openSUSE Leap 15.0:qemu-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.6.1
openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.6.1
Ссылки
Уязвимость openSUSE-SU-2018:2402-1