Описание
Security update for qemu
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).
- CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957).
Non-security issues fixed:
- Improved disk performance for qemu on xen (bsc#1100408).
- Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993).
- Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600).
- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646).
- Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:0254-1
- SUSE Security Ratings
- SUSE Bug 1063993
- SUSE Bug 1079730
- SUSE Bug 1100408
- SUSE Bug 1101982
- SUSE Bug 1112646
- SUSE Bug 1114957
- SUSE Bug 1116717
- SUSE Bug 1117275
- SUSE Bug 1119493
- SUSE Bug 1121600
- SUSE Bug 1123156
- SUSE Bug 1123179
- SUSE CVE CVE-2018-16872 page
- SUSE CVE CVE-2018-18954 page
- SUSE CVE CVE-2018-19364 page
- SUSE CVE CVE-2018-19489 page
- SUSE CVE CVE-2019-6778 page
Описание
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
Затронутые продукты
Ссылки
- CVE-2018-16872
- SUSE Bug 1119493
- SUSE Bug 1119494
Описание
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
Затронутые продукты
Ссылки
- CVE-2018-18954
- SUSE Bug 1114957
Описание
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
Затронутые продукты
Ссылки
- CVE-2018-19364
- SUSE Bug 1116717
- SUSE Bug 1116726
Описание
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
Затронутые продукты
Ссылки
- CVE-2018-19489
- SUSE Bug 1117275
- SUSE Bug 1117279
Описание
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2019-6778
- SUSE Bug 1123156
- SUSE Bug 1123157
- SUSE Bug 1178658