Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1274-1

Опубликовано: 25 апр. 2019
Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

Security issues fixed:

  • CVE-2019-9824: Fixed information leak in slirp (bsc#1129622).
  • CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 hostinformation (bsc#1126455).
  • CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in virtual monitor interface (bsc#1125721).
  • CVE-2018-20815: Fixed a denial of service possibility in device tree processing (bsc#1130675).

Non-security issue fixed:

  • Backported Skylake-Server vcpu model support from qemu v2.11 (FATE#327261 bsc#1131955).
  • Added ability to set virtqueue size using virtqueue_size parameter (FATE#327255 bsc#1118900).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Список пакетов

openSUSE Leap 42.3
qemu-2.9.1-59.1
qemu-arm-2.9.1-59.1
qemu-block-curl-2.9.1-59.1
qemu-block-dmg-2.9.1-59.1
qemu-block-iscsi-2.9.1-59.1
qemu-block-rbd-2.9.1-59.1
qemu-block-ssh-2.9.1-59.1
qemu-extra-2.9.1-59.1
qemu-guest-agent-2.9.1-59.1
qemu-ipxe-1.0.0+-59.1
qemu-ksm-2.9.1-59.1
qemu-kvm-2.9.1-59.1
qemu-lang-2.9.1-59.1
qemu-linux-user-2.9.1-59.1
qemu-ppc-2.9.1-59.1
qemu-s390-2.9.1-59.1
qemu-seabios-1.10.2-59.1
qemu-sgabios-8-59.1
qemu-testsuite-2.9.1-59.2
qemu-tools-2.9.1-59.1
qemu-vgabios-1.10.2-59.1
qemu-x86-2.9.1-59.1

Ссылки

Описание

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

Затронутые продукты
openSUSE Leap 42.3:qemu-2.9.1-59.1
openSUSE Leap 42.3:qemu-arm-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-curl-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-dmg-2.9.1-59.1
Ссылки

Описание

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

Затронутые продукты
openSUSE Leap 42.3:qemu-2.9.1-59.1
openSUSE Leap 42.3:qemu-arm-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-curl-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-dmg-2.9.1-59.1
Ссылки

Описание

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Затронутые продукты
openSUSE Leap 42.3:qemu-2.9.1-59.1
openSUSE Leap 42.3:qemu-arm-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-curl-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-dmg-2.9.1-59.1
Ссылки

Описание

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Затронутые продукты
openSUSE Leap 42.3:qemu-2.9.1-59.1
openSUSE Leap 42.3:qemu-arm-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-curl-2.9.1-59.1
openSUSE Leap 42.3:qemu-block-dmg-2.9.1-59.1
Ссылки
Уязвимость openSUSE-SU-2019:1274-1