Описание
Security update for qemu
This update for qemu fixes the following issues:
qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively)
Security issues fixed:
- CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873)
- CVE-2019-11135: Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506)
- CVE-2018-12207: Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (bsc#1117665)
Other issues fixed:
- Change how this bug gets fixed (bsc#1144087)
- Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0. (bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)
- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)
- Additional hardware instruction support for s390, also update qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2510-1
- SUSE Security Ratings
- SUSE Bug 1079730
- SUSE Bug 1098403
- SUSE Bug 1111025
- SUSE Bug 1117665
- SUSE Bug 1119991
- SUSE Bug 1143794
- SUSE Bug 1144087
- SUSE Bug 1145379
- SUSE Bug 1145427
- SUSE Bug 1145436
- SUSE Bug 1145774
- SUSE Bug 1146873
- SUSE Bug 1149811
- SUSE Bug 1152506
- SUSE CVE CVE-2018-12207 page
- SUSE CVE CVE-2018-20126 page
- SUSE CVE CVE-2019-11135 page
- SUSE CVE CVE-2019-12068 page
Описание
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
Затронутые продукты
Ссылки
- CVE-2018-12207
- SUSE Bug 1117665
- SUSE Bug 1139073
- SUSE Bug 1152505
- SUSE Bug 1155812
- SUSE Bug 1155817
- SUSE Bug 1155945
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
Затронутые продукты
Ссылки
- CVE-2018-20126
- SUSE Bug 1119991
Описание
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
Затронутые продукты
Ссылки
- CVE-2019-11135
- SUSE Bug 1139073
- SUSE Bug 1152497
- SUSE Bug 1152505
- SUSE Bug 1152506
- SUSE Bug 1160120
- SUSE Bug 1201877
Описание
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Затронутые продукты
Ссылки
- CVE-2019-12068
- SUSE Bug 1146873
- SUSE Bug 1146874
- SUSE Bug 1178658
Описание
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Затронутые продукты
Ссылки
- CVE-2019-14378
- SUSE Bug 1143794
- SUSE Bug 1143797
- SUSE Bug 1178658
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658