Описание
Security update for qemu
This update for qemu fixes the following issues:
- CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1161066).
- CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation (bsc#1166379).
- CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine which could have allowed a remote denial of service or arbitrary code with privileges of the QEMU process on the host (bsc#1166240).
- CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating the identification protocol and copying message data to a socket buffer (bsc#1123156).
- CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1163018).
- CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to exhaustion of the host memory leading to a potential Denial of service (bsc#1165776).
- Fixed a live migration error (bsc#1154790).
- Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0468-1
- SUSE Security Ratings
- SUSE Bug 1123156
- SUSE Bug 1154790
- SUSE Bug 1161066
- SUSE Bug 1162729
- SUSE Bug 1163018
- SUSE Bug 1165776
- SUSE Bug 1166240
- SUSE Bug 1166379
- SUSE CVE CVE-2019-15034 page
- SUSE CVE CVE-2019-20382 page
- SUSE CVE CVE-2019-6778 page
- SUSE CVE CVE-2020-1711 page
- SUSE CVE CVE-2020-7039 page
- SUSE CVE CVE-2020-8608 page
Описание
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
Затронутые продукты
Ссылки
- CVE-2019-15034
- SUSE Bug 1166379
Описание
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
Затронутые продукты
Ссылки
- CVE-2019-20382
- SUSE Bug 1165776
Описание
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2019-6778
- SUSE Bug 1123156
- SUSE Bug 1123157
- SUSE Bug 1178658
Описание
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Затронутые продукты
Ссылки
- CVE-2020-1711
- SUSE Bug 1166240
Описание
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2020-7039
- SUSE Bug 1161066
Описание
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Затронутые продукты
Ссылки
- CVE-2020-8608
- SUSE Bug 1163018
- SUSE Bug 1163019