openSUSE-SU-2020:0756-1

Опубликовано: 02 июн. 2020

Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

Security issue fixed:

CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).

Non-security issues fixed:

Fixed an issue where limiting the memory bandwidth was not possible (bsc#1167816).
Fixed the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1158880).
Miscellaneous fixes to the in-package support documentation.

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

qemu-3.1.1.1-lp151.7.15.2

qemu-arm-3.1.1.1-lp151.7.15.2

qemu-audio-alsa-3.1.1.1-lp151.7.15.2

qemu-audio-oss-3.1.1.1-lp151.7.15.2

qemu-audio-pa-3.1.1.1-lp151.7.15.2

qemu-audio-sdl-3.1.1.1-lp151.7.15.2

qemu-block-curl-3.1.1.1-lp151.7.15.2

qemu-block-dmg-3.1.1.1-lp151.7.15.2

qemu-block-gluster-3.1.1.1-lp151.7.15.2

qemu-block-iscsi-3.1.1.1-lp151.7.15.2

qemu-block-nfs-3.1.1.1-lp151.7.15.2

qemu-block-rbd-3.1.1.1-lp151.7.15.2

qemu-block-ssh-3.1.1.1-lp151.7.15.2

qemu-extra-3.1.1.1-lp151.7.15.2

qemu-guest-agent-3.1.1.1-lp151.7.15.2

qemu-ipxe-1.0.0+-lp151.7.15.2

qemu-ksm-3.1.1.1-lp151.7.15.2

qemu-kvm-3.1.1.1-lp151.7.15.2

qemu-lang-3.1.1.1-lp151.7.15.2

qemu-linux-user-3.1.1.1-lp151.7.15.2

qemu-ppc-3.1.1.1-lp151.7.15.2

qemu-s390-3.1.1.1-lp151.7.15.2

qemu-seabios-1.12.0-lp151.7.15.2

qemu-sgabios-8-lp151.7.15.2

qemu-tools-3.1.1.1-lp151.7.15.2

qemu-ui-curses-3.1.1.1-lp151.7.15.2

qemu-ui-gtk-3.1.1.1-lp151.7.15.2

qemu-ui-sdl-3.1.1.1-lp151.7.15.2

qemu-vgabios-1.12.0-lp151.7.15.2

qemu-x86-3.1.1.1-lp151.7.15.2

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ODUWECA6HHYVEDIL3STBFAHJCJLTCAPV/
E-Mail link for openSUSE-SU-2020:0756-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1158880
SUSE Bug 1158880
https://bugzilla.suse.com/1167816
SUSE Bug 1167816
https://bugzilla.suse.com/1170940
SUSE Bug 1170940
https://www.suse.com/security/cve/CVE-2020-1983/
SUSE CVE CVE-2020-1983 page

Описание

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

Затронутые продукты

openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.15.2

openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.15.2

openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.15.2

openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.15.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-1983.html
CVE-2020-1983
https://bugzilla.suse.com/1170940
SUSE Bug 1170940

openSUSE-SU-2020:0756-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-1983

Описание

Затронутые продукты

Ссылки