openSUSE-SU-2022:0177-1

Опубликовано: 25 янв. 2022

Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361).

Список пакетов

openSUSE Leap 15.3

qemu-5.2.0-150300.109.2

qemu-arm-5.2.0-150300.109.2

qemu-audio-alsa-5.2.0-150300.109.2

qemu-audio-pa-5.2.0-150300.109.2

qemu-audio-spice-5.2.0-150300.109.2

qemu-block-curl-5.2.0-150300.109.2

qemu-block-dmg-5.2.0-150300.109.2

qemu-block-gluster-5.2.0-150300.109.2

qemu-block-iscsi-5.2.0-150300.109.2

qemu-block-nfs-5.2.0-150300.109.2

qemu-block-rbd-5.2.0-150300.109.2

qemu-block-ssh-5.2.0-150300.109.2

qemu-chardev-baum-5.2.0-150300.109.2

qemu-chardev-spice-5.2.0-150300.109.2

qemu-extra-5.2.0-150300.109.2

qemu-guest-agent-5.2.0-150300.109.2

qemu-hw-display-qxl-5.2.0-150300.109.2

qemu-hw-display-virtio-gpu-5.2.0-150300.109.2

qemu-hw-display-virtio-gpu-pci-5.2.0-150300.109.2

qemu-hw-display-virtio-vga-5.2.0-150300.109.2

qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.109.2

qemu-hw-usb-redirect-5.2.0-150300.109.2

qemu-hw-usb-smartcard-5.2.0-150300.109.2

qemu-ipxe-1.0.0+-150300.109.2

qemu-ivshmem-tools-5.2.0-150300.109.2

qemu-ksm-5.2.0-150300.109.2

qemu-kvm-5.2.0-150300.109.2

qemu-lang-5.2.0-150300.109.2

qemu-linux-user-5.2.0-150300.109.2

qemu-microvm-5.2.0-150300.109.2

qemu-ppc-5.2.0-150300.109.2

qemu-s390x-5.2.0-150300.109.2

qemu-seabios-1.14.0_0_g155821a-150300.109.2

qemu-sgabios-8-150300.109.2

qemu-skiboot-5.2.0-150300.109.2

qemu-testsuite-5.2.0-150300.109.4

qemu-tools-5.2.0-150300.109.2

qemu-ui-curses-5.2.0-150300.109.2

qemu-ui-gtk-5.2.0-150300.109.2

qemu-ui-opengl-5.2.0-150300.109.2

qemu-ui-spice-app-5.2.0-150300.109.2

qemu-ui-spice-core-5.2.0-150300.109.2

qemu-vgabios-1.14.0_0_g155821a-150300.109.2

qemu-vhost-user-gpu-5.2.0-150300.109.2

qemu-x86-5.2.0-150300.109.2

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6XYIZAS6LJG7AX5XUIXPP347424BX5VK/
E-Mail link for openSUSE-SU-2022:0177-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1181361
SUSE Bug 1181361
https://www.suse.com/security/cve/CVE-2021-20196/
SUSE CVE CVE-2021-20196 page

Описание

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Затронутые продукты

openSUSE Leap 15.3:qemu-5.2.0-150300.109.2

openSUSE Leap 15.3:qemu-arm-5.2.0-150300.109.2

openSUSE Leap 15.3:qemu-audio-alsa-5.2.0-150300.109.2

openSUSE Leap 15.3:qemu-audio-pa-5.2.0-150300.109.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-20196.html
CVE-2021-20196
https://bugzilla.suse.com/1181361
SUSE Bug 1181361

openSUSE-SU-2022:0177-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-20196

Описание

Затронутые продукты

Ссылки