You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa qemu

Sigurnosni nedostaci programskog paketa qemu

openSUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2041-1
Rating: important
References: #1128106 #1133031 #1134883 #1135210 #1135902
#1136540 #1136778 #1138534 #1140402 #1143794
#1144087
Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378
CVE-2019-5008
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves four vulnerabilities and has 7 fixes
is now available.

Description:

This update for qemu fixes the following issues:

Security issues fixed:

– CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet
input (bsc#1143794).
– CVE-2019-12155: Security fix for null pointer dereference while
releasing spice resources (bsc#1135902).
– CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed
when names are too long (bsc#1140402).
– CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual
machine possible through guest device driver (bsc#1133031).

Bug fixes and enhancements:

– Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge
(jsc#SLE-4883)
– Add SnowRidge-Server vcpu model (jsc#SLE-4883)
– Add in documentation about md-clear feature (bsc#1138534)
– Fix SEV issue where older machine type is not processed correctly
(bsc#1144087)
– Fix case of a bad pointer in Xen PV usb support code (bsc#1128106)
– Further refine arch-capabilities handling to help with security and
performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)
– Add support for one more security/performance related vcpu feature
(bsc#1136778) (fate#327796)
– Ignore csske for expanding the cpu model (bsc#1136540)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2041=1

Package List:

– openSUSE Leap 15.1 (x86_64):

qemu-3.1.1-lp151.7.3.3
qemu-arm-3.1.1-lp151.7.3.3
qemu-arm-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-alsa-3.1.1-lp151.7.3.3
qemu-audio-alsa-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-oss-3.1.1-lp151.7.3.3
qemu-audio-oss-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-pa-3.1.1-lp151.7.3.3
qemu-audio-pa-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-sdl-3.1.1-lp151.7.3.3
qemu-audio-sdl-debuginfo-3.1.1-lp151.7.3.3
qemu-block-curl-3.1.1-lp151.7.3.3
qemu-block-curl-debuginfo-3.1.1-lp151.7.3.3
qemu-block-dmg-3.1.1-lp151.7.3.3
qemu-block-dmg-debuginfo-3.1.1-lp151.7.3.3
qemu-block-gluster-3.1.1-lp151.7.3.3
qemu-block-gluster-debuginfo-3.1.1-lp151.7.3.3
qemu-block-iscsi-3.1.1-lp151.7.3.3
qemu-block-iscsi-debuginfo-3.1.1-lp151.7.3.3
qemu-block-nfs-3.1.1-lp151.7.3.3
qemu-block-nfs-debuginfo-3.1.1-lp151.7.3.3
qemu-block-rbd-3.1.1-lp151.7.3.3
qemu-block-rbd-debuginfo-3.1.1-lp151.7.3.3
qemu-block-ssh-3.1.1-lp151.7.3.3
qemu-block-ssh-debuginfo-3.1.1-lp151.7.3.3
qemu-debuginfo-3.1.1-lp151.7.3.3
qemu-debugsource-3.1.1-lp151.7.3.3
qemu-extra-3.1.1-lp151.7.3.3
qemu-extra-debuginfo-3.1.1-lp151.7.3.3
qemu-guest-agent-3.1.1-lp151.7.3.3
qemu-guest-agent-debuginfo-3.1.1-lp151.7.3.3
qemu-ksm-3.1.1-lp151.7.3.3
qemu-kvm-3.1.1-lp151.7.3.3
qemu-lang-3.1.1-lp151.7.3.3
qemu-linux-user-3.1.1-lp151.7.3.2
qemu-linux-user-debuginfo-3.1.1-lp151.7.3.2
qemu-linux-user-debugsource-3.1.1-lp151.7.3.2
qemu-ppc-3.1.1-lp151.7.3.3
qemu-ppc-debuginfo-3.1.1-lp151.7.3.3
qemu-s390-3.1.1-lp151.7.3.3
qemu-s390-debuginfo-3.1.1-lp151.7.3.3
qemu-testsuite-3.1.1-lp151.7.3.3
qemu-tools-3.1.1-lp151.7.3.3
qemu-tools-debuginfo-3.1.1-lp151.7.3.3
qemu-ui-curses-3.1.1-lp151.7.3.3
qemu-ui-curses-debuginfo-3.1.1-lp151.7.3.3
qemu-ui-gtk-3.1.1-lp151.7.3.3
qemu-ui-gtk-debuginfo-3.1.1-lp151.7.3.3
qemu-ui-sdl-3.1.1-lp151.7.3.3
qemu-ui-sdl-debuginfo-3.1.1-lp151.7.3.3
qemu-x86-3.1.1-lp151.7.3.3
qemu-x86-debuginfo-3.1.1-lp151.7.3.3

– openSUSE Leap 15.1 (noarch):

qemu-ipxe-1.0.0+-lp151.7.3.3
qemu-seabios-1.12.0-lp151.7.3.3
qemu-sgabios-8-lp151.7.3.3
qemu-vgabios-1.12.0-lp151.7.3.3

References:

https://www.suse.com/security/cve/CVE-2019-12155.html
https://www.suse.com/security/cve/CVE-2019-13164.html
https://www.suse.com/security/cve/CVE-2019-14378.html
https://www.suse.com/security/cve/CVE-2019-5008.html
https://bugzilla.suse.com/1128106
https://bugzilla.suse.com/1133031
https://bugzilla.suse.com/1134883
https://bugzilla.suse.com/1135210
https://bugzilla.suse.com/1135902
https://bugzilla.suse.com/1136540
https://bugzilla.suse.com/1136778
https://bugzilla.suse.com/1138534
https://bugzilla.suse.com/1140402
https://bugzilla.suse.com/1143794
https://bugzilla.suse.com/1144087


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke GNOME desktop library

Otkriven je sigurnosni nedostatak programske biblioteke GNOME desktop library za operacijski sustav Gentoo. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih...

Close