Oval Definition:oval:org.opensuse.security:def:201816867
Revision Date:2022-09-02Version:1
Title:CVE-2018-16867
Description:

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2018-16867
SUSE CVE-2018-16867
Platform(s):SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Software Development Kit 11 SP4
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND qemu is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND qemu is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND qemu is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND kvm is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND qemu is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND
  • qemu is not affected
  • OR qemu-block-curl is not affected
  • OR qemu-block-iscsi is not affected
  • OR qemu-block-rbd is not affected
  • OR qemu-block-ssh is not affected
  • OR qemu-guest-agent is not affected
  • OR qemu-ipxe is not affected
  • OR qemu-kvm is not affected
  • OR qemu-lang is not affected
  • OR qemu-ppc is not affected
  • OR qemu-seabios is not affected
  • OR qemu-sgabios is not affected
  • OR qemu-tools is not affected
  • OR qemu-vgabios is not affected
  • OR qemu-x86 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 is installed
  • OR SUSE Linux Enterprise Server 15 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND qemu is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Basesystem 15 is installed
  • OR SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND qemu is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND qemu is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND qemu is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND
  • qemu is not affected
  • OR qemu-block-curl is not affected
  • OR qemu-block-iscsi is not affected
  • OR qemu-block-rbd is not affected
  • OR qemu-block-ssh is not affected
  • OR qemu-guest-agent is not affected
  • OR qemu-ipxe is not affected
  • OR qemu-kvm is not affected
  • OR qemu-lang is not affected
  • OR qemu-ppc is not affected
  • OR qemu-seabios is not affected
  • OR qemu-sgabios is not affected
  • OR qemu-tools is not affected
  • OR qemu-vgabios is not affected
  • OR qemu-x86 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • AND qemu is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND
  • qemu is not affected
  • OR qemu-block-curl is not affected
  • OR qemu-block-iscsi is not affected
  • OR qemu-block-rbd is not affected
  • OR qemu-block-ssh is not affected
  • OR qemu-guest-agent is not affected
  • OR qemu-ipxe is not affected
  • OR qemu-kvm is not affected
  • OR qemu-lang is not affected
  • OR qemu-ppc is not affected
  • OR qemu-seabios is not affected
  • OR qemu-sgabios is not affected
  • OR qemu-tools is not affected
  • OR qemu-vgabios is not affected
  • OR qemu-x86 is not affected
    • BACK