Oval Definition:oval:org.opensuse.security:def:53191
Revision Date:2020-12-01Version:1
Title:Security update for qemu (Important)
Description:

This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process (bsc#1114529). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).

Non-security issues fixed:

- Fix slowness in arm32 emulation (bsc#1112499). - In order to improve spectre mitigation for s390x, add a new feature in the QEMU cpu model to provide the etoken cpu feature for guests (bsc#1107489).
Family:unixClass:patch
Status:Reference(s):1001367
1003800
1004477
1005070
1005072
1005076
1005555
1005558
1005562
1005564
1005566
1005569
1005581
1005582
1006539
1008318
1037559
1106222
1107489
1110910
1111006
1111010
1111013
1112499
1114422
1114529
1163985
920160
922220
922221
922222
922223
923142
952871
962052
963415
968046
968048
968051
968053
968374
986566
989980
990890
998677
CVE-2004-2779
CVE-2008-2109
CVE-2012-4559
CVE-2012-4560
CVE-2012-4561
CVE-2012-5112
CVE-2012-5133
CVE-2013-0176
CVE-2013-4238
CVE-2014-0017
CVE-2014-1344
CVE-2014-1384
CVE-2014-1385
CVE-2014-1386
CVE-2014-1387
CVE-2014-1388
CVE-2014-1389
CVE-2014-1390
CVE-2014-6272
CVE-2014-8132
CVE-2014-9140
CVE-2014-9645
CVE-2014-9687
CVE-2015-0261
CVE-2015-0295
CVE-2015-1858
CVE-2015-1859
CVE-2015-1860
CVE-2015-2153
CVE-2015-2154
CVE-2015-2155
CVE-2015-2304
CVE-2015-2330
CVE-2015-3146
CVE-2015-3197
CVE-2016-0702
CVE-2016-0703
CVE-2016-0704
CVE-2016-0739
CVE-2016-0797
CVE-2016-0799
CVE-2016-0800
CVE-2016-1572
CVE-2016-3492
CVE-2016-5418
CVE-2016-5584
CVE-2016-5624
CVE-2016-5626
CVE-2016-5629
CVE-2016-5844
CVE-2016-6250
CVE-2016-6663
CVE-2016-7440
CVE-2016-8283
CVE-2016-8687
CVE-2016-8688
CVE-2016-8689
CVE-2017-1000024
CVE-2017-11550
CVE-2017-11551
CVE-2017-8779
CVE-2018-10839
CVE-2018-15746
CVE-2018-16847
CVE-2018-17958
CVE-2018-17962
CVE-2018-17963
CVE-2018-18849
CVE-2020-1720
SUSE-SU-2015:0679-1
SUSE-SU-2016:0241-1
SUSE-SU-2016:0641-1
SUSE-SU-2016:2911-1
SUSE-SU-2016:2933-1
SUSE-SU-2017:1336-1
SUSE-SU-2018:3927-1
SUSE-SU-2020:0589-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 6-LTSS
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libXext6-1.3.3-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • gdb-8.3.1-lp151.4.3 is installed
  • OR gdb-testresults-8.3.1-lp151.4.3 is installed
  • OR gdbserver-8.3.1-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • xen-4.1.4_02-0.5 is installed
  • OR xen-doc-html-4.1.4_02-0.5 is installed
  • OR xen-doc-pdf-4.1.4_02-0.5 is installed
  • OR xen-kmp-default-4.1.4_02_3.0.58_0.6.6-0.5 is installed
  • OR xen-kmp-pae-4.1.4_02_3.0.58_0.6.6-0.5 is installed
  • OR xen-kmp-trace-4.1.4_02_3.0.58_0.6.6-0.5 is installed
  • OR xen-libs-4.1.4_02-0.5 is installed
  • OR xen-libs-32bit-4.1.4_02-0.5 is installed
  • OR xen-tools-4.1.4_02-0.5 is installed
  • OR xen-tools-domU-4.1.4_02-0.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-31.5.3esr-0.8 is installed
  • OR MozillaFirefox-translations-31.5.3esr-0.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • ecryptfs-utils-61-1.35 is installed
  • OR ecryptfs-utils-32bit-61-1.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND tcpdump-4.5.1-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • compat-openssl098-0.9.8j-94 is installed
  • OR libopenssl0_9_8-0.9.8j-94 is installed
  • OR libopenssl0_9_8-32bit-0.9.8j-94 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND libevent-2_0-5-2.0.21-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND busybox-1.21.1-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND libid3tag0-0.15.1b-184.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • qemu-2.11.2-9.12 is installed
  • OR qemu-arm-2.11.2-9.12 is installed
  • OR qemu-block-curl-2.11.2-9.12 is installed
  • OR qemu-block-iscsi-2.11.2-9.12 is installed
  • OR qemu-block-rbd-2.11.2-9.12 is installed
  • OR qemu-block-ssh-2.11.2-9.12 is installed
  • OR qemu-guest-agent-2.11.2-9.12 is installed
  • OR qemu-ipxe-1.0.0+-9.12 is installed
  • OR qemu-kvm-2.11.2-9.12 is installed
  • OR qemu-lang-2.11.2-9.12 is installed
  • OR qemu-ppc-2.11.2-9.12 is installed
  • OR qemu-s390-2.11.2-9.12 is installed
  • OR qemu-seabios-1.11.0-9.12 is installed
  • OR qemu-sgabios-8-9.12 is installed
  • OR qemu-vgabios-1.11.0-9.12 is installed
  • OR qemu-x86-2.11.2-9.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • accountsservice-0.6.35-3 is installed
  • OR accountsservice-lang-0.6.35-3 is installed
  • OR libaccountsservice0-0.6.35-3 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.35-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kernel-default-3.12.74-60.64.88 is installed
  • OR kernel-default-base-3.12.74-60.64.88 is installed
  • OR kernel-default-devel-3.12.74-60.64.88 is installed
  • OR kernel-default-man-3.12.74-60.64.88 is installed
  • OR kernel-devel-3.12.74-60.64.88 is installed
  • OR kernel-macros-3.12.74-60.64.88 is installed
  • OR kernel-source-3.12.74-60.64.88 is installed
  • OR kernel-syms-3.12.74-60.64.88 is installed
  • OR kernel-xen-3.12.74-60.64.88 is installed
  • OR kernel-xen-base-3.12.74-60.64.88 is installed
  • OR kernel-xen-devel-3.12.74-60.64.88 is installed
  • OR kgraft-patch-3_12_74-60_64_88-default-1-2.3 is installed
  • OR kgraft-patch-3_12_74-60_64_88-xen-1-2.3 is installed
  • OR kgraft-patch-SLE12-SP1_Update_27-1-2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gdm-3.10.0.1-52 is installed
  • OR gdm-lang-3.10.0.1-52 is installed
  • OR gdmflexiserver-3.10.0.1-52 is installed
  • OR libgdm1-3.10.0.1-52 is installed
  • OR typelib-1_0-Gdm-1_0-3.10.0.1-52 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • git-2.12.3-27.17 is installed
  • OR git-core-2.12.3-27.17 is installed
  • OR git-doc-2.12.3-27.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_114-92_64-default-10-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_18-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND yast2-smt-3.0.14-17.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • augeas-1.2.0-15 is installed
  • OR augeas-lenses-1.2.0-15 is installed
  • OR libaugeas0-1.2.0-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-60.8.0-109.83 is installed
  • OR MozillaFirefox-translations-common-60.8.0-109.83 is installed
  • OR libfreebl3-3.44.1-58.28 is installed
  • OR libfreebl3-32bit-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-3.44.1-58.28 is installed
  • OR libsoftokn3-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-3.44.1-58.28 is installed
  • OR mozilla-nss-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-tools-3.44.1-58.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • MozillaFirefox-60.9.0-109.86 is installed
  • OR MozillaFirefox-translations-common-60.9.0-109.86 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_143-94_47-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_16-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND ucode-intel-20180807-13.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • ceph-common-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librados2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librbd1-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librgw2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rados-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rbd-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rgw-12.2.8+git.1536505967.080f2248ff-2.15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-bundler-1.7.3-3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6-LTSS is installed
  • AND Package Information
  • ruby2.1-rubygem-actionview-4_2-4.2.9-9.9 is installed
  • OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6 is installed
  • OR rubygem-actionview-4_2-4.2.9-9.9 is installed
  • OR rubygem-activesupport-4_2-4.2.9-7.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • qemu-2.6.2-41.46 is installed
  • OR qemu-block-curl-2.6.2-41.46 is installed
  • OR qemu-block-rbd-2.6.2-41.46 is installed
  • OR qemu-block-ssh-2.6.2-41.46 is installed
  • OR qemu-guest-agent-2.6.2-41.46 is installed
  • OR qemu-ipxe-1.0.0-41.46 is installed
  • OR qemu-kvm-2.6.2-41.46 is installed
  • OR qemu-lang-2.6.2-41.46 is installed
  • OR qemu-s390-2.6.2-41.46 is installed
  • OR qemu-seabios-1.9.1-41.46 is installed
  • OR qemu-sgabios-8-41.46 is installed
  • OR qemu-tools-2.6.2-41.46 is installed
  • OR qemu-vgabios-1.9.1-41.46 is installed
  • OR qemu-x86-2.6.2-41.46 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libmariadb3-3.0.3-3.3 is installed
  • OR mariadb-10.2.15-4.3 is installed
  • OR mariadb-client-10.2.15-4.3 is installed
  • OR mariadb-connector-c-3.0.3-3.3 is installed
  • OR mariadb-errormessages-10.2.15-4.3 is installed
  • OR mariadb-galera-10.2.15-4.3 is installed
  • OR mariadb-tools-10.2.15-4.3 is installed
  • OR xtrabackup-2.4.10-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Twisted-15.2.1-9.8 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND nodejs6-6.14.3-11.15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • mariadb-10.2.25-3.19 is installed
  • OR mariadb-galera-10.2.25-3.19 is installed
    • BACK