Oval Definition:oval:org.opensuse.security:def:55633
Revision Date:2020-12-01Version:1
Title:Security update for qemu (Moderate)
Description:



QEMU was updated to fix various bugs and security issues.

Following security issues were fixed: CVE-2014-8106: Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU allowed local guest users to execute arbitrary code via vectors related to blit regions.

CVE-2014-7840: The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allowed remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

Also a bug was fixed where qemu-img convert could occasionaly corrupt images. (bsc#908380)
Family:unixClass:patch
Status:Reference(s):1031875
1031877
1031879
1031886
1032880
1033783
1048715
1109412
1109413
1109414
1111996
1112534
1112535
1113247
1113252
1113255
1116827
1118830
1118831
1120640
1121034
1121035
1121056
1133131
1133232
1138301
1138302
1138303
1141913
1142772
1152856
1154212
1159861
1160369
1161194
828003
854151
855980
856496
856498
897031
901242
905097
907805
908380
963041
967671
974847
CVE-2009-0035
CVE-2013-2131
CVE-2013-7112
CVE-2013-7113
CVE-2013-7114
CVE-2014-0240
CVE-2014-4288
CVE-2014-6051
CVE-2014-6052
CVE-2014-6053
CVE-2014-6054
CVE-2014-6055
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6466
CVE-2014-6468
CVE-2014-6476
CVE-2014-6485
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6513
CVE-2014-6515
CVE-2014-6517
CVE-2014-6519
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
CVE-2014-6562
CVE-2014-7840
CVE-2014-8106
CVE-2015-1782
CVE-2016-3977
CVE-2017-3308
CVE-2017-3309
CVE-2017-3453
CVE-2017-3456
CVE-2017-3464
CVE-2017-7392
CVE-2017-7393
CVE-2017-7394
CVE-2017-7395
CVE-2017-7396
CVE-2017-7467
CVE-2018-1000876
CVE-2018-17358
CVE-2018-17359
CVE-2018-17360
CVE-2018-17985
CVE-2018-18309
CVE-2018-18483
CVE-2018-18484
CVE-2018-18605
CVE-2018-18606
CVE-2018-18607
CVE-2018-19931
CVE-2018-19932
CVE-2018-20623
CVE-2018-20651
CVE-2018-20671
CVE-2019-1010180
CVE-2019-10161
CVE-2019-10166
CVE-2019-10167
CVE-2019-19948
CVE-2019-19949
CVE-2019-2894
CVE-2019-2933
CVE-2019-2945
CVE-2019-2949
CVE-2019-2958
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2987
CVE-2019-2988
CVE-2019-2989
CVE-2019-2992
CVE-2019-2999
SUSE-SU-2015:0336-1
SUSE-SU-2015:0349-1
SUSE-SU-2015:2088-2
SUSE-SU-2016:1140-1
SUSE-SU-2017:0103-1
SUSE-SU-2017:1092-1
SUSE-SU-2017:1093-1
SUSE-SU-2017:2035-1
SUSE-SU-2019:1599-1
SUSE-SU-2019:2650-1
SUSE-SU-2019:3084-1
SUSE-SU-2020:0411-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.0 NonFree
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • ft2demos-2.9-lp150.2 is installed
  • OR ftbench-2.9-lp150.2 is installed
  • OR ftdiff-2.9-lp150.2 is installed
  • OR ftdump-2.9-lp150.2 is installed
  • OR ftgamma-2.9-lp150.2 is installed
  • OR ftgrid-2.9-lp150.2 is installed
  • OR ftinspect-2.9-lp150.2 is installed
  • OR ftlint-2.9-lp150.2 is installed
  • OR ftmulti-2.9-lp150.2 is installed
  • OR ftstring-2.9-lp150.2 is installed
  • OR ftvalid-2.9-lp150.2 is installed
  • OR ftview-2.9-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.0 NonFree is installed
  • AND opera-63.0.3368.66-lp151.2.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libu2f-host-1.1.6-lp151.2.3 is installed
  • OR libu2f-host-devel-1.1.6-lp151.2.3 is installed
  • OR libu2f-host-doc-1.1.6-lp151.2.3 is installed
  • OR libu2f-host0-1.1.6-lp151.2.3 is installed
  • OR u2f-host-1.1.6-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND wireshark-1.8.12-0.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.71-0.7 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.71-0.7 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.71-0.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • qemu-2.0.2-42 is installed
  • OR qemu-block-curl-2.0.2-42 is installed
  • OR qemu-ipxe-1.0.0-42 is installed
  • OR qemu-kvm-2.0.2-42 is installed
  • OR qemu-seabios-1.7.4-42 is installed
  • OR qemu-sgabios-8-42 is installed
  • OR qemu-tools-2.0.2-42 is installed
  • OR qemu-vgabios-1.7.4-42 is installed
  • OR qemu-x86-2.0.2-42 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libvirt-4.0.0-8.15 is installed
  • OR libvirt-admin-4.0.0-8.15 is installed
  • OR libvirt-client-4.0.0-8.15 is installed
  • OR libvirt-daemon-4.0.0-8.15 is installed
  • OR libvirt-daemon-config-network-4.0.0-8.15 is installed
  • OR libvirt-daemon-config-nwfilter-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-interface-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-libxl-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-lxc-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-network-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-nodedev-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-nwfilter-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-qemu-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-secret-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-core-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-disk-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-iscsi-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-logical-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-mpath-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-rbd-4.0.0-8.15 is installed
  • OR libvirt-daemon-driver-storage-scsi-4.0.0-8.15 is installed
  • OR libvirt-daemon-lxc-4.0.0-8.15 is installed
  • OR libvirt-daemon-qemu-4.0.0-8.15 is installed
  • OR libvirt-daemon-xen-4.0.0-8.15 is installed
  • OR libvirt-doc-4.0.0-8.15 is installed
  • OR libvirt-libs-4.0.0-8.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR alsa-docs-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • libmysqlclient-devel-10.0.31-29.3 is installed
  • OR libmysqlclient18-10.0.31-29.3 is installed
  • OR libmysqlclient18-32bit-10.0.31-29.3 is installed
  • OR libmysqlclient_r18-10.0.31-29.3 is installed
  • OR libmysqld-devel-10.0.31-29.3 is installed
  • OR libmysqld18-10.0.31-29.3 is installed
  • OR mariadb-10.0.31-29.3 is installed
  • OR mariadb-client-10.0.31-29.3 is installed
  • OR mariadb-errormessages-10.0.31-29.3 is installed
  • OR mariadb-tools-10.0.31-29.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • at-3.1.14-7 is installed
  • OR flex-2.5.37-8 is installed
  • OR flex-32bit-2.5.37-8 is installed
  • OR libQtWebKit4-4.8.6+2.3.3-3 is installed
  • OR libQtWebKit4-32bit-4.8.6+2.3.3-3 is installed
  • OR libbonobo-2.32.1-16 is installed
  • OR libbonobo-32bit-2.32.1-16 is installed
  • OR libbonobo-doc-2.32.1-16 is installed
  • OR libbonobo-lang-2.32.1-16 is installed
  • OR libkde4-4.12.0-7 is installed
  • OR libkde4-32bit-4.12.0-7 is installed
  • OR libkdecore4-4.12.0-7 is installed
  • OR libkdecore4-32bit-4.12.0-7 is installed
  • OR libksuseinstall1-4.12.0-7 is installed
  • OR libksuseinstall1-32bit-4.12.0-7 is installed
  • OR libnetpbm11-10.66.3-4 is installed
  • OR libnetpbm11-32bit-10.66.3-4 is installed
  • OR netpbm-10.66.3-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • gnutls-3.2.15-18.6 is installed
  • OR libgnutls-openssl27-3.2.15-18.6 is installed
  • OR libgnutls28-3.2.15-18.6 is installed
  • OR libgnutls28-32bit-3.2.15-18.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_120-92_70-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_20-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND libquicktime0-1.2.4-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • strongswan-5.1.3-26.13 is installed
  • OR strongswan-doc-5.1.3-26.13 is installed
  • OR strongswan-hmac-5.1.3-26.13 is installed
  • OR strongswan-ipsec-5.1.3-26.13 is installed
  • OR strongswan-libs0-5.1.3-26.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_97-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_26-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • freeradius-server-3.0.15-2.11 is installed
  • OR freeradius-server-doc-3.0.15-2.11 is installed
  • OR freeradius-server-krb5-3.0.15-2.11 is installed
  • OR freeradius-server-ldap-3.0.15-2.11 is installed
  • OR freeradius-server-libs-3.0.15-2.11 is installed
  • OR freeradius-server-mysql-3.0.15-2.11 is installed
  • OR freeradius-server-perl-3.0.15-2.11 is installed
  • OR freeradius-server-postgresql-3.0.15-2.11 is installed
  • OR freeradius-server-python-3.0.15-2.11 is installed
  • OR freeradius-server-sqlite-3.0.15-2.11 is installed
  • OR freeradius-server-utils-3.0.15-2.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cups-1.7.5-20.17 is installed
  • OR cups-client-1.7.5-20.17 is installed
  • OR cups-libs-1.7.5-20.17 is installed
  • OR cups-libs-32bit-1.7.5-20.17 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND apache2-mod_wsgi-4.4.13-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND ucode-intel-20180807-13.29 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • galera-3-25.3.24-4.3 is installed
  • OR galera-3-wsrep-provider-25.3.24-4.3 is installed
  • OR libmariadb3-3.0.6-3.6 is installed
  • OR mariadb-10.2.21-4.8 is installed
  • OR mariadb-client-10.2.21-4.8 is installed
  • OR mariadb-connector-c-3.0.6-3.6 is installed
  • OR mariadb-errormessages-10.2.21-4.8 is installed
  • OR mariadb-galera-10.2.21-4.8 is installed
  • OR mariadb-tools-10.2.21-4.8 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • bzip2-1.0.6-30.8 is installed
  • OR bzip2-doc-1.0.6-30.8 is installed
  • OR libbz2-1-1.0.6-30.8 is installed
  • OR libbz2-1-32bit-1.0.6-30.8 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND nodejs6-6.17.0-11.27 is installed
    • BACK