Oval Definition:	oval:org.opensuse.security:def:56256
Revision Date: 2020-12-01 Version: 1 Title: Security update for qemu (Important) Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907). - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081). - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195). - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481). - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589). - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491). - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583) - XHCI fixes (bsc#977027) - Fixed rare race during s390x guest reboot - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Family: unix Class: patch Status: Reference(s): 1014702 1015169 1016779 1017081 1017084 1020491 1020589 1020928 1021129 1021195 1021481 1022541 1023004 1023053 1023073 1023907 1024972 1026583 1027519 1046856 1056993 1069708 1083488 1092631 1160305 1160498 840753 924519 936862 968973 971965 972197 973031 973032 973033 973034 973036 973832 974629 977027 CVE-2009-0023 CVE-2009-0163 CVE-2009-2412 CVE-2009-2820 CVE-2009-3553 CVE-2009-3560 CVE-2009-3720 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1623 CVE-2010-1748 CVE-2010-2941 CVE-2011-1761 CVE-2012-5519 CVE-2012-6094 CVE-2013-1881 CVE-2013-2124 CVE-2013-4233 CVE-2013-4234 CVE-2013-4326 CVE-2013-4419 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9654 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 CVE-2015-5370 CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-9921 CVE-2016-9922 CVE-2017-1000083 CVE-2017-16939 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-6362 CVE-2018-3639 CVE-2018-7566 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 SUSE-SU-2015:1785-1 SUSE-SU-2016:1024-1 SUSE-SU-2017:0625-1 SUSE-SU-2017:1894-1 SUSE-SU-2017:3338-1 SUSE-SU-2018:0135-1 SUSE-SU-2018:0991-1 SUSE-SU-2018:1582-1 SUSE-SU-2020:0068-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gnome-settings-daemon-3.26.2-lp150.5 is installed OR gnome-settings-daemon-lang-3.26.2-lp150.5 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information graphviz-2.40.1-lp151.6.3 is installed OR graphviz-addons-2.40.1-lp151.6.3 is installed OR graphviz-devel-2.40.1-lp151.6.3 is installed OR graphviz-doc-2.40.1-lp151.6.3 is installed OR graphviz-gd-2.40.1-lp151.6.3 is installed OR graphviz-gnome-2.40.1-lp151.6.3 is installed OR graphviz-guile-2.40.1-lp151.6.3 is installed OR graphviz-gvedit-2.40.1-lp151.6.3 is installed OR graphviz-java-2.40.1-lp151.6.3 is installed OR graphviz-lua-2.40.1-lp151.6.3 is installed OR graphviz-perl-2.40.1-lp151.6.3 is installed OR graphviz-php-2.40.1-lp151.6.3 is installed OR graphviz-plugins-core-2.40.1-lp151.6.3 is installed OR graphviz-python-2.40.1-lp151.6.3 is installed OR graphviz-ruby-2.40.1-lp151.6.3 is installed OR graphviz-smyrna-2.40.1-lp151.6.3 is installed OR graphviz-tcl-2.40.1-lp151.6.3 is installed OR libgraphviz6-2.40.1-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information librsvg-2.26.0-2.5 is installed OR librsvg-32bit-2.26.0-2.5 is installed OR rsvg-view-2.26.0-2.5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information qemu-2.6.2-41.9 is installed OR qemu-block-curl-2.6.2-41.9 is installed OR qemu-ipxe-1.0.0-41.9 is installed OR qemu-kvm-2.6.2-41.9 is installed OR qemu-seabios-1.9.1-41.9 is installed OR qemu-sgabios-8-41.9 is installed OR qemu-tools-2.6.2-41.9 is installed OR qemu-vgabios-1.9.1-41.9 is installed OR qemu-x86-2.6.2-41.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information cups-1.7.5-9 is installed OR cups-client-1.7.5-9 is installed OR cups-libs-1.7.5-9 is installed OR cups-libs-32bit-1.7.5-9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_63-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_63-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_22-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libapr-util1-1.5.3-1 is installed OR libapr-util1-dbd-sqlite3-1.5.3-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.92 is installed OR kernel-default-base-4.4.121-92.92 is installed OR kernel-default-devel-4.4.121-92.92 is installed OR kernel-devel-4.4.121-92.92 is installed OR kernel-macros-4.4.121-92.92 is installed OR kernel-source-4.4.121-92.92 is installed OR kernel-syms-4.4.121-92.92 is installed OR kgraft-patch-4_4_121-92_92-default-1-3.7 is installed OR kgraft-patch-SLE12-SP2_Update_24-1-3.7 is installed OR lttng-modules-2.7.1-9.4 is installed OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND ucode-intel-20180425-13.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libxerces-c-3_1-3.1.1-12 is installed OR libxerces-c-3_1-32bit-3.1.1-12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information hostinfo-1.0.1-19.5 is installed OR supportutils-3.0-95.21 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-38.8 is installed OR aaa_base-extras-13.2+git20140911.61c1681-38.8 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information evince-3.10.3-2.3 is installed OR evince-lang-3.10.3-2.3 is installed OR libevdocument3-4-3.10.3-2.3 is installed OR libevview3-3-3.10.3-2.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information openstack-dashboard-10.0.6~dev4-4.15 is installed OR openstack-heat-7.0.7~dev10-5.12 is installed OR openstack-heat-api-7.0.7~dev10-5.12 is installed OR openstack-heat-api-cfn-7.0.7~dev10-5.12 is installed OR openstack-heat-api-cloudwatch-7.0.7~dev10-5.12 is installed OR openstack-heat-doc-7.0.7~dev10-5.12 is installed OR openstack-heat-engine-7.0.7~dev10-5.12 is installed OR openstack-heat-plugin-heat_docker-7.0.7~dev10-5.12 is installed OR openstack-heat-test-7.0.7~dev10-5.12 is installed OR openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.6 is installed OR openstack-keystone-10.0.3~dev9-7.12 is installed OR openstack-keystone-doc-10.0.3~dev9-7.12 is installed OR openstack-nova-14.0.11~dev13-4.25 is installed OR openstack-nova-api-14.0.11~dev13-4.25 is installed OR openstack-nova-cells-14.0.11~dev13-4.25 is installed OR openstack-nova-cert-14.0.11~dev13-4.25 is installed OR openstack-nova-compute-14.0.11~dev13-4.25 is installed OR openstack-nova-conductor-14.0.11~dev13-4.25 is installed OR openstack-nova-console-14.0.11~dev13-4.25 is installed OR openstack-nova-consoleauth-14.0.11~dev13-4.25 is installed OR openstack-nova-doc-14.0.11~dev13-4.25 is installed OR openstack-nova-novncproxy-14.0.11~dev13-4.25 is installed OR openstack-nova-placement-api-14.0.11~dev13-4.25 is installed OR openstack-nova-scheduler-14.0.11~dev13-4.25 is installed OR openstack-nova-serialproxy-14.0.11~dev13-4.25 is installed OR openstack-nova-vncproxy-14.0.11~dev13-4.25 is installed OR python-heat-7.0.7~dev10-5.12 is installed OR python-horizon-10.0.6~dev4-4.15 is installed OR python-horizon-plugin-designate-ui-3.0.2~dev1-3.6 is installed OR python-keystone-10.0.3~dev9-7.12 is installed OR python-nova-14.0.11~dev13-4.25 is installed OR python-os-vif-1.2.1-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information cobbler-2.6.6-49.26 is installed OR golang-github-prometheus-node_exporter-0.18.1-1.6 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-Django1-1.11.23-3.9 is installed
BACK