Oval Definition:	oval:org.opensuse.security:def:56867
Revision Date: 2020-12-01 Version: 1 Title: Security update for qemu (Important) Description: This update for qemu fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156) - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493) - CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275) - CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs interface is deliberately abused (bsc#1116717) - CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory operations (bsc#1114957) - CVE-2017-13673: Fixed a reachable assert failure during during display update (bsc#1056386) - CVE-2017-13672: Fixed an out-of-bounds read access during display update (bsc#1056334) - CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga display allowing for Denial-of-Service (bsc#1084604) Other bug fixes and changes: - Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) - Fix bad guest time after migration (bsc#1113231) Family: unix Class: patch Status: Reference(s): 1001487 1002998 1005879 1009280 1012183 1012759 1012852 1013543 1014271 1015332 1018832 1020928 1021417 1025013 1026236 1027712 1030575 1031481 1032309 1039496 1056334 1056386 1084604 1086909 1090192 1090343 1090849 1091236 1092885 1094448 1095603 1096223 1096985 1098735 1102920 1113231 1114957 1114988 1116717 1117275 1119493 1120489 1121600 1123156 1123157 1126140 1126141 1126192 1126195 1126196 1126198 1126201 1127400 1128471 1128472 1128474 1128476 1128480 1128481 1128490 1128492 1128493 1129623 1168874 906574 924960 933288 933878 936227 942865 950437 957566 957567 957598 957600 960382 960837 971741 972127 991667 999646 CVE-2012-4504 CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-7830 CVE-2015-8370 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2016-1283 CVE-2016-3191 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 CVE-2016-7444 CVE-2016-7945 CVE-2016-7946 CVE-2016-8610 CVE-2016-9586 CVE-2017-1000364 CVE-2017-13672 CVE-2017-13673 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2017-7407 CVE-2018-11806 CVE-2018-12099 CVE-2018-12617 CVE-2018-1288 CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2018-19967 CVE-2018-20217 CVE-2018-3639 CVE-2018-3817 CVE-2018-7858 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 CVE-2019-6778 CVE-2019-6778 CVE-2019-9824 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 SUSE-SU-2016:0109-1 SUSE-SU-2016:2971-1 SUSE-SU-2016:3043-1 SUSE-SU-2016:3047-1 SUSE-SU-2017:0348-1 SUSE-SU-2017:1042-1 SUSE-SU-2017:1910-1 SUSE-SU-2018:2536-1 SUSE-SU-2018:2565-1 SUSE-SU-2019:0111-1 SUSE-SU-2019:0582-1 SUSE-SU-2019:0655-1 SUSE-SU-2019:0921-1 SUSE-SU-2020:0978-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gpgme-1.10.0-lp150.2 is installed OR libgpgme11-1.10.0-lp150.2 is installed OR libgpgmepp6-1.10.0-lp150.2 is installed OR libqgpgme7-1.10.0-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information gnutls-3.6.7-lp151.2.3 is installed OR gnutls-guile-3.6.7-lp151.2.3 is installed OR libgnutls-dane-devel-3.6.7-lp151.2.3 is installed OR libgnutls-dane0-3.6.7-lp151.2.3 is installed OR libgnutls-devel-3.6.7-lp151.2.3 is installed OR libgnutls-devel-32bit-3.6.7-lp151.2.3 is installed OR libgnutls30-3.6.7-lp151.2.3 is installed OR libgnutls30-32bit-3.6.7-lp151.2.3 is installed OR libgnutlsxx-devel-3.6.7-lp151.2.3 is installed OR libgnutlsxx28-3.6.7-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information qemu-2.9.1-6.28 is installed OR qemu-block-curl-2.9.1-6.28 is installed OR qemu-ipxe-1.0.0+-6.28 is installed OR qemu-kvm-2.9.1-6.28 is installed OR qemu-seabios-1.10.2-6.28 is installed OR qemu-sgabios-8-6.28 is installed OR qemu-tools-2.9.1-6.28 is installed OR qemu-vgabios-1.10.2-6.28 is installed OR qemu-x86-2.9.1-6.28 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information krb5-1.12.5-40.31 is installed OR krb5-32bit-1.12.5-40.31 is installed OR krb5-client-1.12.5-40.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libpcre1-8.39-5 is installed OR libpcre1-32bit-8.39-5 is installed OR libpcre16-0-8.39-5 is installed OR pcre-8.39-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_62-60_64_8-default-9-3 is installed OR kgraft-patch-3_12_62-60_64_8-xen-9-3 is installed OR kgraft-patch-SLE12-SP1_Update_8-9-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information grub2-2.02~beta2-104 is installed OR grub2-arm64-efi-2.02~beta2-104 is installed OR grub2-i386-pc-2.02~beta2-104 is installed OR grub2-powerpc-ieee1275-2.02~beta2-104 is installed OR grub2-s390x-emu-2.02~beta2-104 is installed OR grub2-snapper-plugin-2.02~beta2-104 is installed OR grub2-systemd-sleep-plugin-2.02~beta2-104 is installed OR grub2-x86_64-efi-2.02~beta2-104 is installed OR grub2-x86_64-xen-2.02~beta2-104 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND ucode-intel-20180807-13.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_90-92_50-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_15-11-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_29-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_10-11-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND apache2-mod_nss-1.0.14-18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information adns-1.4-103.3 is installed OR libadns1-1.4-103.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-3-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libykcs11-1-1.5.0-3 is installed OR libykpiv1-1.5.0-3 is installed OR yubico-piv-tool-1.5.0-3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information grafana-4.5.1-1.8 is installed OR kafka-0.10.2.2-5 is installed OR logstash-2.4.1-5 is installed OR monasca-installer-20180608_12.47-9 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information ghostscript-9.27-23.31 is installed OR ghostscript-x11-9.27-23.31 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-SQLAlchemy-1.2.10-3.3 is installed
BACK