Oval Definition:	oval:org.opensuse.security:def:56924
Revision Date: 2020-12-01 Version: 1 Title: Security update for qemu (Moderate) Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529). Non-security issue fixed: - Fixed a condition when retry logic does not have been executed in case of data transmit failure or connection hungup (bsc#1108474). Family: unix Class: patch Status: Reference(s): 1003581 1004003 1011044 1012060 1012382 1012422 1012452 1012829 1012910 1012985 1013561 1013887 1015342 1015452 1017461 1018885 1019649 1020048 1020412 1021424 1021803 1022266 1022595 1023287 1024938 1025029 1025035 1025084 1025461 1025985 1026570 1027101 1027512 1027974 1028217 1028310 1028340 1028883 1029607 1030057 1030070 1031040 1031142 1031147 1031470 1031500 1031512 1031555 1031717 1031796 1032141 1032339 1032345 1032400 1032509 1032581 1032803 1033117 1033281 1033336 1033340 1033885 1034048 1034419 1034635 1034670 1034671 1034762 1034902 1034995 1035024 1035283 1035866 1035887 1035920 1035922 1036214 1036638 1036752 1036763 1037177 1037186 1037384 1037483 1037669 1037840 1037871 1037969 1038033 1038043 1038085 1038142 1038143 1038297 1038458 1038544 1038564 1038842 1038843 1038846 1038847 1038848 1038879 1038981 1038982 1039042 1039214 1039348 1039354 1039700 1039864 1039882 1039883 1039885 1039900 1040069 1040125 1040182 1040279 1040351 1040364 1040395 1040425 1040463 1040567 1040609 1040855 1040929 1040941 1041087 1041160 1041168 1041242 1041431 1041810 1042286 1042356 1042421 1042517 1042535 1042536 1042863 1042886 1042892 1043014 1043231 1043236 1043347 1043371 1043467 1043488 1043598 1043912 1043935 1043990 1044015 1044082 1044120 1044125 1044532 1044767 1044772 1044854 1044880 1044912 1045154 1045235 1045286 1045307 1045327 1045467 1045568 1046105 1046191 1046434 1046589 1046610 1050751 1057734 1057950 1070536 1075428 1076847 1077291 1077560 1082153 1082299 1083125 1083745 1083836 1084353 1084610 1084721 1084829 1085042 1085185 1085224 1085402 1085404 1086162 1086194 1087088 1087260 1087845 1088241 1088242 1088600 1088684 1089198 1089608 1089644 1089752 1090023 1090024 1090025 1090026 1090027 1090028 1090029 1090030 1090032 1090033 1090643 1106222 1108474 1110910 1111006 1111010 1111013 1114422 1114529 1114592 1135254 1138034 1141897 1142649 1142654 1148517 1149145 1162002 1170383 1171189 1171191 1171220 1171732 1171988 1172049 1172453 1172458 1172775 1172781 1172782 1172783 1172999 1174115 1174462 1174543 799133 863764 864391 864655 864769 864805 864811 877642 897654 901508 902737 922871 924018 928393 939801 945404 945989 954872 956829 957162 957698 957988 958007 958009 958491 958523 958917 959005 959332 959387 959695 960334 960707 960725 960835 960861 960862 961332 961358 961691 962320 963782 963923 964413 965315 965317 966170 966172 966191 966321 966339 967012 967013 967969 969121 969122 969350 971975 988065 989311 990058 990682 993832 995542 CVE-2012-2451 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-1779 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2017-1000251 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-10971 CVE-2017-10972 CVE-2017-15274 CVE-2017-18257 CVE-2017-2624 CVE-2017-5970 CVE-2017-7346 CVE-2017-7487 CVE-2017-7533 CVE-2017-7616 CVE-2017-7618 CVE-2017-7645 CVE-2017-8890 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9150 CVE-2017-9242 CVE-2017-9242 CVE-2018-10087 CVE-2018-10124 CVE-2018-10839 CVE-2018-1087 CVE-2018-15746 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 CVE-2019-10164 CVE-2019-14250 CVE-2019-15847 CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 SUSE-SU-2016:0873-1 SUSE-SU-2017:0517-1 SUSE-SU-2017:1675-1 SUSE-SU-2017:1853-1 SUSE-SU-2017:1860-1 SUSE-SU-2017:2091-1 SUSE-SU-2017:2785-1 SUSE-SU-2018:0374-1 SUSE-SU-2018:1173-1 SUSE-SU-2018:1692-1 SUSE-SU-2018:4185-1 SUSE-SU-2019:1783-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:2134-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libXtst6-1.2.3-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND clementine-1.3.1-lp151.3.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information qemu-2.11.2-5.5 is installed OR qemu-block-curl-2.11.2-5.5 is installed OR qemu-ipxe-1.0.0+-5.5 is installed OR qemu-kvm-2.11.2-5.5 is installed OR qemu-seabios-1.11.0-5.5 is installed OR qemu-sgabios-8-5.5 is installed OR qemu-tools-2.11.2-5.5 is installed OR qemu-vgabios-1.11.0-5.5 is installed OR qemu-x86-2.11.2-5.5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information xen-4.5.2_06-7 is installed OR xen-doc-html-4.5.2_06-7 is installed OR xen-kmp-default-4.5.2_06_k3.12.53_60.30-7 is installed OR xen-libs-4.5.2_06-7 is installed OR xen-libs-32bit-4.5.2_06-7 is installed OR xen-tools-4.5.2_06-7 is installed OR xen-tools-domU-4.5.2_06-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_69-60_64_35-default-4-2 is installed OR kgraft-patch-3_12_69-60_64_35-xen-4-2 is installed OR kgraft-patch-SLE12-SP1_Update_14-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libexif12-0.6.21-6 is installed OR libexif12-32bit-0.6.21-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND yast2-smt-3.0.14-17.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND clamav-0.100.1-33.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information audiofile-0.3.6-10 is installed OR libaudiofile1-0.3.6-10 is installed OR libaudiofile1-32bit-0.3.6-10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libpython2_7-1_0-2.7.13-28.31 is installed OR libpython2_7-1_0-32bit-2.7.13-28.31 is installed OR python-2.7.13-28.31 is installed OR python-32bit-2.7.13-28.31 is installed OR python-base-2.7.13-28.31 is installed OR python-base-32bit-2.7.13-28.31 is installed OR python-curses-2.7.13-28.31 is installed OR python-demo-2.7.13-28.31 is installed OR python-devel-2.7.13-28.31 is installed OR python-doc-2.7.13-28.31 is installed OR python-doc-pdf-2.7.13-28.31 is installed OR python-gdbm-2.7.13-28.31 is installed OR python-idle-2.7.13-28.31 is installed OR python-tk-2.7.13-28.31 is installed OR python-xml-2.7.13-28.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information gvim-7.4.326-17.6 is installed OR vim-7.4.326-17.6 is installed OR vim-data-7.4.326-17.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND gd-2.1.0-24.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information res-signingkeys-3.0.38-52.26 is installed OR smt-3.0.38-52.26 is installed OR smt-support-3.0.38-52.26 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information kernel-default-4.4.121-92.73 is installed OR kernel-default-base-4.4.121-92.73 is installed OR kernel-default-devel-4.4.121-92.73 is installed OR kernel-default-man-4.4.121-92.73 is installed OR kernel-devel-4.4.121-92.73 is installed OR kernel-macros-4.4.121-92.73 is installed OR kernel-source-4.4.121-92.73 is installed OR kernel-syms-4.4.121-92.73 is installed OR kgraft-patch-4_4_121-92_73-default-1-3.3 is installed OR kgraft-patch-SLE12-SP2_Update_21-1-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information java-1_8_0-openjdk-1.8.0.252-27.45 is installed OR java-1_8_0-openjdk-demo-1.8.0.252-27.45 is installed OR java-1_8_0-openjdk-devel-1.8.0.252-27.45 is installed OR java-1_8_0-openjdk-headless-1.8.0.252-27.45 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND nodejs6-6.14.3-11.15 is installed
BACK