Oval Definition:oval:org.opensuse.security:def:58631
Revision Date:2020-12-01Version:1
Title:Security update for qemu (Important)
Description:



This update for qemu fixes several issues.

These security issues were fixed:

- CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907). - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081). - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195). - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481). - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589). - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491). - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907)

These non-security issues were fixed:

- Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583) - XHCI fixes (bsc#977027) - Fixed rare race during s390x guest reboot - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed graphical update errors introduced by previous security fix (bsc#1016779)
Family:unixClass:patch
Status:Reference(s):1014702
1015169
1016779
1017081
1017084
1020491
1020589
1020928
1020983
1021129
1021195
1021481
1022541
1023004
1023053
1023073
1023907
1024972
1026583
1033466
1033467
1033468
1040202
1045640
1054849
1068032
1068613
1070144
1071228
1073489
1076033
1076114
1076179
1076775
1076814
1082276
1083291
1085598
1090023
1090024
1090025
1090026
1090027
1090028
1090029
1090030
1090032
1090033
1103040
1103411
1104457
1107256
1110723
1116574
1117951
1123161
1130972
1134399
1138034
1139358
1140012
1140652
1140903
1140945
1141401
1141402
1141452
1141453
1141454
1141628
1142023
1142098
1142857
1143045
1143048
1143189
1143191
1144257
1144273
1144288
1144920
1145920
1145922
1146163
1154824
1156353
1158809
1160163
1172466
1172906
1172935
1173197
920813
977027
987866
989528
CVE-2010-2640
CVE-2010-2641
CVE-2010-2642
CVE-2010-2643
CVE-2013-7447
CVE-2014-2524
CVE-2015-0254
CVE-2016-10028
CVE-2016-10029
CVE-2016-10155
CVE-2016-2775
CVE-2016-6170
CVE-2016-6855
CVE-2016-9921
CVE-2016-9922
CVE-2017-15119
CVE-2017-15124
CVE-2017-16845
CVE-2017-17381
CVE-2017-18030
CVE-2017-18043
CVE-2017-18551
CVE-2017-2615
CVE-2017-2620
CVE-2017-3136
CVE-2017-3137
CVE-2017-3138
CVE-2017-5525
CVE-2017-5526
CVE-2017-5552
CVE-2017-5578
CVE-2017-5667
CVE-2017-5715
CVE-2017-5856
CVE-2017-5857
CVE-2017-5898
CVE-2018-10858
CVE-2018-13785
CVE-2018-14680
CVE-2018-14681
CVE-2018-14682
CVE-2018-15378
CVE-2018-20855
CVE-2018-20856
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2815
CVE-2018-3136
CVE-2018-3139
CVE-2018-3149
CVE-2018-3169
CVE-2018-3180
CVE-2018-3183
CVE-2018-3214
CVE-2018-5683
CVE-2018-7550
CVE-2019-10164
CVE-2019-10207
CVE-2019-1125
CVE-2019-11810
CVE-2019-13631
CVE-2019-14283
CVE-2019-14284
CVE-2019-15117
CVE-2019-15118
CVE-2019-1551
CVE-2019-3819
CVE-2020-0543
CVE-2020-0548
CVE-2020-0549
CVE-2020-14093
CVE-2020-14154
CVE-2020-14954
SUSE-SU-2017:0625-1
SUSE-SU-2017:0998-1
SUSE-SU-2017:1568-1
SUSE-SU-2018:0831-1
SUSE-SU-2018:1692-1
SUSE-SU-2018:2320-1
SUSE-SU-2018:3436-1
SUSE-SU-2019:1783-1
SUSE-SU-2019:2299-1
SUSE-SU-2020:0474-1
SUSE-SU-2020:1794-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libX11-6-1.6.5-lp150.1 is installed
  • OR libX11-data-1.6.5-lp150.1 is installed
  • OR libX11-xcb1-1.6.5-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • go1.11-1.11.13-lp151.2.9 is installed
  • OR go1.11-doc-1.11.13-lp151.2.9 is installed
  • OR go1.11-race-1.11.13-lp151.2.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • qemu-2.6.2-41.9 is installed
  • OR qemu-arm-2.6.2-41.9 is installed
  • OR qemu-block-curl-2.6.2-41.9 is installed
  • OR qemu-block-rbd-2.6.2-41.9 is installed
  • OR qemu-block-ssh-2.6.2-41.9 is installed
  • OR qemu-guest-agent-2.6.2-41.9 is installed
  • OR qemu-ipxe-1.0.0-41.9 is installed
  • OR qemu-kvm-2.6.2-41.9 is installed
  • OR qemu-lang-2.6.2-41.9 is installed
  • OR qemu-ppc-2.6.2-41.9 is installed
  • OR qemu-s390-2.6.2-41.9 is installed
  • OR qemu-seabios-1.9.1-41.9 is installed
  • OR qemu-sgabios-8-41.9 is installed
  • OR qemu-tools-2.6.2-41.9 is installed
  • OR qemu-vgabios-1.9.1-41.9 is installed
  • OR qemu-x86-2.6.2-41.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • kernel-default-4.4.121-92.120 is installed
  • OR kernel-default-base-4.4.121-92.120 is installed
  • OR kernel-default-devel-4.4.121-92.120 is installed
  • OR kernel-devel-4.4.121-92.120 is installed
  • OR kernel-macros-4.4.121-92.120 is installed
  • OR kernel-source-4.4.121-92.120 is installed
  • OR kernel-syms-4.4.121-92.120 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • crash-7.1.8-3 is installed
  • OR crash-kmp-default-7.1.8_k4.4.73_5-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • xen-4.9.4_06-3.59 is installed
  • OR xen-doc-html-4.9.4_06-3.59 is installed
  • OR xen-libs-4.9.4_06-3.59 is installed
  • OR xen-libs-32bit-4.9.4_06-3.59 is installed
  • OR xen-tools-4.9.4_06-3.59 is installed
  • OR xen-tools-domU-4.9.4_06-3.59 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • dovecot22-2.2.31-19.17 is installed
  • OR dovecot22-backend-mysql-2.2.31-19.17 is installed
  • OR dovecot22-backend-pgsql-2.2.31-19.17 is installed
  • OR dovecot22-backend-sqlite-2.2.31-19.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • openssh-7.2p2-74.23 is installed
  • OR openssh-askpass-gnome-7.2p2-74.23 is installed
  • OR openssh-fips-7.2p2-74.23 is installed
  • OR openssh-helpers-7.2p2-74.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libpoppler-glib8-0.43.0-16.15 is installed
  • OR libpoppler-qt4-4-0.43.0-16.15 is installed
  • OR libpoppler60-0.43.0-16.15 is installed
  • OR poppler-tools-0.43.0-16.15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libpolkit0-0.113-5.18 is installed
  • OR polkit-0.113-5.18 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
    • BACK