OVAL Reference oval:org.opensuse.security:def:60232

Oval Definition:

oval:org.opensuse.security:def:60232

Revision Date:	2021-04-16	Version:	1
Title:	Security update for qemu (Important)
Description:	This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb iehci packet handling (CVE-2020-25084, bsc#1176673) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) - Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. (bsc#1178049) - Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Make note that this patch previously included addresses (CVE-2020-13765 bsc#1172478) - Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel - Fix vfio-pci device on s390 enters error state (bsc#1179725) - Fix PCI devices are unavailable after a subsystem reset. (bsc#1179726)
Family:	unix	Class:	patch
Status:		Reference(s):	1027519 1055047 1061075 1063123 1068187 1068191 1092548 1106914 1115375 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 1153332 1153674 1168874 1170170 1170715 1171252 1171254 1172383 1172385 1172386 1172478 1172698 1172704 1173612 1176673 1176682 1176684 1178049 1178174 1178934 1179466 1179467 1179468 1179686 1179725 1179726 1180523 1181108 1181639 1181933 1182137 1182425 1182577 1182968 1183979 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-2074 CVE-2010-4000 CVE-2012-1586 CVE-2012-4929 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2015-8079 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 CVE-2017-15289 CVE-2017-15597 CVE-2018-16301 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2019-14287 CVE-2019-15165 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 CVE-2020-11947 CVE-2020-12059 CVE-2020-12653 CVE-2020-12654 CVE-2020-12829 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-15469 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 CVE-2020-8023 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 SUSE-SU-2017:3115-1 SUSE-SU-2018:1334-1 SUSE-SU-2018:2835-1 SUSE-SU-2019:2036-1 SUSE-SU-2019:2666-1 SUSE-SU-2019:2669-1 SUSE-SU-2020:1158-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1859-1 SUSE-SU-2021:1242-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information bluez-5.48-lp151.8.3 is installed OR bluez-auto-enable-devices-5.48-lp151.8.3 is installed OR bluez-cups-5.48-lp151.8.3 is installed OR bluez-devel-5.48-lp151.8.3 is installed OR bluez-devel-32bit-5.48-lp151.8.3 is installed OR bluez-test-5.48-lp151.8.3 is installed OR libbluetooth3-5.48-lp151.8.3 is installed OR libbluetooth3-32bit-5.48-lp151.8.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information ImageMagick-7.0.7.34-lp151.7.9 is installed OR ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.9 is installed OR ImageMagick-config-7-upstream-7.0.7.34-lp151.7.9 is installed OR ImageMagick-devel-7.0.7.34-lp151.7.9 is installed OR ImageMagick-devel-32bit-7.0.7.34-lp151.7.9 is installed OR ImageMagick-doc-7.0.7.34-lp151.7.9 is installed OR ImageMagick-extra-7.0.7.34-lp151.7.9 is installed OR libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.9 is installed OR libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.9 is installed OR libMagick++-devel-7.0.7.34-lp151.7.9 is installed OR libMagick++-devel-32bit-7.0.7.34-lp151.7.9 is installed OR libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.9 is installed OR libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.9 is installed OR libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.9 is installed OR libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.9 is installed OR perl-PerlMagick-7.0.7.34-lp151.7.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-68.7.0-109.116 is installed OR MozillaFirefox-devel-68.7.0-109.116 is installed OR MozillaFirefox-translations-common-68.7.0-109.116 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gnome-shell-3.20.4-76 is installed OR gnome-shell-browser-plugin-3.20.4-76 is installed OR gnome-shell-lang-3.20.4-76 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND squid-3.5.21-26.17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_113-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_30-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libwireshark9-2.4.10-48.32 is installed OR libwiretap7-2.4.10-48.32 is installed OR libwscodecs1-2.4.10-48.32 is installed OR libwsutil8-2.4.10-48.32 is installed OR wireshark-2.4.10-48.32 is installed OR wireshark-gtk-2.4.10-48.32 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND apache2-mod_jk-1.2.40-5 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 12 SP5 is installed AND qemu-3.1.1.1-48.2 is installed OR qemu-arm-3.1.1.1-48.2 is installed OR qemu-audio-alsa-3.1.1.1-48.2 is installed OR qemu-audio-oss-3.1.1.1-48.2 is installed OR qemu-audio-pa-3.1.1.1-48.2 is installed OR qemu-audio-sdl-3.1.1.1-48.2 is installed OR qemu-block-curl-3.1.1.1-48.2 is installed OR qemu-block-iscsi-3.1.1.1-48.2 is installed OR qemu-block-rbd-3.1.1.1-48.2 is installed OR qemu-block-ssh-3.1.1.1-48.2 is installed OR qemu-guest-agent-3.1.1.1-48.2 is installed OR qemu-ipxe-1.0.0+-48.2 is installed OR qemu-kvm-3.1.1.1-48.2 is installed OR qemu-lang-3.1.1.1-48.2 is installed OR qemu-ppc-3.1.1.1-48.2 is installed OR qemu-s390-3.1.1.1-48.2 is installed OR qemu-seabios-1.12.0_0_ga698c89-48.2 is installed OR qemu-sgabios-8-48.2 is installed OR qemu-tools-3.1.1.1-48.2 is installed OR qemu-ui-curses-3.1.1.1-48.2 is installed OR qemu-ui-gtk-3.1.1.1-48.2 is installed OR qemu-ui-sdl-3.1.1.1-48.2 is installed OR qemu-vgabios-1.12.0_0_ga698c89-48.2 is installed OR qemu-x86-3.1.1.1-48.2 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND qemu-3.1.1.1-48.2 is installed OR qemu-arm-3.1.1.1-48.2 is installed OR qemu-audio-alsa-3.1.1.1-48.2 is installed OR qemu-audio-oss-3.1.1.1-48.2 is installed OR qemu-audio-pa-3.1.1.1-48.2 is installed OR qemu-audio-sdl-3.1.1.1-48.2 is installed OR qemu-block-curl-3.1.1.1-48.2 is installed OR qemu-block-iscsi-3.1.1.1-48.2 is installed OR qemu-block-rbd-3.1.1.1-48.2 is installed OR qemu-block-ssh-3.1.1.1-48.2 is installed OR qemu-guest-agent-3.1.1.1-48.2 is installed OR qemu-ipxe-1.0.0+-48.2 is installed OR qemu-kvm-3.1.1.1-48.2 is installed OR qemu-lang-3.1.1.1-48.2 is installed OR qemu-ppc-3.1.1.1-48.2 is installed OR qemu-s390-3.1.1.1-48.2 is installed OR qemu-seabios-1.12.0_0_ga698c89-48.2 is installed OR qemu-sgabios-8-48.2 is installed OR qemu-tools-3.1.1.1-48.2 is installed OR qemu-ui-curses-3.1.1.1-48.2 is installed OR qemu-ui-gtk-3.1.1.1-48.2 is installed OR qemu-ui-sdl-3.1.1.1-48.2 is installed OR qemu-vgabios-1.12.0_0_ga698c89-48.2 is installed OR qemu-x86-3.1.1.1-48.2 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information ceph-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR ceph-common-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR libcephfs2-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR librados2-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR libradosstriper1-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR librbd1-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR librgw2-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-cephfs-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-rados-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-rbd-12.2.12+git.1587570958.35d78d0243-2.45 is installed OR python-rgw-12.2.12+git.1587570958.35d78d0243-2.45 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libldap-2_4-2-2.4.41-18.71 is installed OR libldap-2_4-2-32bit-2.4.41-18.71 is installed OR openldap2-2.4.41-18.71 is installed OR openldap2-back-meta-2.4.41-18.71 is installed OR openldap2-client-2.4.41-18.71 is installed OR openldap2-doc-2.4.41-18.71 is installed OR openldap2-ppolicy-check-password-1.2-18.71 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1573825081.b1caf60f1-3.16 is installed OR crowbar-core-branding-upstream-6.0+git.1573825081.b1caf60f1-3.16 is installed OR crowbar-openstack-6.0+git.1573754820.dd036ef77-3.16 is installed OR crowbar-ui-1.3.0+git.1572871359.50fc6087-14 is installed OR openstack-barbican-7.0.1~dev21-3.3 is installed OR openstack-barbican-api-7.0.1~dev21-3.3 is installed OR openstack-barbican-keystone-listener-7.0.1~dev21-3.3 is installed OR openstack-barbican-retry-7.0.1~dev21-3.3 is installed OR openstack-barbican-worker-7.0.1~dev21-3.3 is installed OR openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3 is installed OR openstack-keystone-14.1.1~dev28-3.16 is installed OR openstack-neutron-13.0.6~dev8-3.16 is installed OR openstack-neutron-dhcp-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-gbp-5.0.1~dev476-3.13 is installed OR openstack-neutron-ha-tool-13.0.6~dev8-3.16 is installed OR openstack-neutron-l3-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-lbaas-13.0.1~dev16-3.13 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev16-3.13 is installed OR openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-macvtap-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-metadata-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-metering-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-server-13.0.6~dev8-3.16 is installed OR openstack-nova-18.2.4~dev22-3.16 is installed OR openstack-nova-api-18.2.4~dev22-3.16 is installed OR openstack-nova-cells-18.2.4~dev22-3.16 is installed OR openstack-nova-compute-18.2.4~dev22-3.16 is installed OR openstack-nova-conductor-18.2.4~dev22-3.16 is installed OR openstack-nova-console-18.2.4~dev22-3.16 is installed OR openstack-nova-novncproxy-18.2.4~dev22-3.16 is installed OR openstack-nova-placement-api-18.2.4~dev22-3.16 is installed OR openstack-nova-scheduler-18.2.4~dev22-3.16 is installed OR openstack-nova-serialproxy-18.2.4~dev22-3.16 is installed OR openstack-nova-vncproxy-18.2.4~dev22-3.16 is installed OR openstack-octavia-3.2.1~dev3-3.16 is installed OR openstack-octavia-amphora-agent-3.2.1~dev3-3.16 is installed OR openstack-octavia-api-3.2.1~dev3-3.16 is installed OR openstack-octavia-health-manager-3.2.1~dev3-3.16 is installed OR openstack-octavia-housekeeping-3.2.1~dev3-3.16 is installed OR openstack-octavia-worker-3.2.1~dev3-3.16 is installed OR openstack-sahara-9.0.2~dev14-3.6 is installed OR openstack-sahara-api-9.0.2~dev14-3.6 is installed OR openstack-sahara-engine-9.0.2~dev14-3.6 is installed OR python-barbican-7.0.1~dev21-3.3 is installed OR python-keystone-14.1.1~dev28-3.16 is installed OR python-neutron-13.0.6~dev8-3.16 is installed OR python-neutron-gbp-5.0.1~dev476-3.13 is installed OR python-neutron-lbaas-13.0.1~dev16-3.13 is installed OR python-nova-18.2.4~dev22-3.16 is installed OR python-octavia-3.2.1~dev3-3.16 is installed OR python-psutil-5.4.6-3.3 is installed OR python-sahara-9.0.2~dev14-3.6 is installed OR release-notes-suse-openstack-cloud-9.20191025-3.15 is installed

BACK