Oval Definition:	oval:org.opensuse.security:def:64709
Revision Date: 2021-06-10 Version: 1 Title: Security update for qemu (Important) Description: This update for qemu fixes the following issues: * - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103) - Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282) - Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975) Family: unix Class: patch Status: Reference(s): 1092115 1149813 1163019 1173304 1173455 1175144 1175534 1175664 1175665 1175671 1176681 1178593 1178630 1178683 1178703 1178935 1179477 1179484 1179686 1181103 1182282 1182425 1182968 1182975 1183373 1186290 CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2015-8605 CVE-2017-18926 CVE-2017-3144 CVE-2017-9432 CVE-2018-5732 CVE-2018-5733 CVE-2018-9154 CVE-2019-15890 CVE-2020-14059 CVE-2020-14364 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-16013 CVE-2020-16016 CVE-2020-16017 CVE-2020-17380 CVE-2020-24606 CVE-2020-25085 CVE-2020-25707 CVE-2020-25723 CVE-2020-27821 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-20263 CVE-2021-3409 CVE-2021-3416 CVE-2021-3419 openSUSE-SU-2020:0402-1 openSUSE-SU-2020:0734-1 openSUSE-SU-2020:0910-1 openSUSE-SU-2020:1369-1 SUSE-SU-2021:1942-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree openSUSE Leap 15.2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information jasper-2.0.14-lp151.4.6 is installed OR libjasper-devel-2.0.14-lp151.4.6 is installed OR libjasper4-2.0.14-lp151.4.6 is installed OR libjasper4-32bit-2.0.14-lp151.4.6 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-67.0.3575.97-lp151.2.12 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND squid-4.13-lp152.2.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed AND qemu-tools-5.2.0-17.1 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information dhcp-relay-4.3.5-4 is installed OR dhcp-server-4.3.5-4 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND libstaroffice-0_0-0-0.0.6-5 is installed
BACK