Oval Definition:oval:org.opensuse.security:def:67306
Revision Date:2021-11-04Version:1
Title:Security update for qemu (Important)
Description:

This update for qemu fixes the following issues:

Security issues fixed:

- Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713) - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748) - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)

Non-security issues fixed:

- Use max host physical address if -cpu max is used (bsc#1188299)
Family:unixClass:patch
Status:Reference(s):1173477
1173691
1173694
1173700
1173701
1173743
1173874
1173875
1173876
1173880
1176756
1177872
1180432
1180433
1180434
1180435
1182651
1186012
1189145
1189702
1189938
CVE-2017-18922
CVE-2018-21247
CVE-2019-20839
CVE-2019-20840
CVE-2020-14397
CVE-2020-14398
CVE-2020-14399
CVE-2020-14400
CVE-2020-14401
CVE-2020-14402
CVE-2020-15683
CVE-2020-15969
CVE-2020-35503
CVE-2020-35504
CVE-2020-35505
CVE-2020-35506
CVE-2021-20255
CVE-2021-3527
CVE-2021-3682
CVE-2021-3713
CVE-2021-3748
SUSE-SU-2020:1922-1
Platform(s):SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed
  • AND Package Information
  • LibVNCServer-0.9.10-4.22 is installed
  • OR libvncserver0-0.9.10-4.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • MozillaFirefox-78.4.0-3.113 is installed
  • OR MozillaFirefox-branding-upstream-78.4.0-3.113 is installed
  • OR MozillaFirefox-buildsymbols-78.4.0-3.113 is installed
  • OR MozillaFirefox-devel-78.4.0-3.113 is installed
    • BACK