Oval Definition:oval:org.opensuse.security:def:73831
Revision Date:2021-06-10Version:1
Title:Security update for qemu (Important)
Description:

This update for qemu fixes the following issues:

* - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103) - Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282) - Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)
Family:unixClass:patch
Status:Reference(s):1115645
1149813
1154817
1163019
1173202
1173991
1174284
1175144
1175534
1175686
1176681
1178683
1178935
1179477
1179484
1179686
1181103
1182282
1182425
1182968
1182975
1183373
1186290
CVE-2019-15890
CVE-2020-14364
CVE-2020-15663
CVE-2020-15664
CVE-2020-15670
CVE-2020-17380
CVE-2020-1967
CVE-2020-25085
CVE-2020-25707
CVE-2020-25723
CVE-2020-27821
CVE-2020-29129
CVE-2020-29130
CVE-2020-8608
CVE-2021-20263
CVE-2021-3409
CVE-2021-3416
CVE-2021-3419
SUSE-SU-2020:2041-1
SUSE-SU-2021:1942-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • MozillaFirefox-78.2.0-3.105 is installed
  • OR MozillaFirefox-branding-upstream-78.2.0-3.105 is installed
  • OR MozillaFirefox-buildsymbols-78.2.0-3.105 is installed
  • OR MozillaFirefox-devel-78.2.0-3.105 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND Package Information
  • cargo-1.43.1-12 is installed
  • OR clippy-1.43.1-12 is installed
  • OR rls-1.43.1-12 is installed
  • OR rust-1.43.1-12 is installed
  • OR rust-analysis-1.43.1-12 is installed
  • OR rust-src-1.43.1-12 is installed
  • OR rust-std-static-1.43.1-12 is installed
  • OR rustfmt-1.43.1-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND qemu-tools-5.2.0-17.1 is installed
    • BACK