Oval Definition:oval:org.opensuse.security:def:73876
Revision Date:2021-08-27Version:1
Title:Security update for qemu (Moderate)
Description:

This update for qemu fixes the following issues:

Security issues fixed:

- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)

Non-security issues fixed:

- Use max host physical address if -cpu max is used (bsc#1188299)
Family:unixClass:patch
Status:Reference(s):1133035
1176756
1177872
1180432
1180433
1180434
1180435
1182651
1186012
1188299
1189145
CVE-2019-3902
CVE-2020-15683
CVE-2020-15969
CVE-2020-35503
CVE-2020-35504
CVE-2020-35505
CVE-2020-35506
CVE-2021-20255
CVE-2021-3527
CVE-2021-3682
SUSE-SU-2021:2858-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • mercurial-4.5.2-3.9 is installed
  • OR mercurial-lang-4.5.2-3.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND qemu-tools-5.2.0-103.2 is installed
    • BACK