openSUSE: 2019:1274-1: important: qemu

    Date25 Apr 2019
    752
    Posted ByLinuxSecurity Advisories
    An update that solves four vulnerabilities and has two fixes is now available.
       openSUSE Security Update: Security update for qemu
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1274-1
    Rating:             important
    References:         #1118900 #1125721 #1126455 #1129622 #1130675 
                        #1131955 
    Cross-References:   CVE-2018-20815 CVE-2019-3812 CVE-2019-8934
                        CVE-2019-9824
    Affected Products:
                        openSUSE Leap 42.3
    ______________________________________________________________________________
    
       An update that solves four vulnerabilities and has two
       fixes is now available.
    
    Description:
    
       This update for qemu fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2019-9824: Fixed information leak in slirp (bsc#1129622).
       - CVE-2019-8934: Added method to specify whether or not to expose certain
         ppc64 hostinformation (bsc#1126455).
       - CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in
         virtual monitor interface (bsc#1125721).
       - CVE-2018-20815: Fixed a denial of service possibility in device tree
         processing (bsc#1130675).
    
       Non-security issue fixed:
    
       - Backported Skylake-Server vcpu model support from qemu v2.11
         (FATE#327261 bsc#1131955).
       - Added ability to set virtqueue size using virtqueue_size parameter
         (FATE#327255 bsc#1118900).
    
       This update was imported from the SUSE:SLE-12-SP3:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 42.3:
    
          zypper in -t patch openSUSE-2019-1274=1
    
    
    
    Package List:
    
       - openSUSE Leap 42.3 (i586 x86_64):
    
          qemu-linux-user-2.9.1-59.1
          qemu-linux-user-debuginfo-2.9.1-59.1
          qemu-linux-user-debugsource-2.9.1-59.1
    
       - openSUSE Leap 42.3 (noarch):
    
          qemu-ipxe-1.0.0+-59.1
          qemu-seabios-1.10.2-59.1
          qemu-sgabios-8-59.1
          qemu-vgabios-1.10.2-59.1
    
       - openSUSE Leap 42.3 (x86_64):
    
          qemu-2.9.1-59.1
          qemu-arm-2.9.1-59.1
          qemu-arm-debuginfo-2.9.1-59.1
          qemu-block-curl-2.9.1-59.1
          qemu-block-curl-debuginfo-2.9.1-59.1
          qemu-block-dmg-2.9.1-59.1
          qemu-block-dmg-debuginfo-2.9.1-59.1
          qemu-block-iscsi-2.9.1-59.1
          qemu-block-iscsi-debuginfo-2.9.1-59.1
          qemu-block-rbd-2.9.1-59.1
          qemu-block-rbd-debuginfo-2.9.1-59.1
          qemu-block-ssh-2.9.1-59.1
          qemu-block-ssh-debuginfo-2.9.1-59.1
          qemu-debugsource-2.9.1-59.1
          qemu-extra-2.9.1-59.1
          qemu-extra-debuginfo-2.9.1-59.1
          qemu-guest-agent-2.9.1-59.1
          qemu-guest-agent-debuginfo-2.9.1-59.1
          qemu-ksm-2.9.1-59.1
          qemu-kvm-2.9.1-59.1
          qemu-lang-2.9.1-59.1
          qemu-ppc-2.9.1-59.1
          qemu-ppc-debuginfo-2.9.1-59.1
          qemu-s390-2.9.1-59.1
          qemu-s390-debuginfo-2.9.1-59.1
          qemu-testsuite-2.9.1-59.2
          qemu-tools-2.9.1-59.1
          qemu-tools-debuginfo-2.9.1-59.1
          qemu-x86-2.9.1-59.1
          qemu-x86-debuginfo-2.9.1-59.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-20815.html
       https://www.suse.com/security/cve/CVE-2019-3812.html
       https://www.suse.com/security/cve/CVE-2019-8934.html
       https://www.suse.com/security/cve/CVE-2019-9824.html
       https://bugzilla.suse.com/1118900
       https://bugzilla.suse.com/1125721
       https://bugzilla.suse.com/1126455
       https://bugzilla.suse.com/1129622
       https://bugzilla.suse.com/1130675
       https://bugzilla.suse.com/1131955
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.