openSUSE 15.1: 2019:2041-1 Important: qemu DoS Threat Fix
opensuse
September 1, 2019
An update that solves four vulnerabilities and has 7 fixes is now available.
Description
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet
input (bsc#1143794).
- CVE-2019-12155: Security fix for null pointer dereference while
releasing spice resources (bsc#1135902).
- CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed
when names are too long (bsc#1140402).
- CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual
machine possible through guest device driver (bsc#1133031).
Bug fixes and enhancements:
- Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge
(jsc#SLE-4883)
- Add SnowRidge-Server vcpu model (jsc#SLE-4883)
- Add in documentation about md-clear feature (bsc#1138534)
- Fix SEV issue where older machine type is not processed correctly
(bsc#1144087)
- Fix case of a bad pointer in Xen PV usb support code (bsc#1128106)
- Further refine...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2041=1
Package List
- openSUSE Leap 15.1 (x86_64):
qemu-3.1.1-lp151.7.3.3
qemu-arm-3.1.1-lp151.7.3.3
qemu-arm-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-alsa-3.1.1-lp151.7.3.3
qemu-audio-alsa-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-oss-3.1.1-lp151.7.3.3
qemu-audio-oss-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-pa-3.1.1-lp151.7.3.3
qemu-audio-pa-debuginfo-3.1.1-lp151.7.3.3
qemu-audio-sdl-3.1.1-lp151.7.3.3
qemu-audio-sdl-debuginfo-3.1.1-lp151.7.3.3
qemu-block-curl-3.1.1-lp151.7.3.3
qemu-block-curl-debuginfo-3.1.1-lp151.7.3.3
qemu-block-dmg-3.1.1-lp151.7.3.3
qemu-block-dmg-debuginfo-3.1.1-lp151.7.3.3
qemu-block-gluster-3.1.1-lp151.7.3.3
qemu-block-gluster-debuginfo-3.1.1-lp151.7.3.3
qemu-block-iscsi-3.1.1-lp151.7.3.3
qemu-block-iscsi-debuginfo-3.1.1-lp151.7.3.3
qemu-block-nfs-3.1.1-lp151.7.3.3
qemu-block-nfs-debuginfo-3.1.1-lp151.7.3.3
qemu-block-rbd-3.1.1-lp151.7.3.3
qemu-block-rbd-debuginfo-3.1.1-lp151.7.3.3
qemu-block-ssh-3.1.1-lp151.7.3.3
qemu-block-ssh-debuginfo-3.1.1-lp151.7.3.3
qemu-debuginfo-3.1.1-lp151.7.3.3
qemu-debugsource-3.1.1-lp1...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2019-12155.html
https://www.suse.com/security/cve/CVE-2019-13164.html
https://www.suse.com/security/cve/CVE-2019-14378.html
https://www.suse.com/security/cve/CVE-2019-5008.html
https://bugzilla.suse.com/1128106
https://bugzilla.suse.com/1133031
https://bugzilla.suse.com/1134883
https://bugzilla.suse.com/1135210
https://bugzilla.suse.com/1135902
https://bugzilla.suse.com/1136540
https://bugzilla.suse.com/1136778
https://bugzilla.suse.com/1138534
https://bugzilla.suse.com/1140402
https://bugzilla.suse.com/1143794
https://bugzilla.suse.com/1144087
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:2041-1
Rating: important
Affected Products:
openSUSE Leap 15.1
le.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!