Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.3 openSUSE-SU-2022:0930-1 Critical: qemu Issues

opensuse
Calendar Grey March 22, 2022
Dist Opensuse Esm H88
This significant announcement for Debian tackles privilege escalation and service interruptions in libvirt, incorporating various enhancements.
An update that solves two vulnerabilities and has 6 fixes is now available

Description

This update for qemu fixes the following issues:

- CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd

(bsc#1195161).

- CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI

device (bsc#1192525).

Non-security fixes:

- Fixed a kernel data corruption via a long kernel boot cmdline

(bsc#1196737).

- Included vmxcap in the qemu-tools package (bsc#1193364).

- Fixed package dependencies (bsc#1196087).

- Fixed an issue were PowerPC firmwares would not be built for non-PowerPC

builds (bsc#1193545).

- Fixed multiple issues in I/O (bsc#1178049 bsc#1194938).

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation important updates openSUSE qemu

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-930=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

qemu-5.2.0-150300.112.4

qemu-arm-5.2.0-150300.112.4

qemu-arm-debuginfo-5.2.0-150300.112.4

qemu-audio-alsa-5.2.0-150300.112.4

qemu-audio-alsa-debuginfo-5.2.0-150300.112.4

qemu-audio-pa-5.2.0-150300.112.4

qemu-audio-pa-debuginfo-5.2.0-150300.112.4

qemu-audio-spice-5.2.0-150300.112.4

qemu-audio-spice-debuginfo-5.2.0-150300.112.4

qemu-block-curl-5.2.0-150300.112.4

qemu-block-curl-debuginfo-5.2.0-150300.112.4

qemu-block-dmg-5.2.0-150300.112.4

qemu-block-dmg-debuginfo-5.2.0-150300.112.4

qemu-block-gluster-5.2.0-150300.112.4

qemu-block-gluster-debuginfo-5.2.0-150300.112.4

qemu-block-iscsi-5.2.0-150300.112.4

qemu-block-iscsi-debuginfo-5.2.0-150300.112.4

qemu-block-nfs-5.2.0-150300.112.4

qemu-block-nfs-debuginfo-5.2.0-150300.112.4

qemu-block-rbd-5.2.0-150300.112.4

qemu-block-rbd-debuginfo-5.2.0-150300.112.4

qemu-block-ssh-5.2.0-150300.112.4

qemu-block-ssh-debuginfo-5.2.0-150300.112.4

qemu-chardev-baum-5.2.0-150300.112.4

qemu-chardev-baum-debuginfo-5.2.0-150300.112.4

q...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2021-3930.html

https://www.suse.com/security/cve/CVE-2022-0358.html

https://bugzilla.suse.com/1178049

https://bugzilla.suse.com/1192525

https://bugzilla.suse.com/1193364

https://bugzilla.suse.com/1193545

https://bugzilla.suse.com/1194938

https://bugzilla.suse.com/1195161

https://bugzilla.suse.com/1196087

https://bugzilla.suse.com/1196737

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:0930-1
Rating: important
Affected Products: openSUSE Leap 15.3 ble.

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation important updates openSUSE qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here