Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.5: SUSE-SU-2023:4662-1 Important: Qemu Buffer Overflow

opensuse
Calendar Grey December 14, 2023
Dist Opensuse Esm H88
The patch for libvirt resolves various vulnerabilities, among them a severe memory leak, thereby enhancing application security.
This update for qemu fixes the following issues: CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609)

Description

This update for qemu fixes the following issues:

* CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt

(bsc#1188609)

* CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym

request (bsc#1213925)

* CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake

(bsc#1212850)

* [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41

(bsc#1215311)

* target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)

* linux-user/elfload: Enable vxe2 on s390x (bsc#1213210)

Topics%20covered

Topics Covered

security advisory buffer overflow software update openSUSE qemu

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch SUSE-2023-4662=1 openSUSE-SLE-15.5-2023-4662=1

* SUSE Linux Enterprise Micro 5.5

zypper in -t patch SUSE-SLE-Micro-5.5-2023-4662=1

* Basesystem Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4662=1

* Server Applications Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4662=1

Package List

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)

* qemu-extra-debuginfo-7.1.0-150500.49.9.2

* qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2

* qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2

* qemu-block-curl-debuginfo-7.1.0-150500.49.9.2

* qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2

* qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2

* qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2

* qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2

* qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2

* qemu-audio-spice-7.1.0-150500.49.9.2

* qemu-tools-debuginfo-7.1.0-150500.49.9.2

* qemu-block-curl-7.1.0-150500.49.9.2

* qemu-ppc-debuginfo-7.1.0-150500.49.9.2

* qemu-ui-curses-7.1.0-150500.49.9.2

* qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2

* qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2

* qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2

* qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2

* qemu-block-nfs-debuginfo-7.1.0-150500.49.9.2

* qemu-7.1.0-150500.49.9.2

* qemu-arm-7.1.0-150500.49.9.2

*...

Read the Full Advisory

References

* bsc#1188609

* bsc#1212850

* bsc#1213210

* bsc#1213925

* bsc#1215311

## References:

* https://www.suse.com/security/cve/CVE-2021-3638.html

* https://www.suse.com/security/cve/CVE-2023-3180.html

* https://www.suse.com/security/cve/CVE-2023-3354.html

* https://bugzilla.suse.com/show_bug.cgi?id=1188609

* https://bugzilla.suse.com/show_bug.cgi?id=1212850

* https://bugzilla.suse.com/show_bug.cgi?id=1213210

* https://bugzilla.suse.com/show_bug.cgi?id=1213925

* https://bugzilla.suse.com/show_bug.cgi?id=1215311

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4662-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow software update openSUSE qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here