SUSE: 2018:2340-1 Moderate: QEMU Heap Overflow & Code Execution
suse
August 16, 2018
An update that solves three vulnerabilities and has four fixes is now available
Summary
This update for qemu to version 2.11.2 fixes the following issues: Security issue fixed: - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223). - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082). - CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes: - bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1. - bsc#1094898: qemu-guest-agent service doesn't work in version Leap 15.0. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. - bsc#1094913: QEMU crashes when starting a guest with more than 7.999TB. Patch Instructions:
Topics Covered
References
#1083291 #1087082 #1091695 #1094725 #1094898
#1094913 #1096223
Cross- CVE-2018-11806 CVE-2018-3639 CVE-2018-7550
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2018-11806.html
https://www.suse.com/security/cve/CVE-2018-3639.html
https://www.suse.com/security/cve/CVE-2018-7550.html
https://bugzilla.suse.com/1083291
https://bugzilla.suse.com/1087082
https://bugzilla.suse.com/1091695
https://bugzilla.suse.com/1094725
https://bugzilla.suse.com/1094898
https://bugzilla.suse.com/1094913
https://bugzilla.suse.com/1096223
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:2340-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!