SUSE: 2018:2679-1 Moderate Severity: QEMU Denial of Service Vulnerability
suse
September 10, 2018
An update that solves one vulnerability and has four fixes is now available
Summary
This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) These non-security issues were fixed: - Allow kvm group access to /dev/sev (bsc#1102604). - Fix for the value used for reduced_phys_bits. Please update the reduced_phys_bits value used on the commandline or in libvirt XML to the value 1 (explicitly set now in QEMU code). (bsc#1103628) - Fix (again) the qemu guest agent udev rule file, which got unfixed in a series of unfortunate events (bsc#1094898 and now bsc#1105279) Patch Instructions:
Topics Covered
References
#1094898 #1098735 #1102604 #1103628 #1105279
Cross- CVE-2018-12617
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2018-12617.html
https://bugzilla.suse.com/1094898
https://bugzilla.suse.com/1098735
https://bugzilla.suse.com/1102604
https://bugzilla.suse.com/1103628
https://bugzilla.suse.com/1105279
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:2679-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!