Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

SUSE: 2018:3927-1 Important: QEMU DoS and Buffer Overflow Fixes

suse
Calendar Grey November 27, 2018
Dist Suse Esm H88
SUSE has released a security patch for QEMU that tackles significant vulnerabilities, implementing various improvements to bolster system reliability.
An update that solves 7 vulnerabilities and has two fixes is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use

References

#1106222 #1107489 #1110910 #1111006 #1111010

#1111013 #1112499 #1114422 #1114529

Cross- CVE-2018-10839 CVE-2018-15746 CVE-2018-16847

CVE-2018-17958 CVE-2018-17962 CVE-2018-17963

CVE-2018-18849

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-10839.html

https://www.suse.com/security/cve/CVE-2018-15746.html

https://www.suse.com/security/cve/CVE-2018-16847.html

https://www.suse.com/security/cve/CVE-2018-17958.html

https://www.suse.com/security/cve/CVE-2018-17962.html

https://www.suse.com/security/cve/CVE-2018-17963.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3927-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.