Explore top 10 tips to secure your open-source projects now. Read More
×
This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use
#1106222 #1107489 #1110910 #1111006 #1111010
#1111013 #1112499 #1114422 #1114529
Cross- CVE-2018-10839 CVE-2018-15746 CVE-2018-16847
CVE-2018-17958 CVE-2018-17962 CVE-2018-17963
CVE-2018-18849
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2018-10839.html
https://www.suse.com/security/cve/CVE-2018-15746.html
https://www.suse.com/security/cve/CVE-2018-16847.html
https://www.suse.com/security/cve/CVE-2018-17958.html
https://www.suse.com/security/cve/CVE-2018-17962.html
https://www.suse.com/security/cve/CVE-2018-17963.html
Get the latest Linux and open source security news straight to your inbox.