Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2018:4129-1 Moderate: QEMU DoS And Buffer Overflow Issues

suse
Calendar Grey December 14, 2018
Dist Suse Esm H88
SUSE has released an updated version of QEMU to rectify six vulnerabilities categorized with moderate severity levels, thereby improving both security and overall system stability.
An update that solves 6 vulnerabilities and has one errata is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in

References

#1100408 #1106222 #1110910 #1111006 #1111010

#1111013 #1114422

Cross- CVE-2018-10839 CVE-2018-15746 CVE-2018-17958

CVE-2018-17962 CVE-2018-17963 CVE-2018-18849

Affected Products:

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

SUSE CaaS Platform ALL

SUSE CaaS Platform 3.0

https://www.suse.com/security/cve/CVE-2018-10839.html

https://www.suse.com/security/cve/CVE-2018-15746.html

https://www.suse.com/security/cve/CVE-2018-17958.html

https://www.suse.com/security/cve/CVE-2018-17962.html

https://www.suse.com/security/cve/CVE-2018-17963.html

https://www.suse.com/security/cve/CVE-2018-18849.html

https://bugzilla.suse.com/1100408

https://bugzilla.suse.com/1106222

https://bugzilla.suse.com/1110910

Announcement ID: SUSE-SU-2018:4129-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here