Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2018:4185-1 Moderate: QEMU Security Update Addressing DOS Issues

suse
Calendar Grey December 19, 2018
Dist Suse Esm H88
SUSE Security Update for libvirt addresses several challenges with moderate impact, delivering crucial fixes for security weaknesses.
An update that solves 7 vulnerabilities and has one errata is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in

References

#1106222 #1108474 #1110910 #1111006 #1111010

#1111013 #1114422 #1114529

Cross- CVE-2018-10839 CVE-2018-15746 CVE-2018-16847

CVE-2018-17958 CVE-2018-17962 CVE-2018-17963

CVE-2018-18849

Affected Products:

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2018-10839.html

https://www.suse.com/security/cve/CVE-2018-15746.html

https://www.suse.com/security/cve/CVE-2018-16847.html

https://www.suse.com/security/cve/CVE-2018-17958.html

https://www.suse.com/security/cve/CVE-2018-17962.html

https://www.suse.com/security/cve/CVE-2018-17963.html

https://www.suse.com/security/cve/CVE-2018-18849.html

https://bugzilla.suse.com/1106222

https://bugzilla.suse.com/1108474

Announcement ID: SUSE-SU-2018:4185-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here