Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE: 2019:0423-1 Important: Qemu Denial Of Service Threats

suse
Calendar Grey February 18, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for qemu _____________________________________________________
An update that solves 5 vulnerabilities and has 7 fixes is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993).

References

#1063993 #1079730 #1100408 #1101982 #1112646

#1114957 #1116717 #1117275 #1119493 #1121600

#1123156 #1123179

Cross- CVE-2018-16872 CVE-2018-18954 CVE-2018-19364

CVE-2018-19489 CVE-2019-6778

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-16872.html

https://www.suse.com/security/cve/CVE-2018-18954.html

https://www.suse.com/security/cve/CVE-2018-19364.html

https://www.suse.com/security/cve/CVE-2018-19489.html

https://www.suse.com/security/cve/CVE-2019-6778.html

https://bugzilla.suse.com/1063993

https://bugzilla.suse.com/1079730

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:0423-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here