Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE Linux Enterprise 11 SP4 Important kvm Update for Critical Issues

suse
Calendar Grey August 21, 2019
Dist Suse Esm H88
SUSE has released a safety update for kvm that tackles three significant vulnerabilities, notably a buffer overflow as well as corrections for null pointer dereferences.
An update that fixes three vulnerabilities is now available

Summary

This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kvm-14151=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): kvm-1.4.2-60.27.1

References

#1135902 #1140402 #1143794

Cross- CVE-2019-12155 CVE-2019-13164 CVE-2019-14378

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

https://www.suse.com/security/cve/CVE-2019-12155.html

https://www.suse.com/security/cve/CVE-2019-13164.html

https://www.suse.com/security/cve/CVE-2019-14378.html

https://bugzilla.suse.com/1135902

https://bugzilla.suse.com/1140402

https://bugzilla.suse.com/1143794

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:14151-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.