Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2019:2192-1 Important: Qemu DoS and Pointer Issues Fixed

suse
Calendar Grey August 21, 2019
Dist Suse Esm H88
Critical Fedora patch for libvirt tackles numerous issues, enhancing performance and reliability. Immediate implementation is crucial for protection.
An update that solves four vulnerabilities and has 7 fixes is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031). Bug fixes and enhancements: - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883) - Add SnowRidge-Server vcpu model (jsc#SLE-4883) - Add in documentation about md-clear feature (bsc#1138534) - Fix SEV issue where older machine type is not processed correctly

References

#1128106 #1133031 #1134883 #1135210 #1135902

#1136540 #1136778 #1138534 #1140402 #1143794

#1144087

Cross- CVE-2019-12155 CVE-2019-13164 CVE-2019-14378

CVE-2019-5008

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Basesystem 15-SP1

https://www.suse.com/security/cve/CVE-2019-12155.html

https://www.suse.com/security/cve/CVE-2019-13164.html

https://www.suse.com/security/cve/CVE-2019-14378.html

https://www.suse.com/security/cve/CVE-2019-5008.html

https://bugzilla.suse.com/1128106

https://bugzilla.suse.com/1133031

https://bugzilla.suse.com/1134883

https://bugzilla.suse.com/1135210

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:2192-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.