Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2019:2246-1 Important: Qemu Security Fixes and Updates

suse
Calendar Grey August 28, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for qemu _____________________________________________________
An update that solves three vulnerabilities and has 7 fixes is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Disable file locking in the Xen PV disk backend to avoid locking issues

References

#1079730 #1098403 #1111025 #1119115 #1134883

#1135902 #1136540 #1136778 #1140402 #1143794

Cross- CVE-2019-12155 CVE-2019-13164 CVE-2019-14378

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2019-12155.html

https://www.suse.com/security/cve/CVE-2019-13164.html

https://www.suse.com/security/cve/CVE-2019-14378.html

https://bugzilla.suse.com/1079730

https://bugzilla.suse.com/1098403

https://bugzilla.suse.com/1111025

https://bugzilla.suse.com/1119115

https://bugzilla.suse.com/1134883

https://bugzilla.suse.com/1135902

https://bugzilla.suse.com/1136540

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:2246-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.