SUSE: 2019:2278-1 Moderate: QEMU Heap Overflow, Null Pointer Issues
suse
September 4, 2019
An update that solves three vulnerabilities and has two fixes is now available
Summary
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes: - Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130). - Fix setting speed of migration while vm uses hugepages (bsc#1127077). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Topics Covered
References
#1127077 #1135902 #1139926 #1140402 #1143794
Cross- CVE-2019-12155 CVE-2019-13164 CVE-2019-14378
Affected Products:
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2019-12155.html
https://www.suse.com/security/cve/CVE-2019-13164.html
https://www.suse.com/security/cve/CVE-2019-14378.html
https://bugzilla.suse.com/1127077
https://bugzilla.suse.com/1135902
https://bugzilla.suse.com/1139926
https://bugzilla.suse.com/1140402
https://bugzilla.suse.com/1143794
PREVIOUS 
NEXT Announcement ID: SUSE-SU-2019:2278-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!