Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE Linux Enterprise: 2019:2353-1 Important: qemu Heap Overflow

suse
Calendar Grey September 11, 2019
Dist Suse Esm H88
A recent SUSE Security Enhancement for qemu tackles several vulnerabilities, delivering crucial patches and updates for SUSE environments.
An update that solves three vulnerabilities and has 9 fixes is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764). - Add support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795). - Disable file locking in the Xen PV disk backend to avoid locking issues

Topics%20covered

Topics Covered

security advisory important heap overflow null pointer ACL bypass qemu SUSE Linux Enterprise

References

#1079730 #1098403 #1111025 #1127077 #1134880

#1135902 #1136528 #1136777 #1139926 #1140402

#1141043 #1143794

Cross- CVE-2019-12155 CVE-2019-13164 CVE-2019-14378

Affected Products:

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2019-12155.html

https://www.suse.com/security/cve/CVE-2019-13164.html

https://www.suse.com/security/cve/CVE-2019-14378.html

https://bugzilla.suse.com/1079730

https://bugzilla.suse.com/1098403

https://bugzilla.suse.com/1111025

https://bugzilla.suse.com/1127077

https://bugzilla.suse.com/1134880

https://bugzilla.suse.com/1135902

https://bugzilla.suse.com/1136528

https://bugzilla.suse.com/1136777

https://bugzilla.suse.com/1139926

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:2353-1
Rating: important

Topics%20covered

Topics Covered

security advisory important heap overflow null pointer ACL bypass qemu SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here