Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:1514-1 moderate: qemu

    Date 02 Jun 2020
    268
    Posted By LinuxSecurity Advisories
    An update that fixes 7 vulnerabilities is now available.
    
       SUSE Security Update: Security update for qemu
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:1514-1
    Rating:             moderate
    References:         #1123156 #1146873 #1149811 #1161066 #1163018 
                        #1166240 #1170940 
    Cross-References:   CVE-2019-12068 CVE-2019-15890 CVE-2019-6778
                        CVE-2020-1711 CVE-2020-1983 CVE-2020-7039
                        CVE-2020-8608
    Affected Products:
                        SUSE Linux Enterprise Server for SAP 12-SP1
                        SUSE Linux Enterprise Server 12-SP1-LTSS
    ______________________________________________________________________________
    
       An update that fixes 7 vulnerabilities is now available.
    
    Description:
    
       This update for qemu fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code
         (bsc#1166240).
       - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller
         emulation (bsc#1146873).
       - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp
         (bsc#1170940).
       - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
       - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
       - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp
         (bsc#1149811).
       - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778
         (bsc#1123156).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-1514=1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-1514=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
    
          qemu-2.3.1-33.29.1
          qemu-block-curl-2.3.1-33.29.1
          qemu-block-curl-debuginfo-2.3.1-33.29.1
          qemu-block-rbd-2.3.1-33.29.1
          qemu-block-rbd-debuginfo-2.3.1-33.29.1
          qemu-debugsource-2.3.1-33.29.1
          qemu-guest-agent-2.3.1-33.29.1
          qemu-guest-agent-debuginfo-2.3.1-33.29.1
          qemu-kvm-2.3.1-33.29.1
          qemu-lang-2.3.1-33.29.1
          qemu-tools-2.3.1-33.29.1
          qemu-tools-debuginfo-2.3.1-33.29.1
          qemu-x86-2.3.1-33.29.1
    
       - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):
    
          qemu-ipxe-1.0.0-33.29.1
          qemu-seabios-1.8.1-33.29.1
          qemu-sgabios-8-33.29.1
          qemu-vgabios-1.8.1-33.29.1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
    
          qemu-2.3.1-33.29.1
          qemu-block-curl-2.3.1-33.29.1
          qemu-block-curl-debuginfo-2.3.1-33.29.1
          qemu-debugsource-2.3.1-33.29.1
          qemu-guest-agent-2.3.1-33.29.1
          qemu-guest-agent-debuginfo-2.3.1-33.29.1
          qemu-lang-2.3.1-33.29.1
          qemu-tools-2.3.1-33.29.1
          qemu-tools-debuginfo-2.3.1-33.29.1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64):
    
          qemu-kvm-2.3.1-33.29.1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le):
    
          qemu-ppc-2.3.1-33.29.1
          qemu-ppc-debuginfo-2.3.1-33.29.1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):
    
          qemu-block-rbd-2.3.1-33.29.1
          qemu-block-rbd-debuginfo-2.3.1-33.29.1
          qemu-x86-2.3.1-33.29.1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):
    
          qemu-ipxe-1.0.0-33.29.1
          qemu-seabios-1.8.1-33.29.1
          qemu-sgabios-8-33.29.1
          qemu-vgabios-1.8.1-33.29.1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):
    
          qemu-s390-2.3.1-33.29.1
          qemu-s390-debuginfo-2.3.1-33.29.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-12068.html
       https://www.suse.com/security/cve/CVE-2019-15890.html
       https://www.suse.com/security/cve/CVE-2019-6778.html
       https://www.suse.com/security/cve/CVE-2020-1711.html
       https://www.suse.com/security/cve/CVE-2020-1983.html
       https://www.suse.com/security/cve/CVE-2020-7039.html
       https://www.suse.com/security/cve/CVE-2020-8608.html
       https://bugzilla.suse.com/1123156
       https://bugzilla.suse.com/1146873
       https://bugzilla.suse.com/1149811
       https://bugzilla.suse.com/1161066
       https://bugzilla.suse.com/1163018
       https://bugzilla.suse.com/1166240
       https://bugzilla.suse.com/1170940
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"18","type":"x","order":"1","pct":3.5,"resources":[]},{"id":"159","title":"False","votes":"496","type":"x","order":"2","pct":96.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.