Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE: 2020:1523-1 Moderate: QEMU DoS and Code Execution Issues

suse
Calendar Grey June 3, 2020
Dist Suse Esm H88
Canonical has released a security patch for OpenSSL addressing several vulnerabilities with a moderate risk level. Ensure your system is updated today!
An update that fixes 6 vulnerabilities is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect (bsc#1165776). - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Non-security issue fixed: - Miscellaneous fixes to the in-package support documentation. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

#1123156 #1161066 #1163018 #1165776 #1166240

#1170940

Cross- CVE-2019-20382 CVE-2019-6778 CVE-2020-1711

CVE-2020-1983 CVE-2020-7039 CVE-2020-8608

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2019-20382.html

https://www.suse.com/security/cve/CVE-2019-6778.html

https://www.suse.com/security/cve/CVE-2020-1711.html

https://www.suse.com/security/cve/CVE-2020-1983.html

https://www.suse.com/security/cve/CVE-2020-7039.html

https://www.suse.com/security/cve/CVE-2020-8608.html

https://bugzilla.suse.com/1123156

https://bugzilla.suse.com/1161066

Announcement ID: SUSE-SU-2020:1523-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here