Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE 2020:1526-1 Moderate: Resolved QEMU Security Vulnerabilities

suse
Calendar Grey June 3, 2020
Dist Suse Esm H88
SUSE Security Update: Security update for qemu _____________________________________________________
An update that fixes 7 vulnerabilities is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240). - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873). - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

#1123156 #1146873 #1149811 #1161066 #1163018

#1166240 #1170940

Cross- CVE-2019-12068 CVE-2019-15890 CVE-2019-6778

CVE-2020-1711 CVE-2020-1983 CVE-2020-7039

CVE-2020-8608

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2019-12068.html

https://www.suse.com/security/cve/CVE-2019-15890.html

https://www.suse.com/security/cve/CVE-2019-6778.html

https://www.suse.com/security/cve/CVE-2020-1711.html

https://www.suse.com/security/cve/CVE-2020-1983.html

https://www.suse.com/security/cve/CVE-2020-7039.html

https://www.suse.com/security/cve/CVE-2020-8608.html

https://bugzilla.suse.com/1123156

Announcement ID: SUSE-SU-2020:1526-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here