Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2021:1829-1 Important: QEMU Critical Issues Fixed

suse
Calendar Grey June 2, 2021
Dist Suse Esm H88
SUSE has released a security update for qemu that addresses 11 vulnerabilities, applying critical fixes rated as significant for users.
An update that solves 11 vulnerabilities and has two fixes is now available

Summary

This update for qemu fixes the following issues: - Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382) - Fix sPAPR emulator leaks the host hardware identity (CVE-2019-8934, bsc#1126455) - Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) - Fix out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221, bsc#1181933) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975, bsc#1031692, bsc#1094725) Patch Instructions:

Topics%20covered

Topics Covered

security advisory denial of service patch important information disclosure SUSE qemu

References

#1031692 #1094725 #1126455 #1149813 #1163019

#1172380 #1172382 #1175534 #1178935 #1179477

#1181933 #1182846 #1182975

Cross- CVE-2019-15890 CVE-2019-8934 CVE-2020-10756

CVE-2020-13754 CVE-2020-14364 CVE-2020-25723

CVE-2020-29130 CVE-2020-8608 CVE-2021-20221

CVE-2021-20257 CVE-2021-3419

CVSS scores:

CVE-2019-15890 (SUSE): 5.8 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

CVE-2019-8934 (NVD) : 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2019-8934 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2020-10756 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2020-10756 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2020-13754 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:1829-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service patch important information disclosure SUSE qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here