Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE Linux 15-SP3: 2021:2442-1 Important: Qemu Stack Overflow

suse
Calendar Grey July 21, 2021
Dist Suse Esm H88
SUSE Security Patch for qemu resolves critical vulnerabilities, bolstering overall system integrity and reliability through recent updates.
An update that fixes four vulnerabilities is now available

Summary

This update for qemu fixes the following issues: - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2442=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2442=1

References

#1187499 #1187529 #1187538 #1187539

Cross- CVE-2021-3582 CVE-2021-3607 CVE-2021-3608

CVE-2021-3611

CVSS scores:

CVE-2021-3582 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVE-2021-3607 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVE-2021-3608 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVE-2021-3611 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP3

SUSE Linux Enterprise Module for Basesystem 15-SP3

https://www.suse.com/security/cve/CVE-2021-3582.html

https://www.suse.com/security/cve/CVE-2021-3607.html

https://www.suse.com/security/cve/CVE-2021-3608.html

https://www.suse.com/security/cve/CVE-2021-3611.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2442-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.