Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

SUSE MicroOS 5.0: SUSE-SU-2021:2474-1 Important QEMU Leak Fix

suse
Calendar Grey July 27, 2021
Dist Suse Esm H88
New security patch for QEMU targets several flaws detected in SUSE platforms, classified as critical for safeguarding users.
An update that fixes 8 vulnerabilities is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538)

References

#1187364 #1187365 #1187366 #1187367 #1187499

#1187529 #1187538 #1187539

Cross- CVE-2021-3582 CVE-2021-3592 CVE-2021-3593

CVE-2021-3594 CVE-2021-3595 CVE-2021-3607

CVE-2021-3608 CVE-2021-3611

CVSS scores:

CVE-2021-3582 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE-2021-3593 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE-2021-3593 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2474-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.