Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 509
Alerts This Week
Warning Icon 1 509

SUSE Linux Enterprise Server 12-SP5: 2021:2813-1 Moderate QEMU Issues

suse
Calendar Grey August 23, 2021
Scroller Suse Esm H88
This advisory presents steps to remediate seven moderate severity security vulnerabilities in QEMU on SLES, enhancing system security effectively
An update that fixes 7 vulnerabilities is now available

Summary

This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5:

References

#1180432 #1180433 #1180434 #1180435 #1182651

#1186012 #1189145

Cross- CVE-2020-35503 CVE-2020-35504 CVE-2020-35505

CVE-2020-35506 CVE-2021-20255 CVE-2021-3527

CVE-2021-3682

CVSS scores:

CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Announcement ID: SUSE-SU-2021:2813-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.