Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2023:3082-2 Important: QEMU Resolved Issues and Security Fixes

suse
Calendar Grey November 15, 2023
Dist Suse Esm H88
Attention users: A crucial security patch has been issued for SUSE Linux Enterprise Micro 5.5, tackling several significant vulnerabilities in qemu.
* bsc#1179993 * bsc#1181740 * bsc#1207205 * bsc#1212968 * bsc#1213001

Summary

## This update for qemu fixes the following issues: * CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414). * CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205). * CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968). * CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). Bugfixes: * hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993) * Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5

Topics%20covered

Topics Covered

security advisory SUSE important update deny service QEMU reentrancy issues

References

* bsc#1179993

* bsc#1181740

* bsc#1207205

* bsc#1212968

* bsc#1213001

* bsc#1213414

Cross-

* CVE-2023-0330

* CVE-2023-2861

* CVE-2023-3255

* CVE-2023-3301

CVSS scores:

* CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2023-3255 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-3255 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-3301 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise Micro 5.5

An update that solves four vulnerabilities and has two security fixes can now be

installed.

##

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:3082-2
Rating: important

Topics%20covered

Topics Covered

security advisory SUSE important update deny service QEMU reentrancy issues

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here