SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1242-1)


This update for qemu fixes the following issues : Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) Fix use-after-free in usb iehci packet handling (CVE-2020-25084, bsc#1176673) Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) Fix NULL pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) Fix NULL pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) Fix package scripts to not use hard-coded paths for temporary working directories and log files (bsc#1182425) Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. (bsc#1178049) Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) Make note that this patch previously included addresses (CVE-2020-13765 bsc#1172478) Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel Fix vfio-pci device on s390 enters error state (bsc#1179725) Fix PCI devices are unavailable after a subsystem reset. (bsc#1179726) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.