Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2018:3709-1
HistoryNov 10, 2018 - 12:23 a.m.

Security update for qemu (moderate)

2018-11-1000:23:53
lists.opensuse.org
536

0.141 Low

EPSS

Percentile

95.2%

JSON

This update for qemu fixes the following issues:

These security issues were fixed:

  • CVE-2018-12617: qmp_guest_file_read had an integer overflow that could
    have been exploited by sending a crafted QMP command (including
    guest-file-read with a large count value) to the agent via the listening
    socket causing DoS (bsc#1098735).
  • CVE-2018-11806: Prevent heap-based buffer overflow via incoming
    fragmented datagrams (bsc#1096223).

With this release the mitigations for Spectre v4 are moved the the patches
from upstream (CVE-2018-3639, bsc#1092885).

This feature was added:

  • Add support for block resize support for disks through the monitor
    (bsc#1094725).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.3x86_64qemu-block-iscsi< 2.9.1-47.1qemu-block-iscsi-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3x86_64qemu-block-dmg-debuginfo< 2.9.1-47.1qemu-block-dmg-debuginfo-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3x86_64qemu-block-rbd< 2.9.1-47.1qemu-block-rbd-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3x86_64qemu< 2.9.1-47.1qemu-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3x86_64qemu-extra< 2.9.1-47.1qemu-extra-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3x86_64qemu-lang< 2.9.1-47.1qemu-lang-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3x86_64qemu-x86< 2.9.1-47.1qemu-x86-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3noarchqemu-seabios< 1.10.2-47.1qemu-seabios-1.10.2-47.1.noarch.rpm
openSUSE Leap42.3x86_64qemu-block-curl< 2.9.1-47.1qemu-block-curl-2.9.1-47.1.x86_64.rpm
openSUSE Leap42.3x86_64qemu-ksm< 2.9.1-47.1qemu-ksm-2.9.1-47.1.x86_64.rpm
Rows per page:
1-10 of 401

Related

nessus 73
openvas 42
fedora 6
suse 5
ubuntucve 3
redhat 28
zdi 1
debiancve 3
osv 1
prion 2
veracode 2
cve 2
f5 2
redhatcve 2
zdt 1
packetstorm 1
exploitpack 1
exploitdb 1
ibm 4
almalinux 1
oraclelinux 3
threatpost 1
slackware 1
centos 5
alpinelinux 1
virtuozzo 2
ubuntu 2
citrix 1
debian 1
mageia 1
nessus
nessus
SUSE SLES11 Security Update : kvm (SUSE-SU-2018:2650-1) (Spectre)
2018-09-10 00:00:00
SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-1) (Spectre)
2018-10-03 00:00:00
openSUSE Security Update : qemu (openSUSE-2018-1364) (Spectre)
2018-11-11 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2615-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2556-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2973-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
2018-08-24 08:06:03
[SECURITY] Fedora 28 Update: qemu-2.11.2-5.fc28
2019-05-21 01:14:13
[SECURITY] Fedora 28 Update: libvirt-4.1.0-3.fc28
2018-06-21 15:02:29
suse
suse
Security update for qemu (moderate)
2018-08-17 12:15:11
Security update for qemu (moderate)
2018-09-12 12:07:50
Security update for qemu (important)
2018-05-23 15:07:21
ubuntucve
ubuntucve
CVE-2018-11806
2018-06-13 00:00:00
CVE-2018-12617
2018-06-21 00:00:00
CVE-2018-3639
2018-05-21 00:00:00
redhat
redhat
(RHSA-2018:2822) Important: qemu-kvm-rhev security update
2018-09-27 18:00:00
(RHSA-2018:2762) Important: qemu-kvm-ma security update
2018-09-25 17:29:48
(RHSA-2018:2887) Important: qemu-kvm-rhev security update
2018-10-09 10:53:35
zdi
zdi
Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
2018-06-07 00:00:00
debiancve
debiancve
CVE-2018-12617
2018-06-21 18:29:00
CVE-2018-11806
2018-06-13 16:29:00
CVE-2018-3639
2018-05-22 12:29:00
osv
osv
CVE-2018-11806
2018-06-13 16:29:01
prion
prion
Integer overflow
2018-06-21 18:29:00
Heap overflow
2018-06-13 16:29:00
veracode
veracode
Integer Overflow
2020-09-21 06:24:34
Denial Of Service (DoS)
2019-01-15 09:26:12
cve
cve
CVE-2018-12617
2018-06-21 18:29:00
CVE-2018-11806
2018-06-13 16:29:00
f5
f5
K51428664 : QEMU vulnerability CVE-2018-11806
2020-12-31 00:00:00
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
redhatcve
redhatcve
CVE-2018-12617
2020-03-17 07:33:51
CVE-2018-11806
2019-10-31 22:26:58
zdt
zdt
QEMU Guest Agent 2.12.50 - Denial of Service Vulnerability
2018-06-22 00:00:00
packetstorm
packetstorm
QEMU Guest Agent 2.12.50 Denial Of Service
2018-06-22 00:00:00
exploitpack
exploitpack
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
exploitdb
exploitdb
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
ibm
ibm
Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM
2018-12-19 20:55:02
Security Bulletin: Speculative Store Bypass (SSB) vulnerability also known as SpectreNG or Variant 4 affects IBM Spectrum Protect Plus (CVE-2018-3639)
2019-06-27 18:55:02
Security Bulletin: IBM Resilient recommends the underlying operating system on Resilient servers be upgraded in response to the vulnerabilities known as SpectreNG (CVE-2018-3639)
2021-04-19 21:33:34
almalinux
almalinux
java-1.8.0-openjdk bug fix and enhancement update
2021-01-21 10:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
qemu-kvm security update
2018-05-22 00:00:00
threatpost
threatpost
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
2018-05-24 15:18:03
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-07-27 21:57:40
centos
centos
libvirt security update
2018-07-03 18:53:48
qemu security update
2018-07-03 18:54:02
java security update
2018-05-22 15:30:51
alpinelinux
alpinelinux
CVE-2018-3639
2018-05-22 12:29:00
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-05-23 00:00:00
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
ubuntu
ubuntu
QEMU update
2018-05-21 00:00:00
Linux kernel vulnerability
2018-05-22 00:00:00
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08

0.141 Low

EPSS

Percentile

95.2%

JSON
Related for OPENSUSE-SU-2018:3709-1
nessus73openvas42fedora6suse5ubuntucve3redhat28zdi1debiancve3osv1prion2veracode2cve2f52redhatcve2zdt1packetstorm1exploitpack1exploitdb1ibm4almalinux1oraclelinux3threatpost1slackware1centos5alpinelinux1virtuozzo2ubuntu2citrix1debian1mageia1