This update for qemu fixes the following issues:
These security issues were fixed:
- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could
have been exploited by sending a crafted QMP command (including
guest-file-read with a large count value) to the agent via the listening
socket causing DoS (bsc#1098735).
- CVE-2018-11806: Prevent heap-based buffer overflow via incoming
fragmented datagrams (bsc#1096223).
With this release the mitigations for Spectre v4 are moved the the patches
from upstream (CVE-2018-3639, bsc#1092885).
This feature was added:
- Add support for block resize support for disks through the monitor
(bsc#1094725).
This update was imported from the SUSE:SLE-12-SP3:Update update project.