Lucene search

SuseOPENSUSE-SU-2019:1274-1

HistoryApr 25, 2019 - 12:00 a.m.

Security update for qemu (important)

2019-04-2500:00:00

lists.opensuse.org

101

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

81.4%

JSON

An update that solves four vulnerabilities and has two
fixes is now available.

Description:

This update for qemu fixes the following issues:

Security issues fixed:

CVE-2019-9824: Fixed information leak in slirp (bsc#1129622).
CVE-2019-8934: Added method to specify whether or not to expose certain
ppc64 hostinformation (bsc#1126455).
CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in
virtual monitor interface (bsc#1125721).
CVE-2018-20815: Fixed a denial of service possibility in device tree
processing (bsc#1130675).

Non-security issue fixed:

Backported Skylake-Server vcpu model support from qemu v2.11
(FATE#327261 bsc#1131955).
Added ability to set virtqueue size using virtqueue_size parameter
(FATE#327255 bsc#1118900).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1274=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.3i586< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.i586.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.x86_64.rpm
openSUSE Leap42.3noarch< - openSUSE Leap 42.3 (noarch):- openSUSE Leap 42.3 (noarch):.noarch.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (x86_64):- openSUSE Leap 42.3 (x86_64):.x86_64.rpm

OS	Version	Architecture	Version	Filename
openSUSE Leap	42.3	i586	< - openSUSE Leap 42.3 (i586 x86_64):	- openSUSE Leap 42.3 (i586 x86_64):.i586.rpm
openSUSE Leap	42.3	x86_64	< - openSUSE Leap 42.3 (i586 x86_64):	- openSUSE Leap 42.3 (i586 x86_64):.x86_64.rpm
openSUSE Leap	42.3	noarch	< - openSUSE Leap 42.3 (noarch):	- openSUSE Leap 42.3 (noarch):.noarch.rpm
openSUSE Leap	42.3	x86_64	< - openSUSE Leap 42.3 (x86_64):	- openSUSE Leap 42.3 (x86_64):.x86_64.rpm