Security update for qemu (important)

An update that fixes 8 vulnerabilities is now available.

Description:

This update for qemu fixes the following issues:

Security issues fixed:

• CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622)
• CVE-2019-8934: Added method to specify whether or not to expose certain
  ppc64 host information, which can be considered a security issue
  (bsc#1126455)
• CVE-2019-3812: Fixed OOB memory access and information leak in virtual
  monitor interface (bsc#1125721)
• CVE-2018-20815: Fix DOS possibility in device tree processing
  (bsc#1130675)
• Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream
  adjustments for the same. Basically now the security fix is to provide a
  dummy host-model and host-serial value, which
  overrides getting that value from the host
• CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86
  cpu feature “md-clear” (bsc#1111331)

Other bugs fixed:

• Use a new approach to handling the file input to -smbios option, which
  accepts either legacy or per-spec formats regardless of the machine type.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.0:

  zypper in -t patch openSUSE-2019-1405=1