Lucene search

K
suse
SuseOPENSUSE-SU-2021:2591-1
HistoryAug 02, 2021 - 12:00 a.m.

Security update for qemu (important)

2021-08-0200:00:00
lists.opensuse.org
48

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

An update that solves 9 vulnerabilities and has two fixes
is now available.

Description:

This update for qemu fixes the following issues:

Security issues fixed:

  • CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to
    information disclosure (tftp) (bsc#1187366)
  • CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to
    information disclosure (bootp) (bsc#1187364)
  • CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to
    information disclosure (udp) (bsc#1187367)
  • CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to
    information disclosure (udp6) (bsc#1187365)
  • CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499)
  • CVE-2021-3607: Ensure correct input on ring init (bsc#1187539)
  • CVE-2021-3608: Fix the ring init error flow (bsc#1187538)
  • CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow
    (bsc#1187529)
  • CVE-2020-25085: Fix out-of-bounds access issue while doing multi block
    SDMA (bsc#1176681)

Other issues fixed:

  • QEMU BIOS fails to read stage2 loader (on s390x)(bsc#1186290)
  • Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2021-2591=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (x86_64):- openSUSE Leap 15.3 (x86_64):.x86_64.rpm
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

Related for OPENSUSE-SU-2021:2591-1