Lucene search

K
suseSuseOPENSUSE-SU-2021:3604-1
HistoryNov 03, 2021 - 12:00 a.m.

Security update for qemu (important)

2021-11-0300:00:00
lists.opensuse.org
40
qemu
security update
vulnerabilities
fixes
usb attached scsi
heap use-after-free
scsi vpd
qemu crash
xen-block

EPSS

0

Percentile

14.2%

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for qemu fixes the following issues:

Security issues fixed:

  • CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device
    emulation (bsc#1189702)
  • CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu
    (bsc#1189938)

Non-security issues fixed:

  • Add transfer length item in block limits page of scsi vpd (bsc#1190425)
  • Fix qemu crash while deleting xen-block (bsc#1189234)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2021-3604=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm