Lucene search

K
suseSuseOPENSUSE-SU-2021:3614-1
HistoryNov 04, 2021 - 12:00 a.m.

Security update for qemu (important)

2021-11-0400:00:00
lists.opensuse.org
21
qemu
vulnerabilities
usb attached scsi
heap use-after-free
usbredir
null pointer dereference
esp
megasas-gen2 host bus adapter
eepro100
stack overflow
unbounded stack allocation

EPSS

0.003

Percentile

71.3%

An update that fixes 9 vulnerabilities is now available.

Description:

This update for qemu fixes the following issues:

Security issues fixed:

  • Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation
    (bsc#1189702, CVE-2021-3713)
  • Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938,
    CVE-2021-3748)
  • usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145,
    CVE-2021-3682)
  • NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504)
    (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
  • NULL pointer dereference issue in megasas-gen2 host bus adapter
    (bsc#1180432, CVE-2020-35503)
  • eepro100: stack overflow via infinite recursion (bsc#1182651,
    CVE-2021-20255)
  • usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)

Non-security issues fixed:

  • Use max host physical address if -cpu max is used (bsc#1188299)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2021-3614=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 x86_64):- openSUSE Leap 15.3 (aarch64 x86_64):.aarch64.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 x86_64):- openSUSE Leap 15.3 (aarch64 x86_64):.x86_64.rpm