Lucene search

K
suse
SuseSUSE-SU-2022:3594-1
HistoryOct 17, 2022 - 12:00 a.m.

Security update for qemu (important)

2022-10-1700:00:00
lists.opensuse.org
12

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.1 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

An update that solves 5 vulnerabilities and has one errata
is now available.

Description:

This update for qemu fixes the following issues:

  • CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and
    CVE-2020-25085 in sdhi controller. (bsc#1182282)
  • CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead
    to heap buffer overflow. (bsc#1198035)
  • CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap
    buffer overflow. (bsc#1198037)
  • CVE-2022-0216: Fixed a use after free issue found in
    hw/scsi/lsi53c895a.c. (bsc#1198038)
  • CVE-2022-35414: Fixed an uninitialized read during address translation
    that leads to a crash. (bsc#1201367)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3594=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-3594=1

  • SUSE Manager Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3594=1

  • SUSE Manager Retail Branch Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3594=1

  • SUSE Manager Proxy 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3594=1

  • SUSE Linux Enterprise Server for SAP 15-SP2:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3594=1

  • SUSE Linux Enterprise Server 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3594=1

  • SUSE Linux Enterprise Server 15-SP2-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3594=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3594=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3594=1

  • SUSE Enterprise Storage 7:

    zypper in -t patch SUSE-Storage-7-2022-3594=1

Rows per page:
1-10 of 541
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.1 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

Related for SUSE-SU-2022:3594-1