Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for qemu

This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622)
- CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host
information, which can be considered a security issue (bsc#1126455)
- CVE-2019-3812: Fixed OOB memory access and information leak in virtual monitor interface (bsc#1125721)
- CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675)
- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest
upstream adjustments for the same. Basically now the security fix
is to provide a dummy host-model and host-serial value, which
overrides getting that value from the host
- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331)

Other bugs fixed:

- Use a new approach to handling the file input to -smbios option,
which accepts either legacy or per-spec formats regardless of the
machine type.

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1130675
VUL-0: CVE-2018-20815: qemu: device_tree: heap buffer overflow while loading device tree blob
bnc#1111331
VUL-0: EMBARGOED: CPU issues Q2 2019 aka "Group 4"
bnc#1126455
VUL-0: CVE-2019-8934: kvm,qemu: ppc64: sPAPR emulator leaks the host hardware identity
bnc#1125721
VUL-0: CVE-2019-3812: qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure
bnc#1129622
VUL-1: CVE-2019-9824: kvm,qemu: information leakage in tcp_emu() due to uninitialized stack variables
CVE-2018-12126
CVE-2018-12127
CVE-2018-20815
CVE-2019-11091
CVE-2019-8934
CVE-2019-9824
CVE-2019-3812
CVE-2018-12130
Selected Binaries
openSUSE Build Service is sponsored by
Places