OPENSUSE-SU-2021:0363-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: - Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523) - Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719) - Fixed 'Failed to try-restart qemu-ga@.service' error while updating the qemu-guest-agent. (bsc#1178565) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049) This update was imported from the SUSE:SLE-15-SP2:Update update project.
Affected Systems
- opensuse•qemu-linux-user&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.9.3
- opensuse•qemu-testsuite&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.9.5
- opensuse•qemu&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.9.2
References (13)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDUPZEIOIEXWFR2ZTWFFOIO2ZA3AI3VM/
- https://bugzilla.suse.com/1178049
- https://bugzilla.suse.com/1178565
- https://bugzilla.suse.com/1179717
- https://bugzilla.suse.com/1179719
- https://bugzilla.suse.com/1180523
- https://bugzilla.suse.com/1181639
- https://bugzilla.suse.com/1181933
- https://bugzilla.suse.com/1182137
- https://www.suse.com/security/cve/CVE-2020-11947
- https://www.suse.com/security/cve/CVE-2021-20181
- https://www.suse.com/security/cve/CVE-2021-20203
- https://www.suse.com/security/cve/CVE-2021-20221