OPENSUSE-SU-2021:1043-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981) - CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010) - CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990) - CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681) - CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) Non-security issues fixed: - Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) - QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290) - Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785): - Fix testsuite error (bsc#1184574) - Fix qemu crash with iothread when block commit after snapshot (bsc#1187013) - Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) - Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574) This update was imported from the SUSE:SLE-15-SP2:Update update project.
Affected Systems
- opensuse•qemu-linux-user&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.16.1
- opensuse•qemu-testsuite&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.16.7
- opensuse•qemu&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.16.2
References (34)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVDDMT7IUGYOEFTYO3UWD73PJMJL4FSY/
- https://bugzilla.suse.com/1149813
- https://bugzilla.suse.com/1163019
- https://bugzilla.suse.com/1172380
- https://bugzilla.suse.com/1175534
- https://bugzilla.suse.com/1176681
- https://bugzilla.suse.com/1178683
- https://bugzilla.suse.com/1178935
- https://bugzilla.suse.com/1179477
- https://bugzilla.suse.com/1179484
- https://bugzilla.suse.com/1182846
- https://bugzilla.suse.com/1182975
- https://bugzilla.suse.com/1183979
- https://bugzilla.suse.com/1184574
- https://bugzilla.suse.com/1185591
- https://bugzilla.suse.com/1185981
- https://bugzilla.suse.com/1185990
- https://bugzilla.suse.com/1186010
- https://bugzilla.suse.com/1186290
- https://bugzilla.suse.com/1187013
- https://www.suse.com/security/cve/CVE-2019-15890
- https://www.suse.com/security/cve/CVE-2020-10756
- https://www.suse.com/security/cve/CVE-2020-14364
- https://www.suse.com/security/cve/CVE-2020-25085
- https://www.suse.com/security/cve/CVE-2020-25707
- https://www.suse.com/security/cve/CVE-2020-25723
- https://www.suse.com/security/cve/CVE-2020-29129
- https://www.suse.com/security/cve/CVE-2020-29130
- https://www.suse.com/security/cve/CVE-2020-8608
- https://www.suse.com/security/cve/CVE-2021-20257
- https://www.suse.com/security/cve/CVE-2021-3419
- https://www.suse.com/security/cve/CVE-2021-3544
- https://www.suse.com/security/cve/CVE-2021-3545
- https://www.suse.com/security/cve/CVE-2021-3546