OPENSUSE-SU-2021:1202-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3527: usb: unbounded stack allocation in usbredir (bsc#1186012) - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) - CVE-2021-3682: usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145) - CVE-2020-35503: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432) - CVE-2020-35504,CVE-2020-35505,CVE-2020-35506: NULL pointer dereference in ESP (bsc#1180433 bsc#1180434 bsc#1180435) - CVE-2021-20255: eepro100: stack overflow via infinite recursion (bsc#1182651) This update was imported from the SUSE:SLE-15-SP2:Update update project.
Affected Systems
- opensuse•qemu-linux-user&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.20.1
- opensuse•qemu-testsuite&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.20.1
- opensuse•qemu&distro=openSUSE Leap 15.2
< 4.2.1-lp152.9.20.1
References (31)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XTOHNMISPT4N5NUXQJPKV5LQNNGSMFI/
- https://bugzilla.suse.com/1180432
- https://bugzilla.suse.com/1180433
- https://bugzilla.suse.com/1180434
- https://bugzilla.suse.com/1180435
- https://bugzilla.suse.com/1182651
- https://bugzilla.suse.com/1186012
- https://bugzilla.suse.com/1187364
- https://bugzilla.suse.com/1187365
- https://bugzilla.suse.com/1187366
- https://bugzilla.suse.com/1187367
- https://bugzilla.suse.com/1187499
- https://bugzilla.suse.com/1187529
- https://bugzilla.suse.com/1187538
- https://bugzilla.suse.com/1187539
- https://bugzilla.suse.com/1189145
- https://www.suse.com/security/cve/CVE-2020-35503
- https://www.suse.com/security/cve/CVE-2020-35504
- https://www.suse.com/security/cve/CVE-2020-35505
- https://www.suse.com/security/cve/CVE-2020-35506
- https://www.suse.com/security/cve/CVE-2021-20255
- https://www.suse.com/security/cve/CVE-2021-3527
- https://www.suse.com/security/cve/CVE-2021-3582
- https://www.suse.com/security/cve/CVE-2021-3592
- https://www.suse.com/security/cve/CVE-2021-3593
- https://www.suse.com/security/cve/CVE-2021-3594
- https://www.suse.com/security/cve/CVE-2021-3595
- https://www.suse.com/security/cve/CVE-2021-3607
- https://www.suse.com/security/cve/CVE-2021-3608
- https://www.suse.com/security/cve/CVE-2021-3611
- https://www.suse.com/security/cve/CVE-2021-3682