SUSE-SU-2019:0582-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489

Published: 11 Mar 2019, 17:34

Last modified:02 May 2025, 04:06

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Mar 2019, 17:34

Published

Vulnerability first disclosed

02 May 2025, 04:06

Last Modified

Vulnerability information updated

Description

Security update for qemu This update for qemu fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156) - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493) - CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275) - CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs interface is deliberately abused (bsc#1116717) - CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory operations (bsc#1114957) - CVE-2017-13673: Fixed a reachable assert failure during during display update (bsc#1056386) - CVE-2017-13672: Fixed an out-of-bounds read access during display update (bsc#1056334) - CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga display allowing for Denial-of-Service (bsc#1084604) Other bug fixes and changes: - Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) - Fix bad guest time after migration (bsc#1113231)

Affected Systems

suse•qemu&distro=SUSE Linux Enterprise Desktop 12 SP3
< 2.9.1-6.28.1
suse•qemu&distro=SUSE Linux Enterprise Server 12 SP3
< 2.9.1-6.28.1
suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
< 2.9.1-6.28.1

SUSE-SU-2019:0582-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (19)