SUSE-SU-2019:1238-1

Advisory lineage Upstream: 8 Downstream: 0
Published: 14 May 2019, 17:03
Last modified:04 Feb 2026, 04:05

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 May 2019, 17:03
Published
Vulnerability first disclosed
04 Feb 2026, 04:05
Last Modified
Vulnerability information updated

Description

Security update for qemu This update for qemu fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (bsc#1126455) - CVE-2019-3812: Fixed OOB memory access and information leak in virtual monitor interface (bsc#1125721) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Other bugs fixed: - Use a new approach to handling the file input to -smbios option, which accepts either legacy or per-spec formats regardless of the machine type. - Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962)

Affected Systems

  • suseqemu&distro=SUSE Linux Enterprise Desktop 12 SP4

    < 2.11.2-5.13.1

  • suseqemu&distro=SUSE Linux Enterprise Server 12 SP4

    < 2.11.2-5.13.1

  • suseqemu&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

    < 2.11.2-5.13.1

References (15)