SUSE-SU-2021:1829-1

Description

Security update for qemu This update for qemu fixes the following issues: - Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382) - Fix sPAPR emulator leaks the host hardware identity (CVE-2019-8934, bsc#1126455) - Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) - Fix out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221, bsc#1181933) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975, bsc#1031692, bsc#1094725)

Affected Systems

• suse•qemu&distro=SUSE Linux Enterprise Server 12 SP2-BCL

  < 2.6.2-41.65.1

References (25)

• https://www.suse.com/support/update/announcement/2021/suse-su-20211829-1/
• https://bugzilla.suse.com/1031692
• https://bugzilla.suse.com/1094725
• https://bugzilla.suse.com/1126455
• https://bugzilla.suse.com/1149813
• https://bugzilla.suse.com/1163019
• https://bugzilla.suse.com/1172380
• https://bugzilla.suse.com/1172382
• https://bugzilla.suse.com/1175534
• https://bugzilla.suse.com/1178935
• https://bugzilla.suse.com/1179477
• https://bugzilla.suse.com/1181933
• https://bugzilla.suse.com/1182846
• https://bugzilla.suse.com/1182975
• https://www.suse.com/security/cve/CVE-2019-15890
• https://www.suse.com/security/cve/CVE-2019-8934
• https://www.suse.com/security/cve/CVE-2020-10756
• https://www.suse.com/security/cve/CVE-2020-13754
• https://www.suse.com/security/cve/CVE-2020-14364
• https://www.suse.com/security/cve/CVE-2020-25723
• https://www.suse.com/security/cve/CVE-2020-29130
• https://www.suse.com/security/cve/CVE-2020-8608
• https://www.suse.com/security/cve/CVE-2021-20221
• https://www.suse.com/security/cve/CVE-2021-20257
• https://www.suse.com/security/cve/CVE-2021-3419