SUSE-SU-2023:3444-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205) - CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850) - CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925) - CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609) - CVE-2023-3301: Fixed a DoS due to an assertion failure. (bsc#1213414) - CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011)
Affected Systems
- suse•qemu&distro=SUSE Enterprise Storage 7.1
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.1
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.2
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Manager Proxy 4.2
< 5.2.0-150300.127.3
- suse•qemu&distro=SUSE Manager Server 4.2
< 5.2.0-150300.127.3
References (13)
- https://www.suse.com/support/update/announcement/2023/suse-su-20233444-1/
- https://bugzilla.suse.com/1188609
- https://bugzilla.suse.com/1190011
- https://bugzilla.suse.com/1207205
- https://bugzilla.suse.com/1212850
- https://bugzilla.suse.com/1213414
- https://bugzilla.suse.com/1213925
- https://www.suse.com/security/cve/CVE-2021-3638
- https://www.suse.com/security/cve/CVE-2021-3750
- https://www.suse.com/security/cve/CVE-2023-0330
- https://www.suse.com/security/cve/CVE-2023-3180
- https://www.suse.com/security/cve/CVE-2023-3301
- https://www.suse.com/security/cve/CVE-2023-3354