SUSE-SU-2023:4056-1
Vulnerability Summary
Timeline
Description
Security update for qemu This update for qemu fixes the following issues: - CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device (bsc#1213925). - CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free (bsc#1190011). - CVE-2021-3638: Fixed a buffer overflow in the ati-vga device (bsc#1188609). - CVE-2023-3354: Fixed an issue when performing a TLS handshake that could lead to remote denial of service via VNC connection (bsc#1212850). - CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device that could lead to a stack overflow (bsc#1207205). Non-security fixes: - Fixed a potential build issue in the librm subcomponent (bsc#1215311). - Fixed a potential crash during VM migration (bsc#1213663). - Fixed potential issues during installation on a Xen host (bsc#1179993, bsc#1181740).
Affected Systems
- opensuse•qemu&distro=openSUSE Leap 15.4
< 6.2.0-150400.37.23.1
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.3
< 6.2.0-150400.37.23.1
- suse•qemu&distro=SUSE Linux Enterprise Micro 5.4
< 6.2.0-150400.37.23.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4
< 6.2.0-150400.37.23.1
- suse•qemu&distro=SUSE Linux Enterprise Module for Server Applications 15 SP4
< 6.2.0-150400.37.23.1
References (15)
- https://www.suse.com/support/update/announcement/2023/suse-su-20234056-1/
- https://bugzilla.suse.com/1179993
- https://bugzilla.suse.com/1181740
- https://bugzilla.suse.com/1188609
- https://bugzilla.suse.com/1190011
- https://bugzilla.suse.com/1207205
- https://bugzilla.suse.com/1212850
- https://bugzilla.suse.com/1213663
- https://bugzilla.suse.com/1213925
- https://bugzilla.suse.com/1215311
- https://www.suse.com/security/cve/CVE-2021-3638
- https://www.suse.com/security/cve/CVE-2021-3750
- https://www.suse.com/security/cve/CVE-2023-0330
- https://www.suse.com/security/cve/CVE-2023-3180
- https://www.suse.com/security/cve/CVE-2023-3354