Security update for qemu
This update for qemu fixes the following issues:
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15
- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)
- Expose taa-no "feature", indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no "feature", indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Bruce Rogers (bfrogers)
Fixed bugs
bnc#1152506
VUL-0: EMBARGOED: CVE-2019-11135: qemu,kvm: "TSX Asynchronous Abort (TAA)"
bnc#1146873
VUL-0: CVE-2019-12068: kvm,qemu: infinite loop while executing script
bnc#1155812
VUL-0: EMBARGOED: CVE-2018-12207: qemu,kvm: Machine Check Error Avoidance on Page Size Change (aka IFU issue)
bnc#1119991
VUL-1: CVE-2018-20126: kvm,qemu: memory leakage due to non free memory objects in qemu implementation can lead to DOS
