Security update for qemu
This update for qemu fixes the following issues:
- CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494).
- CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641).
- CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386).
- CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370).
- Allow to IPL secure guests with -no-reboot (bsc#1174863)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Bruce Rogers (bfrogers)
Fixed bugs
bnc#1174641
VUL-1: CVE-2020-16092: kvm,qemu: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c
bnc#1175370
VUL-1: CVE-2020-24352: kvm,qemu: out-of-bounds read/write in ati-vga device emulation in ati_2d_blt()
bnc#1175441
VUL-0: CVE-2020-14364: qemu,kvm: usb: out-of-bounds r/w access issue while processing usb packets
bnc#1174386
VUL-0: CVE-2020-15863: kvm,qemu: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c
