openSUSE Build Service

Security update for qemu

This update for qemu fixes the following issues:

- Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
- Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523)
- Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
- Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)
- Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719)
- Fixed "Failed to try-restart qemu-ga@.service" error while updating the
qemu-guest-agent. (bsc#1178565)
- Apply fixes to qemu scsi passthrough with respect to timeout and
error conditions, including using more correct status codes. Add
more qemu tracing which helped track down these issues
(bsc#1178049)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Submitted by Bruce Rogers (bfrogers)

Fixed bugs

SLES 15 SP2 - s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset (qemu-kvm)

bnc#1182137

VUL-0: CVE-2021-20181: qemu,kvm,: race condition in 9pfs may lead to privilege escalation

bnc#1179719

SLES 15 SP2 - s390x/pci: Honor vfio DMA limiting (qemu-kvm)

bnc#1180523

VUL-0: CVE-2020-11947: qemu,kvm: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read

bnc#1181639

VUL-1: CVE-2021-20203: kvm,xen,qemu: qemu: Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c

bnc#1178565

zypper tries to restart invalid system service when updating qemu-guest-agent

bnc#1178049

L3-Question: Multiple issues after hanging I/O in SAN

bnc#1181933

VUL-0: CVE-2021-20221: kvm,xen,qemu: out-of-bound heap buffer access via an interrupt ID field

Places

Fixed bugs

Selected Binaries

Places