openSUSE Build Service

Security update for qemu

This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)

Non-security issues fixed:

- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Submitted by José Ricardo Ziviani (jziviani)

Fixed bugs

bnc#1190425

The max_sectors_kb is incorrect in kvm guest os while using scsi passthrough on certain hardware

bnc#1189234

SLES15 SP2: virt-install triggers coredump from qemu-system

bnc#1189702

VUL-0: CVE-2021-3713: kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation

bnc#1189938

VUL-0: CVE-2021-3748: qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu

CVE-2021-3748

CVE-2021-3713

Places

Fixed bugs

Selected Binaries

Places