Security update for qemu
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2019-9824: Fixed information leak in slirp (bsc#1129622).
- CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 hostinformation (bsc#1126455).
- CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in virtual monitor interface (bsc#1125721).
- CVE-2018-20815: Fixed a denial of service possibility in device tree processing (bsc#1130675).
Non-security issue fixed:
- Backported Skylake-Server vcpu model support from qemu v2.11 (FATE#327261 bsc#1131955).
- Added ability to set virtqueue size using virtqueue_size parameter (FATE#327255 bsc#1118900).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Bruce Rogers (bfrogers)
Fixed bugs
bnc#1129622
VUL-1: CVE-2019-9824: kvm,qemu: information leakage in tcp_emu() due to uninitialized stack variables
bnc#1125721
VUL-0: CVE-2019-3812: qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure
bnc#1130675
VUL-0: CVE-2018-20815: qemu: device_tree: heap buffer overflow while loading device tree blob
bnc#1126455
VUL-0: CVE-2019-8934: kvm,qemu: ppc64: sPAPR emulator leaks the host hardware identity
bnc#1131955
[TRACKERBUG] FATE#327261: [ECO] Support skylake-server architecture with qemu
bnc#1118900
L3: PTF request for " openstack server add volume fails over 26vols "
