Overview

File _patchinfo of Package patchinfo.15027

<patchinfo incident="15027">
  <issue tracker="cve" id="2019-12068"/>
  <issue tracker="cve" id="2020-1711"/>
  <issue tracker="cve" id="2020-8608"/>
  <issue tracker="cve" id="2019-15890"/>
  <issue tracker="cve" id="2020-1983"/>
  <issue tracker="cve" id="2020-7039"/>
  <issue tracker="cve" id="2019-6778"/>
  <issue tracker="bnc" id="1161066">VUL-0: CVE-2020-7039: kvm,qemu: OOB buffer access while emulating TCP protocols in tcp_emu()</issue>
  <issue tracker="bnc" id="1146873">VUL-0: CVE-2019-12068: kvm,qemu: infinite loop while executing script</issue>
  <issue tracker="bnc" id="1166240">VUL-0: CVE-2020-1711: kvm,qemu: block: iscsi: OOB heap access via an unexpected response of iSCSI Server</issue>
  <issue tracker="bnc" id="1163018">VUL-0: CVE-2020-8608: kvm,qemu: potential OOB access due to unsafe snprintf() usages</issue>
  <issue tracker="bnc" id="1123156">VUL-0: CVE-2019-6778: kvm,qemu:  A heap buffer overflow in tcp_emu() found in slirp</issue>
  <issue tracker="bnc" id="1170940">VUL-0: CVE-2020-1983: slirp4netns,libslirp,kvm,qemu: use-after-free in ip_reass function in ip_input.c</issue>
  <issue tracker="bnc" id="1149811">VUL-0: CVE-2019-15890: kvm, qemu: use-after-free during packet reassembly</issue>
  <packager>bfrogers</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).
- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places