File _patchinfo of Package patchinfo.19799

<patchinfo incident="19799">
  <issue tracker="cve" id="2020-29130"/>
  <issue tracker="cve" id="2020-10756"/>
  <issue tracker="cve" id="2019-15890"/>
  <issue tracker="cve" id="2021-3419"/>
  <issue tracker="cve" id="2020-13754"/>
  <issue tracker="cve" id="2021-20257"/>
  <issue tracker="cve" id="2020-8608"/>
  <issue tracker="cve" id="2021-20221"/>
  <issue tracker="cve" id="2020-14364"/>
  <issue tracker="cve" id="2020-25723"/>
  <issue tracker="cve" id="2019-8934"/>
  <issue tracker="bnc" id="1094725">`virsh blockresize` does not work with Xen qdisks</issue>
  <issue tracker="bnc" id="1182975">VUL-0: CVE-2021-3419: xen: rtl8139: stack overflow induced by infinite recursion issue</issue>
  <issue tracker="bnc" id="1126455">VUL-0: CVE-2019-8934: kvm,qemu: ppc64: sPAPR emulator leaks the host hardware identity</issue>
  <issue tracker="bnc" id="1175534">VUL-0: CVE-2020-14364: xen: usb: out-of-bounds r/w access issue while processing usb packets (XSA 335)</issue>
  <issue tracker="bnc" id="1163019">VUL-0: CVE-2020-8608: xen: potential OOB access due to unsafe snprintf() usages</issue>
  <issue tracker="bnc" id="1179477">VUL-0: CVE-2020-29130: xen: out-of-bounds access while processing ARP packets</issue>
  <issue tracker="bnc" id="1181933">VUL-0: CVE-2021-20221: kvm,xen,qemu: out-of-bound heap buffer access via an interrupt ID field</issue>
  <issue tracker="bnc" id="1172382">VUL-1: CVE-2020-13754: kvm,qemu: msix: OOB access during mmio operations may lead to DoS</issue>
  <issue tracker="bnc" id="1031692">OpenQA loses USB keyboard events</issue>
  <issue tracker="bnc" id="1178935">VUL-1: CVE-2020-25723: xen: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c</issue>
  <issue tracker="bnc" id="1172380">VUL-0: CVE-2020-10756: libslirp, slirp4netns, qemu: out-of-bounds read information disclosure in icmp6_send_echoreply()</issue>
  <issue tracker="bnc" id="1149813">VUL-0: CVE-2019-15890: xen: use-after-free during packet reassembly</issue>
  <issue tracker="bnc" id="1182846">VUL-0: CVE-2021-20257: xen:  infinite loop issue in the e1000 NIC emulator</issue>
  <packager>jziviani</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382)
- Fix sPAPR emulator leaks the host hardware identity (CVE-2019-8934, bsc#1126455)
- Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380)
- Fix out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221, bsc#1181933)
- For the record, these issues are fixed in this package already.
  Most are alternate references to previously mentioned issues:
  (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
  CVE-2020-14364, bsc#1175534, CVE-2020-25723, bsc#1178935,
  CVE-2020-29130, bsc#1179477, CVE-2021-20257, bsc#1182846,
  CVE-2021-3419, bsc#1182975, bsc#1031692, bsc#1094725)
</description>
</patchinfo>