File _patchinfo of Package patchinfo.8404

<patchinfo incident="8404">
  <issue tracker="bnc" id="1098735">VUL-0: CVE-2018-12617: kvm,qemu:   qemu-guest-agent: Integer overflow causes segmentation fault in qmp_guest_file_read() with g_malloc()</issue>
  <issue tracker="bnc" id="1096223">VUL-0: CVE-2018-11806: kvm,qemu: slirp: heap buffer overflow while reassembling fragmented datagrams</issue>
  <issue tracker="bnc" id="1020928">live migration does not start for 2/100 attempts</issue>
  <issue tracker="bnc" id="1092885">VUL-0: CVE-2018-3639:  qemu,kvm,libvirt: V4 &#8211; Speculative Store Bypass aka "Memory Disambiguation"</issue>
  <issue tracker="cve" id="2018-11806"/>
  <issue tracker="cve" id="2018-3639"/>
  <issue tracker="cve" id="2018-12617"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>bfrogers</packager>
  <description>This update for qemu fixes the following issues:

These security issues were fixed:

- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have
been exploited by sending a crafted QMP command (including guest-file-read with
a large count value) to the agent via the listening socket causing DoS
(bsc#1098735)
- CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented
datagrams (bsc#1096223)

With this release the mitigations for Spectre v4 are moved the the patches from
upstream (CVE-2018-3639, bsc#1092885).

This non-security was fixed:

- Fix VirtQueue error for virtio-balloon during live migration (bsc#1020928).
</description>
  <summary>Security update for qemu</summary>
</patchinfo>