Overview

File _patchinfo of Package patchinfo.8403

<patchinfo incident="8403">
  <issue tracker="bnc" id="1098735">VUL-0: CVE-2018-12617: kvm,qemu:   qemu-guest-agent: Integer overflow causes segmentation fault in qmp_guest_file_read() with g_malloc()</issue>
  <issue tracker="bnc" id="1096223">VUL-0: CVE-2018-11806: kvm,qemu: slirp: heap buffer overflow while reassembling fragmented datagrams</issue>
  <issue tracker="bnc" id="1092885">VUL-0: CVE-2018-3639:  qemu,kvm,libvirt: V4 &#8211; Speculative Store Bypass aka "Memory Disambiguation"</issue>
  <issue tracker="cve" id="2018-11806"/>
  <issue tracker="cve" id="2018-3639"/>
  <issue tracker="cve" id="2018-12617"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>bfrogers</packager>
  <description>This update for qemu fixes the following security issues:

- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have
  been exploited by sending a crafted QMP command (including guest-file-read with
  a large count value) to the agent via the listening socket causing DoS (bsc#1098735)
- CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented
  datagrams (bsc#1096223)

With this release the mitigations for Spectre v4 are moved the the patches from
upstream (CVE-2018-3639, bsc#1092885).
</description>
  <summary>Security update for qemu</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places