Overview

File _patchinfo of Package patchinfo.10253

<patchinfo incident="10253">
  <issue tracker="bnc" id="1116717">VUL-0: CVE-2018-19364: qemu,kvm: 9pfs: Use-after-free due to race condition while updating fid path</issue>
  <issue tracker="bnc" id="1117275">VUL-1: CVE-2018-19489: kvm,qemu: QEMU: 9pfs: crash due to race condition in renaming files</issue>
  <issue tracker="bnc" id="1123156">VUL-0: CVE-2019-6778: kvm,qemu:  A heap buffer overflow in tcp_emu() found in slirp</issue>
  <issue tracker="bnc" id="1084604">VUL-0: CVE-2018-7858: kvm,qemu: cirrus: OOB access when updating vga display allowing for DoS</issue>
  <issue tracker="bnc" id="1113231">L3: after migrating KVM guests are hung with weird timestamps</issue>
  <issue tracker="bnc" id="1119493">VUL-0: CVE-2018-16872: kvm,qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP)</issue>
  <issue tracker="cve" id="2017-13673"/>
  <issue tracker="cve" id="2018-7858"/>
  <issue tracker="cve" id="2017-13672"/>
  <issue tracker="cve" id="2018-19364"/>
  <issue tracker="cve" id="2019-6778"/>
  <issue tracker="cve" id="2018-19489"/>
  <issue tracker="cve" id="2018-16872"/>
  <category>security</category>
  <rating>important</rating>
  <packager>bfrogers</packager>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).
- CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604).
- CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function.
- CVE-2017-13672: Fixed a denial of service via vectors involving display update.

Non-security issues fixed:

- Fixed bad guest time after migration (bsc#1113231).
</description>
  <summary>Security update for qemu</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places