File _patchinfo of Package patchinfo.13117

<patchinfo incident="13117">
  <issue tracker="bnc" id="1146873">VUL-0: CVE-2019-12068: kvm,qemu: infinite loop while executing script</issue>
  <issue tracker="bnc" id="1153358">systemd service file for qemu-guest-agent fails to start</issue>
  <issue tracker="bnc" id="1152506">VUL-0: EMBARGOED: CVE-2019-11135: qemu,kvm: "TSX Asynchronous Abort (TAA)"</issue>
  <issue tracker="bnc" id="1119991">VUL-1: CVE-2018-20126: kvm,qemu: memory leakage due to non free memory objects in qemu implementation can lead to DOS</issue>
  <issue tracker="bnc" id="1155812">VUL-0: EMBARGOED: CVE-2018-12207: qemu,kvm: Machine Check Error Avoidance on Page Size Change (aka IFU issue)</issue>
  <issue tracker="cve" id="2018-20126"/>
  <issue tracker="cve" id="2019-12068"/>
  <issue tracker="cve" id="2018-12207"/>
  <issue tracker="cve" id="2019-11135"/>
  <packager>bfrogers</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- Remove a backslash "\" escape character from 80-qemu-ga.rules (bsc#1153358)
  Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in
  sles 12 sp4 or newer guest only needs one escape character.

- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068
  bsc#1146873)
- Expose taa-no "feature", indicating CPU does not have the
  TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no "feature", indicating CPU does not have
  the page size change machine check vulnerability (CVE-2018-12207
  bsc#1155812)
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4

</description>
</patchinfo>