Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
patchinfo.820
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.820
<patchinfo incident="820"> <packager>bfrogers</packager> <issue tracker="bnc" id="934506">qemu - QEMU Monitor - monitor consol looks empy</issue> <issue tracker="bnc" id="934517">qemu - QEMU Monitor - commands info tlb and info mem causes guest to freeze</issue> <issue tracker="bnc" id="937572">dictzip disk protocol handling not big-endian enabled</issue> <issue tracker="bnc" id="938344">VUL-0: EMBARGOED: CVE-2015-5154: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM</issue> <issue tracker="bnc" id="902737"/> <issue tracker="bnc" id="928308"/> <issue tracker="bnc" id="936537"/> <issue tracker="bnc" id="937125"/> <issue tracker="bnc" id="937572"/> <issue tracker="bnc" id="939216"/> <issue tracker="bnc" id="943446"/> <issue tracker="bnc" id="944017"/> <issue tracker="bnc" id="945404"/> <issue tracker="bnc" id="945778"/> <issue tracker="bnc" id="945987"/> <issue tracker="bnc" id="945989"/> <issue tracker="cve" id="CVE-2015-5154"></issue> <issue tracker="cve" id="CVE-2014-7815"/> <issue tracker="cve" id="CVE-2015-5278"/> <issue tracker="cve" id="CVE-2015-5279"/> <issue tracker="cve" id="CVE-2015-6855"/> <category>security</category> <rating>important</rating> <summary>Security update for qemu</summary> <description>qemu was updated to fix several security issues and bugs. The following vulnerabilities were fixed: - CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. (bsc#938344). - CVE-2015-5278: QEMU was vulnerable to an infinite loop issue that could occur when receiving packets over the network. (bsc#945989) - CVE-2015-5279: QEMU was vulnerable to a heap buffer overflow issue that could occur when receiving packets over the network. (bsc#945987) - CVE-2015-6855: QEMU was vulnerable to a divide by zero issue that could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. (bsc#945404) - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. (bsc#902737): Also these non-security issues were fixed: - bsc#937572: Fixed dictzip on big endian systems - bsc#934517: Fix 'info tlb' causes guest to freeze - bsc#934506: Fix vte monitor consol looks empy - bsc#937125: Fix parsing of scsi-disk wwn uint64 property - bsc#945778: Drop .probe hooks for DictZip and tar block drivers - bsc#937572: Fold common-obj-y -> block-obj-y change into original patches - bsc#928308,bsc#944017: Fix virtio-ccw index errors when initrd gets too large - bsc#936537: Fix possible qemu-img error when converting to compressed qcow2 image - bsc#939216: Fix reboot fail after install using uefi - bsc#943446: qemu-img convert doesn't create MB aligned VHDs anymore </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor