File _patchinfo of Package patchinfo.10251

<patchinfo incident="10251">
  <issue tracker="bnc" id="1116717">VUL-0: CVE-2018-19364: qemu,kvm: 9pfs: Use-after-free due to race condition while updating fid path</issue>
  <issue tracker="bnc" id="1117275">VUL-1: CVE-2018-19489: kvm,qemu: QEMU: 9pfs: crash due to race condition in renaming files</issue>
  <issue tracker="bnc" id="1079730">[migration][xen] xen be: qdisk-51712: error: Failed to get "write" lock</issue>
  <issue tracker="bnc" id="1101982">[migration][xen]qemu-system-i386: Failed to get "write" lock</issue>
  <issue tracker="bnc" id="1114957">VUL-0: CVE-2018-18954: qemu: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb</issue>
  <issue tracker="bnc" id="1123156">VUL-0: CVE-2019-6778: kvm,qemu:  A heap buffer overflow in tcp_emu() found in slirp</issue>
  <issue tracker="bnc" id="1063993">[build 655.2] Xen live migration reports "cannot acquire state change lock"</issue>
  <issue tracker="bnc" id="1112646">ksm.service start through qemu-ksm fails</issue>
  <issue tracker="bnc" id="1123179">SLES 12 SP4 - Backport diag308 stable exception fix (qemu-kvm)</issue>
  <issue tracker="bnc" id="1100408">performance degration after migration from SLES11 HV to SLES12 HV</issue>
  <issue tracker="bnc" id="1121600">aarch64-linux-user: inconsistent pwrite behaviour</issue>
  <issue tracker="bnc" id="1119493">VUL-0: CVE-2018-16872: kvm,qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP)</issue>
  <issue tracker="cve" id="2019-6778"/>
  <issue tracker="cve" id="2018-16872"/>
  <issue tracker="cve" id="2018-19489"/>
  <issue tracker="cve" id="2018-19364"/>
  <issue tracker="cve" id="2018-18954"/>
  <category>security</category>
  <rating>important</rating>
  <packager>bfrogers</packager>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).
- CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957).

Non-security issues fixed:

- Improved disk performance for qemu on xen (bsc#1100408).
- Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993).
- Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600).
- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646).
- Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179).
</description>
  <summary>Security update for qemu</summary>
</patchinfo>