Overview

File _patchinfo of Package patchinfo.18973

<patchinfo incident="18973">
  <issue tracker="cve" id="2020-13362"/>
  <issue tracker="cve" id="2020-29129"/>
  <issue tracker="cve" id="2020-29443"/>
  <issue tracker="cve" id="2020-28916"/>
  <issue tracker="cve" id="2021-20203"/>
  <issue tracker="cve" id="2021-20221"/>
  <issue tracker="cve" id="2020-15469"/>
  <issue tracker="cve" id="2020-25723"/>
  <issue tracker="cve" id="2020-25625"/>
  <issue tracker="cve" id="2020-29130"/>
  <issue tracker="cve" id="2021-20181"/>
  <issue tracker="cve" id="2020-12829"/>
  <issue tracker="cve" id="2020-13361"/>
  <issue tracker="cve" id="2020-16092"/>
  <issue tracker="cve" id="2020-13659"/>
  <issue tracker="cve" id="2020-15863"/>
  <issue tracker="cve" id="2020-11947"/>
  <issue tracker="cve" id="2020-14364"/>
  <issue tracker="cve" id="2020-27617"/>
  <issue tracker="cve" id="2020-25084"/>
  <issue tracker="cve" id="2021-3416"/>
  <issue tracker="cve" id="2020-25624"/>
  <issue tracker="cve" id="2020-13765"/>
  <issue tracker="cve" id="2021-20257"/>
  <issue tracker="bnc" id="1178174">VUL-1: CVE-2020-27617: qemu: assert failure in eth_get_gso_type</issue>
  <issue tracker="bnc" id="1182425">VUL-0: qemu, kvm: packaging workflow implemented in config.sh and update_git.sh uses fixed temporary files and directories</issue>
  <issue tracker="bnc" id="1182137">VUL-0: CVE-2021-20181: qemu,kvm,:  race condition in 9pfs may lead to privilege escalation</issue>
  <issue tracker="bnc" id="1181108">VUL-0: CVE-2020-29443: qemu,kvm: atapi: OOB access while processing read commands</issue>
  <issue tracker="bnc" id="1176673">VUL-0: CVE-2020-25084: kvm,qemu: usb: use-after-free issue while setting up packet</issue>
  <issue tracker="bnc" id="1172386">VUL-1: CVE-2020-13659: qemu: NULL pointer dereference in the MegaRAID SAS 8708EM2 emulator</issue>
  <issue tracker="bnc" id="1174386">VUL-0: CVE-2020-15863: kvm,qemu: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c</issue>
  <issue tracker="bnc" id="1176684">VUL-1: CVE-2020-25625: kvm,qemu: usb: hcd-ohci: infinite loop issue while processing transfer descriptors</issue>
  <issue tracker="bnc" id="1182577">VUL-0: CVE-2021-20257: kvm,qemu:  infinite loop issue in the e1000 NIC emulator</issue>
  <issue tracker="bnc" id="1172384">VUL-1: CVE-2020-13361: kvm,qemu: es1370: OOB access due to incorrect frame count leads to DoS</issue>
  <issue tracker="bnc" id="1176682">VUL-0: CVE-2020-25624: kvm,qemu: usb: hcd-ohci: out-of-bound access issue while processing transfer descriptors</issue>
  <issue tracker="bnc" id="1181933">VUL-0: CVE-2021-20221: kvm,xen,qemu: out-of-bound heap buffer access via an interrupt ID field</issue>
  <issue tracker="bnc" id="1181639">VUL-1: CVE-2021-20203: kvm,xen,qemu: qemu: Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c</issue>
  <issue tracker="bnc" id="1179468">VUL-1: CVE-2020-28916: qemu,kvm: e1000e: infinite loop scenario in case of null packet descriptor</issue>
  <issue tracker="bnc" id="1182968">VUL-0: CVE-2021-3419: qemu,kvm: rtl8139: stack overflow induced by infinite recursion issue</issue>
  <issue tracker="bnc" id="1180523">VUL-0: CVE-2020-11947: qemu,kvm: iscsi_aio_ioctl_cb in block/iscsi.c has a heap-based buffer over-read</issue>
  <issue tracker="bnc" id="1154790">3 KVM  guests crashed on live migration "error while loading state section id 3(ram)"</issue>
  <issue tracker="bnc" id="1178934">VUL-1: CVE-2020-25723: kvm,qemu: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c</issue>
  <issue tracker="bnc" id="1179466">VUL-1: CVE-2020-29129: kvm,qemu,slirp4netns: out-of-bounds access while processing NCSI packets</issue>
  <issue tracker="bnc" id="1179467">VUL-0: CVE-2020-29130: kvm,qemu,slirp4netns: out-of-bounds access while processing ARP packets</issue>
  <issue tracker="bnc" id="1172383">VUL-1: CVE-2020-13362: kvm,qemu: megasas: OOB read access due to invalid index leads to DoS</issue>
  <issue tracker="bnc" id="1172385">VUL-0: CVE-2020-12829: qemu: OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c</issue>
  <issue tracker="bnc" id="1175441">VUL-0: CVE-2020-14364: qemu,kvm: usb: out-of-bounds r/w access issue while processing usb packets</issue>
  <issue tracker="bnc" id="1129962">Since upgrade to SLE12SP4, HVM domU using keymap='pt-br' types  (capital) "K" instead of "&amp;"</issue>
  <issue tracker="bnc" id="1178565">zypper tries to restart invalid system service when updating qemu-guest-agent</issue>
  <issue tracker="bnc" id="1173612">VUL-0: CVE-2020-15469: kvm,qemu: QEMU: MMIO ops null pointer dereference may lead to DoS</issue>
  <issue tracker="bnc" id="1172478">VUL-0: CVE-2020-13765: kvm,qemu: OOB access while loading registered ROM may lead to code execution</issue>
  <issue tracker="bnc" id="1174641">VUL-1: CVE-2020-16092: kvm,qemu: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c</issue>
  <packager>bfrogers</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
- Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
- Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
- Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386
- Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
- Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386)
- Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641)
- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
- Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962)
- Fix migration failure with error message: "error while loading state section id 3(ram) (bsc#1154790)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)
- Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)
- Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel
- Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga@.service" error while updating the qemu-guest-agent. (bsc#1178565)
- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places