Overview

File _patchinfo of Package patchinfo.20153

<patchinfo incident="20153">
  <issue tracker="bnc" id="1185981">VUL-0: CVE-2021-3546: qemu,kvm: QEMU: vhost-user-gpu: out-of-bounds write in virgl_cmd_get_capset()</issue>
  <issue tracker="bnc" id="1184574">KVM guest crashed during virtual disk removal</issue>
  <issue tracker="bnc" id="1185990">VUL-0: CVE-2021-3545: qemu,kvm: QEMU: vhost-user-gpu: information disclosure due to uninitialized memory read</issue>
  <issue tracker="bnc" id="1187013">L3: KVM guest crashed during virsh blockcopy</issue>
  <issue tracker="bnc" id="1186010">VUL-0: CVE-2021-3544: qemu,kvm: QEMU: vhost-user-gpu: multiple memory leaks</issue>
  <issue tracker="bnc" id="1185591">L3: Unable to execute QEMU command 'migrate': There's a migration process in progress</issue>
  <issue tracker="cve" id="2021-3544"/>
  <issue tracker="cve" id="2021-3546"/>
  <issue tracker="cve" id="2021-3545"/>
  <packager>jziviani</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981)
- CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010)
- CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990)

Non-security issues fixed:

- Fix testsuite error (bsc#1184574)
- Fix qemu crash with iothread when block commit after snapshot (bsc#1187013)
- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)
- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places