Overview

File _patchinfo of Package patchinfo.30984

<patchinfo incident="30984">
  <issue tracker="bnc" id="1207205">VUL-0: CVE-2023-0330: kvm,qemu: lsi53c895a: DMA reentrancy issue leads to stack overflow</issue>
  <issue tracker="bnc" id="1212850">VUL-0: CVE-2023-3354: qemu,kvm: improper I/O watch removal in VNC TLS handshake can lead to remote unauthenticated denial of service</issue>
  <issue tracker="bnc" id="1213925">VUL-0: CVE-2023-3180: qemu,kvm: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper()</issue>
  <issue tracker="bnc" id="1190011">VUL-0: CVE-2021-3750: kvm,qemu: hcd-ehci: DMA reentrancy issue leads to use-after-free</issue>
  <issue tracker="bnc" id="1181740">SLES11SP4 Guest don&#180;t run on XEN SLES15SP2 [ ref:_00D1igLOd._5001iXgV9M:ref ]</issue>
  <issue tracker="bnc" id="1188609">VUL-1: CVE-2021-3638: qemu: ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write</issue>
  <issue tracker="bnc" id="1215311">qemu will stop compiling when binutils update is released (toolchain update 2023)</issue>
  <issue tracker="bnc" id="1213663">KVM crashes during migration with --copy-storage-all</issue>
  <issue tracker="bnc" id="1179993">[XEN][hvm]HDIO_GET_IDENTITY failed when install an SLE11SP4 hvm domU</issue>
  <issue tracker="cve" id="2023-3354"/>
  <issue tracker="cve" id="2021-3638"/>
  <issue tracker="cve" id="2021-3750"/>
  <issue tracker="cve" id="2023-0330"/>
  <issue tracker="cve" id="2023-3180"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device
  (bsc#1213925).
- CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that
  could lead to use-after-free (bsc#1190011).
- CVE-2021-3638: Fixed a buffer overflow in the ati-vga device
  (bsc#1188609).
- CVE-2023-3354: Fixed an issue when performing a TLS handshake that
  could lead to remote denial of service via VNC connection
  (bsc#1212850).
- CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device
  that could lead to a stack overflow (bsc#1207205).

Non-security fixes:

- Fixed a potential build issue in the librm subcomponent
  (bsc#1215311).
- Fixed a potential crash during VM migration (bsc#1213663).
- Fixed potential issues during installation on a Xen host
  (bsc#1179993, bsc#1181740).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places