File _patchinfo of Package patchinfo.15022

<patchinfo incident="15022">
  <issue tracker="cve" id="2020-1711"/>
  <issue tracker="cve" id="2019-6778"/>
  <issue tracker="cve" id="2019-20382"/>
  <issue tracker="cve" id="2020-1983"/>
  <issue tracker="cve" id="2020-8608"/>
  <issue tracker="cve" id="2020-7039"/>
  <issue tracker="bnc" id="1163018">VUL-0: CVE-2020-8608: kvm,qemu: potential OOB access due to unsafe snprintf() usages</issue>
  <issue tracker="bnc" id="1161066">VUL-0: CVE-2020-7039: kvm,qemu: OOB buffer access while emulating TCP protocols in tcp_emu()</issue>
  <issue tracker="bnc" id="1123156">VUL-0: CVE-2019-6778: kvm,qemu:  A heap buffer overflow in tcp_emu() found in slirp</issue>
  <issue tracker="bnc" id="1165776">VUL-0: CVE-2019-20382: qemu: memory leak upon VNC disconnect if ZRLE or Tight encoding is enabled</issue>
  <issue tracker="bnc" id="1170940">VUL-0: CVE-2020-1983: slirp4netns,libslirp,kvm,qemu: use-after-free in ip_reass function in ip_input.c</issue>
  <issue tracker="bnc" id="1166240">VUL-0: CVE-2020-1711: kvm,qemu: block: iscsi: OOB heap access via an unexpected response of iSCSI Server</issue>
  <packager>bfrogers</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect (bsc#1165776).
- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).

Non-security issue fixed:

- Miscellaneous fixes to the in-package support documentation.
</description>
</patchinfo>