File _patchinfo of Package patchinfo.8413
<patchinfo incident="8413">
<issue tracker="bnc" id="1103628">KVM SEV support conflicts with upstream implementation wrt reduced_phys_bits value</issue>
<issue tracker="bnc" id="1098735">VUL-0: CVE-2018-12617: kvm,qemu: qemu-guest-agent: Integer overflow causes segmentation fault in qmp_guest_file_read() with g_malloc()</issue>
<issue tracker="bnc" id="1102604">root only permissions on sev device</issue>
<issue tracker="bnc" id="1094898">qemu-guest-agent service doesn't work in version Leap 15.0</issue>
<issue tracker="bnc" id="1105279">qemu-guest-agent doesn't start on Leap 15.0 guests</issue>
<issue tracker="cve" id="2018-12617"/>
<category>security</category>
<rating>moderate</rating>
<packager>bfrogers</packager>
<description>This update for qemu fixes the following issues:
This security issue was fixed:
- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have
been exploited by sending a crafted QMP command (including guest-file-read with
a large count value) to the agent via the listening socket causing DoS
(bsc#1098735)
These non-security issues were fixed:
- Allow kvm group access to /dev/sev (bsc#1102604).
- Fix for the value used for reduced_phys_bits. Please update the
reduced_phys_bits value used on the commandline or in libvirt XML to the value
1 (explicitly set now in QEMU code). (bsc#1103628)
- Fix (again) the qemu guest agent udev rule file, which got unfixed in a
series of unfortunate events (bsc#1094898 and now bsc#1105279)
</description>
<summary>Security update for qemu</summary>
</patchinfo>