File _patchinfo of Package patchinfo.8413

<patchinfo incident="8413">
  <issue tracker="bnc" id="1103628">KVM SEV support conflicts with upstream implementation wrt reduced_phys_bits value</issue>
  <issue tracker="bnc" id="1098735">VUL-0: CVE-2018-12617: kvm,qemu:   qemu-guest-agent: Integer overflow causes segmentation fault in qmp_guest_file_read() with g_malloc()</issue>
  <issue tracker="bnc" id="1102604">root only permissions on sev device</issue>
  <issue tracker="bnc" id="1094898">qemu-guest-agent service doesn't work in version Leap 15.0</issue>
  <issue tracker="bnc" id="1105279">qemu-guest-agent doesn't start on Leap 15.0 guests</issue>
  <issue tracker="cve" id="2018-12617"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>bfrogers</packager>
  <description>This update for qemu fixes the following issues:

This security issue was fixed:

- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have
  been exploited by sending a crafted QMP command (including guest-file-read with
  a large count value) to the agent via the listening socket causing DoS
  (bsc#1098735)

These non-security issues were fixed:

- Allow kvm group access to /dev/sev (bsc#1102604).
- Fix for the value used for reduced_phys_bits.  Please update the
  reduced_phys_bits value used on the commandline or in libvirt XML to the value
  1 (explicitly set now in QEMU code). (bsc#1103628)
- Fix (again) the qemu guest agent udev rule file, which got unfixed in a
  series of unfortunate events (bsc#1094898 and now bsc#1105279)
</description>
  <summary>Security update for qemu</summary>
</patchinfo>
openSUSE Build Service is sponsored by