Overview

File _patchinfo of Package patchinfo.19464

<patchinfo incident="19464">
  <issue tracker="bnc" id="1178935">VUL-1: CVE-2020-25723: xen: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c</issue>
  <issue tracker="bnc" id="1176681">VUL-0: CVE-2020-25085: kvm,qemu: sdhci: out-of-bounds access issue while doing multi block SDMA</issue>
  <issue tracker="bnc" id="1178683">VUL-0: CVE-2020-25707: kvm,qemu: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c</issue>
  <issue tracker="bnc" id="1149813">VUL-0: CVE-2019-15890: xen: use-after-free during packet reassembly</issue>
  <issue tracker="bnc" id="1175534">VUL-0: CVE-2020-14364: xen: usb: out-of-bounds r/w access issue while processing usb packets (XSA 335)</issue>
  <issue tracker="bnc" id="1163019">VUL-0: CVE-2020-8608: xen: potential OOB access due to unsafe snprintf() usages</issue>
  <issue tracker="bnc" id="1175144">VUL-0: CVE-2020-17380: kvm,qemu: heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c</issue>
  <issue tracker="bnc" id="1182282">VUL-0: CVE-2021-3409: qemu: incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller</issue>
  <issue tracker="bnc" id="1182968">VUL-0: CVE-2021-3416: qemu,kvm: rtl8139: stack overflow induced by infinite recursion issue</issue>
  <issue tracker="bnc" id="1179686">VUL-0: CVE-2020-27821: kvm,qemu: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c</issue>
  <issue tracker="bnc" id="1186290">SLES 15 SP3 GMC - QEMU BIOS fails to read stage2 loader (on s390x)</issue>
  <issue tracker="bnc" id="1182425">VUL-0: qemu, kvm: packaging workflow implemented in config.sh and update_git.sh uses fixed temporary files and directories</issue>
  <issue tracker="bnc" id="1182975">VUL-0: CVE-2021-3419: xen: rtl8139: stack overflow induced by infinite recursion issue</issue>
  <issue tracker="bnc" id="1179477">VUL-0: CVE-2020-29130: xen: out-of-bounds access while processing ARP packets</issue>
  <issue tracker="bnc" id="1181103">SLES 15 SP3 Snapshot6 - Qemu can not be used with libvirt, because qemu crashes during probing (s390x/kvm)</issue>
  <issue tracker="bnc" id="1183373">VUL-1: CVE-2021-20263: kvm,qemu: virtiofsd: 'security.capabilities' is not dropped with xattrmap option</issue>
  <issue tracker="bnc" id="1179484">VUL-1: CVE-2020-29129: xen: out-of-bounds access while processing NCSI packets</issue>
  <issue tracker="cve" id="2020-25707"/>
  <issue tracker="cve" id="2021-3416"/>
  <issue tracker="cve" id="2020-17380"/>
  <issue tracker="cve" id="2020-25723"/>
  <issue tracker="cve" id="2021-3419"/>
  <issue tracker="cve" id="2020-29129"/>
  <issue tracker="cve" id="2020-29130"/>
  <issue tracker="cve" id="2021-3409"/>
  <issue tracker="cve" id="2020-8608"/>
  <issue tracker="cve" id="2020-27821"/>
  <issue tracker="cve" id="2019-15890"/>
  <issue tracker="cve" id="2020-14364"/>
  <issue tracker="cve" id="2020-25085"/>
  <issue tracker="cve" id="2021-20263"/>
  <packager>jziviani</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103)
- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282)
- Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373)
- Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
- Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)
- For the record, these issues are fixed in this package already.
  Most are alternate references to previously mentioned issues:
  (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
  CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
  CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
  CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places