Overview

File _patchinfo of Package patchinfo.12242

<patchinfo incident="12242">
  <issue tracker="bnc" id="1161066">VUL-0: CVE-2020-7039: kvm,qemu: OOB buffer access while emulating TCP protocols in tcp_emu()</issue>
  <issue tracker="bnc" id="1166379">VUL-0: CVE-2019-15034: kvm,qemu: hw/display/bochs-display.c does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space</issue>
  <issue tracker="bnc" id="1166240">VUL-0: CVE-2020-1711: kvm,qemu: block: iscsi: OOB heap access via an unexpected response of iSCSI Server</issue>
  <issue tracker="bnc" id="1123156">VUL-0: CVE-2019-6778: kvm,qemu:  A heap buffer overflow in tcp_emu() found in slirp</issue>
  <issue tracker="bnc" id="1154790">3 KVM  guests crashed on live migration "error while loading state section id 3(ram)"</issue>
  <issue tracker="bnc" id="1163018">VUL-0: CVE-2020-8608: kvm,qemu: potential OOB access due to unsafe snprintf() usages</issue>
  <issue tracker="bnc" id="1165776">VUL-0: CVE-2019-20382: qemu: memory leak upon VNC disconnect if ZRLE or Tight encoding is enabled</issue>
  <issue tracker="bnc" id="1162729">L3: Migrating VMs on KVM gets: error: operation failed: guest CPU doesn't match specification: missing features: ospke</issue>
  <issue tracker="cve" id="2019-6778"/>
  <issue tracker="cve" id="2020-8608"/>
  <issue tracker="cve" id="2019-20382"/>
  <issue tracker="cve" id="2019-15034"/>
  <issue tracker="cve" id="2020-7039"/>
  <issue tracker="cve" id="2020-1711"/>
  <packager>bfrogers</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and
  other protocols (bsc#1161066).
- CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI 
  config space allocation (bsc#1166379).
- CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine
  which could have allowed a remote denial of service or arbitrary code with privileges 
  of the QEMU process on the host (bsc#1166240).
- CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating 
  the identification protocol and copying message data to a socket buffer (bsc#1123156).
- CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and
  other protocols (bsc#1163018).
- CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to 
  exhaustion of the host memory leading to a potential Denial of service (bsc#1165776).
- Fixed a live migration error (bsc#1154790).
- Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729).

This update was imported from the SUSE:SLE-15-SP1:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places