File _patchinfo of Package patchinfo.10041

<patchinfo incident="10041">
  <issue tracker="cve" id="2019-9824"/>
  <issue tracker="cve" id="2018-20815"/>
  <issue tracker="cve" id="2019-3812"/>
  <issue tracker="cve" id="2019-8934"/>
  <issue tracker="bnc" id="1129622">VUL-1: CVE-2019-9824: kvm,qemu: information leakage in tcp_emu() due to uninitialized stack variables</issue>
  <issue tracker="bnc" id="1125721">VUL-0: CVE-2019-3812: qemu: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure</issue>
  <issue tracker="bnc" id="1130675">VUL-0: CVE-2018-20815: qemu: device_tree: heap buffer overflow while loading device tree blob</issue>
  <issue tracker="bnc" id="1126455">VUL-0: CVE-2019-8934: kvm,qemu: ppc64: sPAPR emulator leaks the host hardware identity</issue>
  <issue tracker="bnc" id="1131955">[TRACKERBUG] FATE#327261: [ECO] Support skylake-server architecture with qemu</issue>
  <issue tracker="bnc" id="1118900">L3: PTF request for " openstack server add volume fails over 26vols "</issue>
  <issue tracker="fate" id="327261"/>
  <issue tracker="fate" id="327255"/>
  <packager>bfrogers</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2019-9824: Fixed information leak in slirp (bsc#1129622).
- CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 hostinformation (bsc#1126455).
- CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in virtual monitor interface (bsc#1125721).
- CVE-2018-20815: Fixed a denial of service possibility in device tree processing (bsc#1130675).

Non-security issue fixed:

- Backported Skylake-Server vcpu model support from qemu v2.11 (FATE#327261 bsc#1131955).
- Added ability to set virtqueue size using virtqueue_size parameter (FATE#327255 bsc#1118900).

This update was imported from the SUSE:SLE-12-SP3:Update update project.</description>
</patchinfo>