File _patchinfo of Package patchinfo.9090

<patchinfo incident="9090">
  <issue id="1094725" tracker="bnc">`virsh blockresize` does not work with Xen qdisks</issue>
  <issue tracker="bnc" id="1098735">VUL-0: CVE-2018-12617: kvm,qemu:   qemu-guest-agent: Integer overflow causes segmentation fault in qmp_guest_file_read() with g_malloc()</issue>
  <issue tracker="bnc" id="1096223">VUL-0: CVE-2018-11806: kvm,qemu: slirp: heap buffer overflow while reassembling fragmented datagrams</issue>
  <issue tracker="bnc" id="1092885">VUL-0: CVE-2018-3639:  qemu,kvm,libvirt: V4 &#8211; Speculative Store Bypass aka "Memory Disambiguation"</issue>
  <issue tracker="cve" id="2018-11806"/>
  <issue tracker="cve" id="2018-3639"/>
  <issue tracker="cve" id="2018-12617"/>
  <issue tracker="fate" id="325467"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>bfrogers</packager>
  <description>This update for qemu fixes the following issues:

These security issues were fixed:

- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have
  been exploited by sending a crafted QMP command (including guest-file-read with
  a large count value) to the agent via the listening socket causing DoS
  (bsc#1098735).
- CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented
  datagrams (bsc#1096223).

With this release the mitigations for Spectre v4 are moved the the patches from
upstream (CVE-2018-3639, bsc#1092885).

This feature was added:

- Add support for block resize support for disks through the monitor (bsc#1094725).

This update was imported from the SUSE:SLE-12-SP3:Update update project.</description>
  <summary>Security update for qemu</summary>
</patchinfo>