Overview

File _patchinfo of Package patchinfo.21548

<patchinfo incident="21548">
  <issue tracker="bnc" id="1190425">The max_sectors_kb is incorrect in kvm guest os while using scsi passthrough on certain hardware</issue>
  <issue tracker="bnc" id="1189234">SLES15 SP2:  virt-install triggers coredump from qemu-system</issue>
  <issue tracker="bnc" id="1189702">VUL-0: CVE-2021-3713: kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation</issue>
  <issue tracker="bnc" id="1189938">VUL-0: CVE-2021-3748: qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu</issue>
  <issue tracker="cve" id="2021-3748"/>
  <issue tracker="cve" id="2021-3713"/>
  <packager>jziviani</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)

Non-security issues fixed:

- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places