Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1240.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1240-1)
Summary:The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1240-1 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1240-1 advisory.

Vulnerability Insight:
This update for qemu fixes the following issues:

Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)

Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation
(CVE-2020-13362 bsc#1172383)

Fix use-after-free in usb xhci packet handling (CVE-2020-25723,
bsc#1178934)

Fix use-after-free in usb ehci packet handling (CVE-2020-25084,
bsc#1176673)

Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)

Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625,
bsc#1176684)

Fix guest triggerable assert in shared network handling code
(CVE-2020-27617, bsc#1178174)

Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916,
bsc#1179468)

Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)

Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)

Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257,
bsc#1182577)

Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416,
bsc#1182968)

Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)

Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130,
bsc#1179467)

Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2
emulation (CVE-2020-13659 bsc#1172386

Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)

Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)

Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386)

Fix DoS in packet processing of various emulated NICs (CVE-2020-16092
bsc#1174641)

Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)

Fix package scripts to not use hard coded paths for temporary working
directories and log files (bsc#1182425)

Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)

Fix OOB access possibility in ES1370 audio device emulation
(CVE-2020-13361 bsc#1172384)

Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)

Affected Software/OS:
'qemu' package(s) on HPE Helion Openstack 8, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3416
https://bugzilla.redhat.com/show_bug.cgi?id=1932827
https://www.openwall.com/lists/oss-security/2021/02/26/1
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.