Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.4.2021.1242.1 |
Category: | SuSE Local Security Checks |
Title: | SUSE: Security Advisory (SUSE-SU-2021:1242-1) |
Summary: | The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1242-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1242-1 advisory. Vulnerability Insight: This update for qemu fixes the following issues: Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) Fix use-after-free in usb iehci packet handling (CVE-2020-25084, bsc#1176673) Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. (bsc#1178049) Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) Make note that this patch previously included addresses (CVE-2020-13765 bsc#1172478) Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel Fix vfio-pci device on s390 enters error state (bsc#1179725) Fix PCI devices are unavailable after a subsystem reset. (bsc#1179726) Affected Software/OS: 'qemu' package(s) on SUSE Linux Enterprise Server 12-SP5. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-3416 https://bugzilla.redhat.com/show_bug.cgi?id=1932827 https://www.openwall.com/lists/oss-security/2021/02/26/1 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |