Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1244.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1244-1)
Summary:The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1244-1 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1244-1 advisory.

Vulnerability Insight:
This update for qemu fixes the following issues:

Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)

Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation
(CVE-2020-13362 bsc#1172383)

Fix use-after-free in usb xhci packet handling (CVE-2020-25723,
bsc#1178934)

Fix use-after-free in usb ehci packet handling (CVE-2020-25084,
bsc#1176673)

Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)

Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625,
bsc#1176684)

Fix guest triggerable assert in shared network handling code
(CVE-2020-27617, bsc#1178174)

Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916,
bsc#1179468)

Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)

Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)

Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257,
bsc#1182577)

Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416,
bsc#1182968)

Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)

Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129,
bsc#1179466, CVE-2020-29130, bsc#1179467)

Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2
emulation (CVE-2020-13659 bsc#1172386

Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)

Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)

Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386)

Fix DoS in packet processing of various emulated NICs (CVE-2020-16092
bsc#1174641)

Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)

Fix package scripts to not use hard coded paths for temporary working
directories and log files (bsc#1182425)

Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)

Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file
(bsc#1129962)

Fix migration failure with error message: 'error while loading state
section id 3(ram) (bsc#1154790)

Fix OOB access possibility in ES1370 audio device emulation
(CVE-2020-13361 bsc#1172384)

Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)

Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)

Tweaks to spec file for better formatting, and remove not needed
BuildRequires for e2fsprogs-devel and libpcap-devel

Use '%service_del_postun_without_restart' instead of
'%service_del_postun' to avoid 'Failed to try-restart qemu-ga@.service'
error while updating the qemu-guest-agent. (bsc#1178565)

Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)

Affected Software/OS:
'qemu' package(s) on SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server for SAP 15.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3416
https://bugzilla.redhat.com/show_bug.cgi?id=1932827
https://www.openwall.com/lists/oss-security/2021/02/26/1
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.