Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1245.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1245-1)
Summary:The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1245-1 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1245-1 advisory.

Vulnerability Insight:
This update for qemu fixes the following issues:


Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)

Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation
(CVE-2020-13362 bsc#1172383)

Fix use-after-free in usb xhci packet handling (CVE-2020-25723,
bsc#1178934)

Fix use-after-free in usb ehci packet handling (CVE-2020-25084,
bsc#1176673)

Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)

Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625,
bsc#1176684)

Fix guest triggerable assert in shared network handling code
(CVE-2020-27617, bsc#1178174)

Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916,
bsc#1179468)

Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)

Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)

Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)

Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257,
bsc#1182577)

Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416,
bsc#1182968)

Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)

Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129,
bsc#1179466, CVE-2020-29130, bsc#1179467)

Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2
emulation (CVE-2020-13659 bsc#1172386)

Fix issue where s390 guest fails to find zipl boot menu index
(bsc#1183979)

Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)

Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)

Fix package scripts to not use hard coded paths for temporary working
directories and log files (bsc#1182425)

Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)

Apply fixes to qemu scsi passthrough with respect to timeout and error
conditions, including using more correct status codes. (bsc#1178049)

Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)

Tweaks to spec file for better formatting, and remove not needed
BuildRequires for e2fsprogs-devel and libpcap-devel

Fix OOB access possibility in ES1370 audio device emulation
(CVE-2020-13361 bsc#1172384)

Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)

Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)

Fix DoS in packet processing of various emulated NICs (CVE-2020-16092
bsc#1174641)

Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386)

Use '%service_del_postun_without_restart' instead of
'%service_del_postun' to avoid 'Failed to try-restart qemu-ga@.service'
error while updating the qemu-guest-agent. (bsc#1178565)

Affected Software/OS:
'qemu' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 4.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3416
https://bugzilla.redhat.com/show_bug.cgi?id=1932827
https://www.openwall.com/lists/oss-security/2021/02/26/1
https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.