Security update for qemu SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2955-1 Final 1 1 2019-11-12T18:14:55Z current 2019-11-12T18:14:55Z 2019-11-12T18:14:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively) Security issues fixed: - CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873) - CVE-2019-11135: Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506) - CVE-2018-12207: Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (bsc#1117665) Other issues fixed: - Change how this bug gets fixed (bsc#1144087) - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0. (bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774) - Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132) - Additional hardware instruction support for s390, also update qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-2955,SUSE-SLE-Module-Basesystem-15-SP1-2019-2955,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2955,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2955 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/ Link for SUSE-SU-2019:2955-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1.html E-Mail link for SUSE-SU-2019:2955-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1079730 SUSE Bug 1079730 https://bugzilla.suse.com/1098403 SUSE Bug 1098403 https://bugzilla.suse.com/1111025 SUSE Bug 1111025 https://bugzilla.suse.com/1117665 SUSE Bug 1117665 https://bugzilla.suse.com/1119991 SUSE Bug 1119991 https://bugzilla.suse.com/1143794 SUSE Bug 1143794 https://bugzilla.suse.com/1144087 SUSE Bug 1144087 https://bugzilla.suse.com/1145379 SUSE Bug 1145379 https://bugzilla.suse.com/1145427 SUSE Bug 1145427 https://bugzilla.suse.com/1145436 SUSE Bug 1145436 https://bugzilla.suse.com/1145774 SUSE Bug 1145774 https://bugzilla.suse.com/1146873 SUSE Bug 1146873 https://bugzilla.suse.com/1149811 SUSE Bug 1149811 https://bugzilla.suse.com/1152506 SUSE Bug 1152506 https://www.suse.com/security/cve/CVE-2018-12207/ SUSE CVE CVE-2018-12207 page https://www.suse.com/security/cve/CVE-2018-20126/ SUSE CVE CVE-2018-20126 page https://www.suse.com/security/cve/CVE-2019-11135/ SUSE CVE CVE-2019-11135 page https://www.suse.com/security/cve/CVE-2019-12068/ SUSE CVE CVE-2019-12068 page https://www.suse.com/security/cve/CVE-2019-14378/ SUSE CVE CVE-2019-14378 page https://www.suse.com/security/cve/CVE-2019-15890/ SUSE CVE CVE-2019-15890 page https://bugzilla.suse.com/SLE-6132 SUSE Bug SLE-6132 https://bugzilla.suse.com/SLE-6237 SUSE Bug SLE-6237 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-3.1.1.1-9.6.2 qemu-arm-3.1.1.1-9.6.2 qemu-audio-alsa-3.1.1.1-9.6.2 qemu-audio-oss-3.1.1.1-9.6.2 qemu-audio-pa-3.1.1.1-9.6.2 qemu-block-curl-3.1.1.1-9.6.2 qemu-block-dmg-3.1.1.1-9.6.2 qemu-block-iscsi-3.1.1.1-9.6.2 qemu-block-rbd-3.1.1.1-9.6.2 qemu-block-ssh-3.1.1.1-9.6.2 qemu-extra-3.1.1.1-9.6.2 qemu-guest-agent-3.1.1.1-9.6.2 qemu-ipxe-1.0.0+-9.6.2 qemu-kvm-3.1.1.1-9.6.2 qemu-lang-3.1.1.1-9.6.2 qemu-linux-user-3.1.1.1-9.6.2 qemu-ppc-3.1.1.1-9.6.2 qemu-s390-3.1.1.1-9.6.2 qemu-seabios-1.12.0-9.6.2 qemu-sgabios-8-9.6.2 qemu-tools-3.1.1.1-9.6.2 qemu-ui-curses-3.1.1.1-9.6.2 qemu-ui-gtk-3.1.1.1-9.6.2 qemu-vgabios-1.12.0-9.6.2 qemu-x86-3.1.1.1-9.6.2 qemu-tools-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 qemu-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-arm-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-audio-alsa-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-audio-oss-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-audio-pa-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-block-curl-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-block-iscsi-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-block-rbd-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-block-ssh-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-guest-agent-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-ipxe-1.0.0+-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-kvm-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-lang-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-ppc-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-s390-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-seabios-1.12.0-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-sgabios-8-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-ui-curses-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-ui-gtk-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-vgabios-1.12.0-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 qemu-x86-3.1.1.1-9.6.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVE-2018-12207 SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/ https://www.suse.com/security/cve/CVE-2018-12207.html CVE-2018-12207 https://bugzilla.suse.com/1117665 SUSE Bug 1117665 https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1152505 SUSE Bug 1152505 https://bugzilla.suse.com/1155812 SUSE Bug 1155812 https://bugzilla.suse.com/1155817 SUSE Bug 1155817 https://bugzilla.suse.com/1155945 SUSE Bug 1155945 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. CVE-2018-20126 SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/ https://www.suse.com/security/cve/CVE-2018-20126.html CVE-2018-20126 https://bugzilla.suse.com/1119991 SUSE Bug 1119991 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/ https://www.suse.com/security/cve/CVE-2019-11135.html CVE-2019-11135 https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1152497 SUSE Bug 1152497 https://bugzilla.suse.com/1152505 SUSE Bug 1152505 https://bugzilla.suse.com/1152506 SUSE Bug 1152506 https://bugzilla.suse.com/1160120 SUSE Bug 1160120 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. CVE-2019-12068 SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/ https://www.suse.com/security/cve/CVE-2019-12068.html CVE-2019-12068 https://bugzilla.suse.com/1146873 SUSE Bug 1146873 https://bugzilla.suse.com/1146874 SUSE Bug 1146874 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-14378 SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/ https://www.suse.com/security/cve/CVE-2019-14378.html CVE-2019-14378 https://bugzilla.suse.com/1143794 SUSE Bug 1143794 https://bugzilla.suse.com/1143797 SUSE Bug 1143797 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. CVE-2019-15890 SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2 SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/ https://www.suse.com/security/cve/CVE-2019-15890.html CVE-2019-15890 https://bugzilla.suse.com/1149811 SUSE Bug 1149811 https://bugzilla.suse.com/1149813 SUSE Bug 1149813 https://bugzilla.suse.com/1178658 SUSE Bug 1178658