Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1074-1 Final 1 1 2019-03-28T16:31:53Z current 2019-03-28T16:31:53Z 2019-03-28T16:31:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156) - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493) - CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275) - CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs interface is deliberately abused (bsc#1116717) - CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory operations (bsc#1114957) - CVE-2017-13673: Fixed a reachable assert failure during during display update (bsc#1056386) - CVE-2017-13672: Fixed an out-of-bounds read access during display update (bsc#1056334) - CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga display allowing for Denial-of-Service (bsc#1084604) Other bug fixes and changes: - Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) - Fix bad guest time after migration (bsc#1113231) This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html E-Mail link for openSUSE-SU-2019:1074-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 qemu-2.9.1-56.1 qemu-arm-2.9.1-56.1 qemu-block-curl-2.9.1-56.1 qemu-block-dmg-2.9.1-56.1 qemu-block-iscsi-2.9.1-56.1 qemu-block-rbd-2.9.1-56.1 qemu-block-ssh-2.9.1-56.1 qemu-extra-2.9.1-56.1 qemu-guest-agent-2.9.1-56.1 qemu-ipxe-1.0.0+-56.1 qemu-ksm-2.9.1-56.1 qemu-kvm-2.9.1-56.1 qemu-lang-2.9.1-56.1 qemu-linux-user-2.9.1-56.1 qemu-ppc-2.9.1-56.1 qemu-s390-2.9.1-56.1 qemu-seabios-1.10.2-56.1 qemu-sgabios-8-56.1 qemu-testsuite-2.9.1-56.2 qemu-tools-2.9.1-56.1 qemu-vgabios-1.10.2-56.1 qemu-x86-2.9.1-56.1 qemu-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-arm-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-block-curl-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-block-dmg-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-block-iscsi-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-block-rbd-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-block-ssh-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-extra-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-guest-agent-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-ipxe-1.0.0+-56.1 as a component of openSUSE Leap 42.3 qemu-ksm-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-kvm-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-lang-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-linux-user-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-ppc-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-s390-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-seabios-1.10.2-56.1 as a component of openSUSE Leap 42.3 qemu-sgabios-8-56.1 as a component of openSUSE Leap 42.3 qemu-testsuite-2.9.1-56.2 as a component of openSUSE Leap 42.3 qemu-tools-2.9.1-56.1 as a component of openSUSE Leap 42.3 qemu-vgabios-1.10.2-56.1 as a component of openSUSE Leap 42.3 qemu-x86-2.9.1-56.1 as a component of openSUSE Leap 42.3 QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. CVE-2017-13672 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2017-13672.html CVE-2017-13672 https://bugzilla.suse.com/1056334 SUSE Bug 1056334 https://bugzilla.suse.com/1056336 SUSE Bug 1056336 https://bugzilla.suse.com/1084604 SUSE Bug 1084604 The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. CVE-2017-13673 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2017-13673.html CVE-2017-13673 https://bugzilla.suse.com/1056386 SUSE Bug 1056386 https://bugzilla.suse.com/1056387 SUSE Bug 1056387 https://bugzilla.suse.com/1084604 SUSE Bug 1084604 A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. CVE-2018-16872 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-16872.html CVE-2018-16872 https://bugzilla.suse.com/1119493 SUSE Bug 1119493 https://bugzilla.suse.com/1119494 SUSE Bug 1119494 The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. CVE-2018-18954 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-18954.html CVE-2018-18954 https://bugzilla.suse.com/1114957 SUSE Bug 1114957 hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. CVE-2018-19364 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-19364.html CVE-2018-19364 https://bugzilla.suse.com/1116717 SUSE Bug 1116717 https://bugzilla.suse.com/1116726 SUSE Bug 1116726 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. CVE-2018-19489 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-19489.html CVE-2018-19489 https://bugzilla.suse.com/1117275 SUSE Bug 1117275 https://bugzilla.suse.com/1117279 SUSE Bug 1117279 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. CVE-2018-7858 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-7858.html CVE-2018-7858 https://bugzilla.suse.com/1084604 SUSE Bug 1084604 In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. CVE-2019-6778 openSUSE Leap 42.3:qemu-2.9.1-56.1 openSUSE Leap 42.3:qemu-arm-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-curl-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-dmg-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-iscsi-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-rbd-2.9.1-56.1 openSUSE Leap 42.3:qemu-block-ssh-2.9.1-56.1 openSUSE Leap 42.3:qemu-extra-2.9.1-56.1 openSUSE Leap 42.3:qemu-guest-agent-2.9.1-56.1 openSUSE Leap 42.3:qemu-ipxe-1.0.0+-56.1 openSUSE Leap 42.3:qemu-ksm-2.9.1-56.1 openSUSE Leap 42.3:qemu-kvm-2.9.1-56.1 openSUSE Leap 42.3:qemu-lang-2.9.1-56.1 openSUSE Leap 42.3:qemu-linux-user-2.9.1-56.1 openSUSE Leap 42.3:qemu-ppc-2.9.1-56.1 openSUSE Leap 42.3:qemu-s390-2.9.1-56.1 openSUSE Leap 42.3:qemu-seabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-sgabios-8-56.1 openSUSE Leap 42.3:qemu-testsuite-2.9.1-56.2 openSUSE Leap 42.3:qemu-tools-2.9.1-56.1 openSUSE Leap 42.3:qemu-vgabios-1.10.2-56.1 openSUSE Leap 42.3:qemu-x86-2.9.1-56.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html https://www.suse.com/security/cve/CVE-2019-6778.html CVE-2019-6778 https://bugzilla.suse.com/1123156 SUSE Bug 1123156 https://bugzilla.suse.com/1123157 SUSE Bug 1123157 https://bugzilla.suse.com/1178658 SUSE Bug 1178658