Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2505-1 Final 1 1 2019-11-14T05:54:23Z current 2019-11-14T05:54:23Z 2019-11-14T05:54:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 - Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) - Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2505 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB E-Mail link for openSUSE-SU-2019:2505-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1119991 SUSE Bug 1119991 https://bugzilla.suse.com/1146873 SUSE Bug 1146873 https://bugzilla.suse.com/1152506 SUSE Bug 1152506 https://bugzilla.suse.com/1155812 SUSE Bug 1155812 https://www.suse.com/security/cve/CVE-2018-12207/ SUSE CVE CVE-2018-12207 page https://www.suse.com/security/cve/CVE-2018-20126/ SUSE CVE CVE-2018-20126 page https://www.suse.com/security/cve/CVE-2019-11135/ SUSE CVE CVE-2019-11135 page https://www.suse.com/security/cve/CVE-2019-12068/ SUSE CVE CVE-2019-12068 page openSUSE Leap 15.0 qemu-2.11.2-lp150.7.28.1 qemu-arm-2.11.2-lp150.7.28.1 qemu-block-curl-2.11.2-lp150.7.28.1 qemu-block-dmg-2.11.2-lp150.7.28.1 qemu-block-gluster-2.11.2-lp150.7.28.1 qemu-block-iscsi-2.11.2-lp150.7.28.1 qemu-block-rbd-2.11.2-lp150.7.28.1 qemu-block-ssh-2.11.2-lp150.7.28.1 qemu-extra-2.11.2-lp150.7.28.1 qemu-guest-agent-2.11.2-lp150.7.28.1 qemu-ipxe-1.0.0+-lp150.7.28.1 qemu-ksm-2.11.2-lp150.7.28.1 qemu-kvm-2.11.2-lp150.7.28.1 qemu-lang-2.11.2-lp150.7.28.1 qemu-ppc-2.11.2-lp150.7.28.1 qemu-s390-2.11.2-lp150.7.28.1 qemu-seabios-1.11.0-lp150.7.28.1 qemu-sgabios-8-lp150.7.28.1 qemu-tools-2.11.2-lp150.7.28.1 qemu-vgabios-1.11.0-lp150.7.28.1 qemu-x86-2.11.2-lp150.7.28.1 qemu-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-arm-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-block-curl-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-block-dmg-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-block-gluster-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-block-iscsi-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-block-rbd-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-block-ssh-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-extra-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-guest-agent-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-ipxe-1.0.0+-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-ksm-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-kvm-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-lang-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-ppc-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-s390-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-seabios-1.11.0-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-sgabios-8-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-tools-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-vgabios-1.11.0-lp150.7.28.1 as a component of openSUSE Leap 15.0 qemu-x86-2.11.2-lp150.7.28.1 as a component of openSUSE Leap 15.0 Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVE-2018-12207 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB https://www.suse.com/security/cve/CVE-2018-12207.html CVE-2018-12207 https://bugzilla.suse.com/1117665 SUSE Bug 1117665 https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1152505 SUSE Bug 1152505 https://bugzilla.suse.com/1155812 SUSE Bug 1155812 https://bugzilla.suse.com/1155817 SUSE Bug 1155817 https://bugzilla.suse.com/1155945 SUSE Bug 1155945 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. CVE-2018-20126 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB https://www.suse.com/security/cve/CVE-2018-20126.html CVE-2018-20126 https://bugzilla.suse.com/1119991 SUSE Bug 1119991 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB https://www.suse.com/security/cve/CVE-2019-11135.html CVE-2019-11135 https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1152497 SUSE Bug 1152497 https://bugzilla.suse.com/1152505 SUSE Bug 1152505 https://bugzilla.suse.com/1152506 SUSE Bug 1152506 https://bugzilla.suse.com/1160120 SUSE Bug 1160120 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. CVE-2019-12068 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB https://www.suse.com/security/cve/CVE-2019-12068.html CVE-2019-12068 https://bugzilla.suse.com/1146873 SUSE Bug 1146873 https://bugzilla.suse.com/1146874 SUSE Bug 1146874 https://bugzilla.suse.com/1178658 SUSE Bug 1178658