Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2402-1 Final 1 1 2018-08-17T06:57:34Z current 2018-08-17T06:57:34Z 2018-08-17T06:57:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu to version 2.11.2 fixes the following issues: Security issue fixed: - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223). - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082). - CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes: - bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1. - bsc#1094898: qemu-guest-agent service doesn't work in version Leap 15.0. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. - bsc#1094913: QEMU crashes when starting a guest with more than 7.999TB. This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00060.html E-Mail link for openSUSE-SU-2018:2402-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 qemu-2.11.2-lp150.7.6.1 qemu-arm-2.11.2-lp150.7.6.1 qemu-block-curl-2.11.2-lp150.7.6.1 qemu-block-dmg-2.11.2-lp150.7.6.1 qemu-block-gluster-2.11.2-lp150.7.6.1 qemu-block-iscsi-2.11.2-lp150.7.6.1 qemu-block-rbd-2.11.2-lp150.7.6.1 qemu-block-ssh-2.11.2-lp150.7.6.1 qemu-extra-2.11.2-lp150.7.6.1 qemu-guest-agent-2.11.2-lp150.7.6.1 qemu-ipxe-1.0.0-lp150.7.6.1 qemu-ksm-2.11.2-lp150.7.6.1 qemu-kvm-2.11.2-lp150.7.6.1 qemu-lang-2.11.2-lp150.7.6.1 qemu-linux-user-2.11.2-lp150.7.6.1 qemu-ppc-2.11.2-lp150.7.6.1 qemu-s390-2.11.2-lp150.7.6.1 qemu-seabios-1.11.0-lp150.7.6.1 qemu-sgabios-8-lp150.7.6.1 qemu-testsuite-2.11.2-lp150.7.6.1 qemu-tools-2.11.2-lp150.7.6.1 qemu-vgabios-1.11.0-lp150.7.6.1 qemu-x86-2.11.2-lp150.7.6.1 qemu-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-arm-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-block-curl-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-block-dmg-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-block-gluster-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-block-iscsi-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-block-rbd-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-block-ssh-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-extra-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-guest-agent-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-ipxe-1.0.0-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-ksm-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-kvm-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-lang-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-linux-user-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-ppc-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-s390-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-seabios-1.11.0-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-sgabios-8-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-testsuite-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-tools-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-vgabios-1.11.0-lp150.7.6.1 as a component of openSUSE Leap 15.0 qemu-x86-2.11.2-lp150.7.6.1 as a component of openSUSE Leap 15.0 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. CVE-2018-11806 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.6.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.6.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00060.html https://www.suse.com/security/cve/CVE-2018-11806.html CVE-2018-11806 https://bugzilla.suse.com/1096223 SUSE Bug 1096223 https://bugzilla.suse.com/1096224 SUSE Bug 1096224 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVE-2018-3639 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.6.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.6.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00060.html https://www.suse.com/security/cve/CVE-2018-3639.html CVE-2018-3639 https://bugzilla.suse.com/0 SUSE Bug 0 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1085235 SUSE Bug 1085235 https://bugzilla.suse.com/1085308 SUSE Bug 1085308 https://bugzilla.suse.com/1087078 SUSE Bug 1087078 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1094912 SUSE Bug 1094912 https://bugzilla.suse.com/1100394 SUSE Bug 1100394 https://bugzilla.suse.com/1102640 SUSE Bug 1102640 https://bugzilla.suse.com/1105412 SUSE Bug 1105412 https://bugzilla.suse.com/1113769 SUSE Bug 1113769 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. CVE-2018-7550 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.6.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.6.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.6.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00060.html https://www.suse.com/security/cve/CVE-2018-7550.html CVE-2018-7550 https://bugzilla.suse.com/1083291 SUSE Bug 1083291 https://bugzilla.suse.com/1083292 SUSE Bug 1083292