Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4135-1 Final 1 1 2018-12-15T07:20:43Z current 2018-12-15T07:20:43Z 2018-12-15T07:20:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: Security issue fixed: - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529). Non-security issue fixed: - Fixed serial console issue that triggered a qemu-kvm bug (bsc#1108474). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00036.html E-Mail link for openSUSE-SU-2018:4135-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 qemu-2.11.2-lp150.7.15.1 qemu-arm-2.11.2-lp150.7.15.1 qemu-block-curl-2.11.2-lp150.7.15.1 qemu-block-dmg-2.11.2-lp150.7.15.1 qemu-block-gluster-2.11.2-lp150.7.15.1 qemu-block-iscsi-2.11.2-lp150.7.15.1 qemu-block-rbd-2.11.2-lp150.7.15.1 qemu-block-ssh-2.11.2-lp150.7.15.1 qemu-extra-2.11.2-lp150.7.15.1 qemu-guest-agent-2.11.2-lp150.7.15.1 qemu-ipxe-1.0.0+-lp150.7.15.1 qemu-ksm-2.11.2-lp150.7.15.1 qemu-kvm-2.11.2-lp150.7.15.1 qemu-lang-2.11.2-lp150.7.15.1 qemu-linux-user-2.11.2-lp150.7.15.1 qemu-ppc-2.11.2-lp150.7.15.1 qemu-s390-2.11.2-lp150.7.15.1 qemu-seabios-1.11.0-lp150.7.15.1 qemu-sgabios-8-lp150.7.15.1 qemu-testsuite-2.11.2-lp150.7.15.1 qemu-tools-2.11.2-lp150.7.15.1 qemu-vgabios-1.11.0-lp150.7.15.1 qemu-x86-2.11.2-lp150.7.15.1 qemu-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-arm-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-block-curl-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-block-dmg-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-block-gluster-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-block-iscsi-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-block-rbd-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-block-ssh-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-extra-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-guest-agent-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-ipxe-1.0.0+-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-ksm-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-kvm-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-lang-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-linux-user-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-ppc-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-s390-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-seabios-1.11.0-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-sgabios-8-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-testsuite-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-tools-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-vgabios-1.11.0-lp150.7.15.1 as a component of openSUSE Leap 15.0 qemu-x86-2.11.2-lp150.7.15.1 as a component of openSUSE Leap 15.0 An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. CVE-2018-16847 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.15.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.15.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.15.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.15.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.15.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.15.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00036.html https://www.suse.com/security/cve/CVE-2018-16847.html CVE-2018-16847 https://bugzilla.suse.com/1114529 SUSE Bug 1114529 https://bugzilla.suse.com/1114540 SUSE Bug 1114540