|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2018:2679-1)|
|Summary:||The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2018:2679-1 advisory.|
The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2018:2679-1 advisory.
This update for qemu fixes the following issues:
This security issue was fixed:
CVE-2018-12617: qmp_guest_file_read had an integer overflow that could
have been exploited by sending a crafted QMP command (including
guest-file-read with a large count value) to the agent via the listening
socket causing DoS (bsc#1098735)
These non-security issues were fixed:
Allow kvm group access to /dev/sev (bsc#1102604).
Fix for the value used for reduced_phys_bits. Please update the
reduced_phys_bits value used on the commandline or in libvirt XML to the
value 1 (explicitly set now in QEMU code). (bsc#1103628)
Fix (again) the qemu guest agent udev rule file, which got unfixed in a
series of unfortunate events (bsc#1094898 and now bsc#1105279)
'qemu' package(s) on SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Basesystem 15
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-12617|
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.