Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.1239.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:1239-1)
Summary:The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2019:1239-1 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2019:1239-1 advisory.

Vulnerability Insight:
This update for qemu fixes the following issues:

Security issues fixed:

CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622)

CVE-2019-8934: Added method to specify whether or not to expose certain
ppc64 host information, which can be considered a security issue
(bsc#1126455)

CVE-2019-3812: Fixed OOB memory access and information leak in virtual
monitor interface (bsc#1125721)

CVE-2018-20815: Fix DOS possibility in device tree processing
(bsc#1130675)

Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream
adjustments for the same. Basically now the security fix is to provide a
dummy host-model and host-serial value, which
overrides getting that value from the host

CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86
cpu feature 'md-clear' (bsc#1111331)

Other bugs fixed:

Use a new approach to handling the file input to -smbios option, which
accepts either legacy or per-spec formats regardless of the machine type.

Affected Software/OS:
'qemu' package(s) on SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Basesystem 15

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-3812
BugTraq ID: 107059
http://www.securityfocus.com/bid/107059
Bugtraq: 20190531 [SECURITY] [DSA 4454-1] qemu security update (Google Search)
https://seclists.org/bugtraq/2019/May/76
Debian Security Information: DSA-4454 (Google Search)
https://www.debian.org/security/2019/dsa-4454
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
SuSE Security Announcement: openSUSE-SU-2019:1274 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html
SuSE Security Announcement: openSUSE-SU-2019:1405 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html
https://usn.ubuntu.com/3923-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-8934
http://www.openwall.com/lists/oss-security/2019/02/21/1
http://www.securityfocus.com/bid/107115
https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9824
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/
https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html
RedHat Security Advisories: RHSA-2019:1650
https://access.redhat.com/errata/RHSA-2019:1650
RedHat Security Advisories: RHSA-2019:2078
https://access.redhat.com/errata/RHSA-2019:2078
RedHat Security Advisories: RHSA-2019:2425
https://access.redhat.com/errata/RHSA-2019:2425
RedHat Security Advisories: RHSA-2019:2553
https://access.redhat.com/errata/RHSA-2019:2553
RedHat Security Advisories: RHSA-2019:3345
https://access.redhat.com/errata/RHSA-2019:3345
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.