Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0254-1 Final 1 1 2019-03-23T11:07:37Z current 2019-03-23T11:07:37Z 2019-03-23T11:07:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993). - Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600). - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646). - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-254 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html E-Mail link for openSUSE-SU-2019:0254-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1063993 SUSE Bug 1063993 https://bugzilla.suse.com/1079730 SUSE Bug 1079730 https://bugzilla.suse.com/1100408 SUSE Bug 1100408 https://bugzilla.suse.com/1101982 SUSE Bug 1101982 https://bugzilla.suse.com/1112646 SUSE Bug 1112646 https://bugzilla.suse.com/1114957 SUSE Bug 1114957 https://bugzilla.suse.com/1116717 SUSE Bug 1116717 https://bugzilla.suse.com/1117275 SUSE Bug 1117275 https://bugzilla.suse.com/1119493 SUSE Bug 1119493 https://bugzilla.suse.com/1121600 SUSE Bug 1121600 https://bugzilla.suse.com/1123156 SUSE Bug 1123156 https://bugzilla.suse.com/1123179 SUSE Bug 1123179 https://www.suse.com/security/cve/CVE-2018-16872/ SUSE CVE CVE-2018-16872 page https://www.suse.com/security/cve/CVE-2018-18954/ SUSE CVE CVE-2018-18954 page https://www.suse.com/security/cve/CVE-2018-19364/ SUSE CVE CVE-2018-19364 page https://www.suse.com/security/cve/CVE-2018-19489/ SUSE CVE CVE-2018-19489 page https://www.suse.com/security/cve/CVE-2019-6778/ SUSE CVE CVE-2019-6778 page openSUSE Leap 15.0 qemu-2.11.2-lp150.7.18.1 qemu-arm-2.11.2-lp150.7.18.1 qemu-block-curl-2.11.2-lp150.7.18.1 qemu-block-dmg-2.11.2-lp150.7.18.1 qemu-block-gluster-2.11.2-lp150.7.18.1 qemu-block-iscsi-2.11.2-lp150.7.18.1 qemu-block-rbd-2.11.2-lp150.7.18.1 qemu-block-ssh-2.11.2-lp150.7.18.1 qemu-extra-2.11.2-lp150.7.18.1 qemu-guest-agent-2.11.2-lp150.7.18.1 qemu-ipxe-1.0.0+-lp150.7.18.1 qemu-ksm-2.11.2-lp150.7.18.1 qemu-kvm-2.11.2-lp150.7.18.1 qemu-lang-2.11.2-lp150.7.18.1 qemu-linux-user-2.11.2-lp150.7.18.1 qemu-ppc-2.11.2-lp150.7.18.1 qemu-s390-2.11.2-lp150.7.18.1 qemu-seabios-1.11.0-lp150.7.18.1 qemu-sgabios-8-lp150.7.18.1 qemu-testsuite-2.11.2-lp150.7.18.1 qemu-tools-2.11.2-lp150.7.18.1 qemu-vgabios-1.11.0-lp150.7.18.1 qemu-x86-2.11.2-lp150.7.18.1 qemu-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-arm-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-block-curl-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-block-dmg-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-block-gluster-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-block-iscsi-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-block-rbd-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-block-ssh-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-extra-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-guest-agent-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-ipxe-1.0.0+-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-ksm-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-kvm-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-lang-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-linux-user-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-ppc-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-s390-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-seabios-1.11.0-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-sgabios-8-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-testsuite-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-tools-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-vgabios-1.11.0-lp150.7.18.1 as a component of openSUSE Leap 15.0 qemu-x86-2.11.2-lp150.7.18.1 as a component of openSUSE Leap 15.0 A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. CVE-2018-16872 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.18.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.18.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.18.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html https://www.suse.com/security/cve/CVE-2018-16872.html CVE-2018-16872 https://bugzilla.suse.com/1119493 SUSE Bug 1119493 https://bugzilla.suse.com/1119494 SUSE Bug 1119494 The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. CVE-2018-18954 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.18.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.18.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html https://www.suse.com/security/cve/CVE-2018-18954.html CVE-2018-18954 https://bugzilla.suse.com/1114957 SUSE Bug 1114957 hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. CVE-2018-19364 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.18.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.18.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.18.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html https://www.suse.com/security/cve/CVE-2018-19364.html CVE-2018-19364 https://bugzilla.suse.com/1116717 SUSE Bug 1116717 https://bugzilla.suse.com/1116726 SUSE Bug 1116726 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. CVE-2018-19489 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.18.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.18.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.18.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html https://www.suse.com/security/cve/CVE-2018-19489.html CVE-2018-19489 https://bugzilla.suse.com/1117275 SUSE Bug 1117275 https://bugzilla.suse.com/1117279 SUSE Bug 1117279 In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. CVE-2019-6778 openSUSE Leap 15.0:qemu-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.18.1 openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-linux-user-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.18.1 openSUSE Leap 15.0:qemu-testsuite-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.18.1 openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.18.1 openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html https://www.suse.com/security/cve/CVE-2019-6778.html CVE-2019-6778 https://bugzilla.suse.com/1123156 SUSE Bug 1123156 https://bugzilla.suse.com/1123157 SUSE Bug 1123157 https://bugzilla.suse.com/1178658 SUSE Bug 1178658