Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-17963 (GCVE-0-2018-17963)
Vulnerability from cvelistv5 – Published: 2018-10-09 22:00 – Updated: 2024-08-05 11:01
VLAI
EPSS
Summary
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2018/10/08/1 | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2018/dsa-4338 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.gnu.org/archive/html/qemu-devel/201… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/3826-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://lists.gnu.org/archive/html/qemu-devel/201… | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2019:2166 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:2425 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:2553 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html"
},
{
"name": "RHSA-2019:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T04:32:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html"
},
{
"name": "RHSA-2019:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html"
},
{
"name": "RHSA-2019:2166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17963",
"datePublished": "2018-10-09T22:00:00.000Z",
"dateReserved": "2018-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-17963",
"date": "2026-05-27",
"epss": "0.01449",
"percentile": "0.81027"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.0\", \"matchCriteriaId\": \"16AFB9CD-95CF-4552-A8C1-1B4F496925B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*\", \"matchCriteriaId\": \"C726BD36-EA1B-4260-ABCD-29587B584058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"58E67452-3056-42CF-A6A0-EFB854366642\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:3.1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"683347B2-2CEA-4CDD-AAB8-B91B185075EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:3.1.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"D894F303-34A4-445B-B63E-EFABD6ABF7D7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"704CFA1A-953E-4105-BFBE-406034B83DED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB7F358B-5E56-41AB-BB8A-23D3CB7A248B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FA1A18F-D997-4121-A01B-FD9B3BF266CF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.\"}, {\"lang\": \"es\", \"value\": \"qemu_deliver_packet_iov en net/net.c en Qemu acepta tama\\u00f1os de paquetes mayores a INT_MAX, lo que permite que los atacantes provoquen una denegaci\\u00f3n de servicio (DoS) o tengan otro tipo de impacto sin especificar.\"}]",
"id": "CVE-2018-17963",
"lastModified": "2024-11-21T03:55:17.510",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-10-09T22:29:01.157",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2018/10/08/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2166\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2425\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2553\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3826-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4338\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2018/10/08/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2425\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3826-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4338\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-17963\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-10-09T22:29:01.157\",\"lastModified\":\"2024-11-21T03:55:17.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.\"},{\"lang\":\"es\",\"value\":\"qemu_deliver_packet_iov en net/net.c en Qemu acepta tama\u00f1os de paquetes mayores a INT_MAX, lo que permite que los atacantes provoquen una denegaci\u00f3n de servicio (DoS) o tengan otro tipo de impacto sin especificar.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.0\",\"matchCriteriaId\":\"16AFB9CD-95CF-4552-A8C1-1B4F496925B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C726BD36-EA1B-4260-ABCD-29587B584058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"58E67452-3056-42CF-A6A0-EFB854366642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:3.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"683347B2-2CEA-4CDD-AAB8-B91B185075EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:3.1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D894F303-34A4-445B-B63E-EFABD6ABF7D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704CFA1A-953E-4105-BFBE-406034B83DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB7F358B-5E56-41AB-BB8A-23D3CB7A248B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA1A18F-D997-4121-A01B-FD9B3BF266CF\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2018/10/08/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2166\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2425\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2553\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3826-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4338\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2018/10/08/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2425\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3826-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2019_2553
Vulnerability from csaf_redhat - Published: 2019-08-22 09:19 - Updated: 2024-11-15 08:25Summary
Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)
* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
* Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)
* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)
* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)
* QEMU: rtl8139: integer overflow leads to buffer overflow (CVE-2018-17958)
* QEMU: net: ignore packets with large size (CVE-2018-17963)
* QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501)
* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.
6.2 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
An integer overflow issue was found in the RTL8139 NIC emulation in QEMU. It could occur while receiving packets over the network if the size value is greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A potential integer overflow issue was found in the networking back-end of QEMU. It could occur while receiving packets, because it accepted packets with large size value. Such overflow could lead to OOB buffer access issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process.
7.0 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
CWE-787 - Out-of-bounds WriteAffected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CWE-385 - Covert Timing ChannelAffected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
100 references
Acknowledgments
Arash Tohidi
Twistlock
Daniel Shapira
nccgroup.com
Kurtis Miller
William Bowling
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the \u0027processor store buffer\u0027. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU\u0027s processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the \u0027load port\u0027 table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\n* QEMU: rtl8139: integer overflow leads to buffer overflow (CVE-2018-17958)\n\n* QEMU: net: ignore packets with large size (CVE-2018-17963)\n\n* QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501)\n\n* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2553",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/mds",
"url": "https://access.redhat.com/security/vulnerabilities/mds"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1508708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508708"
},
{
"category": "external",
"summary": "1526313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526313"
},
{
"category": "external",
"summary": "1531888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531888"
},
{
"category": "external",
"summary": "1551486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551486"
},
{
"category": "external",
"summary": "1585155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585155"
},
{
"category": "external",
"summary": "1597482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597482"
},
{
"category": "external",
"summary": "1598119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598119"
},
{
"category": "external",
"summary": "1603104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1603104"
},
{
"category": "external",
"summary": "1607768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607768"
},
{
"category": "external",
"summary": "1608226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608226"
},
{
"category": "external",
"summary": "1610461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610461"
},
{
"category": "external",
"summary": "1614302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614302"
},
{
"category": "external",
"summary": "1614610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614610"
},
{
"category": "external",
"summary": "1619778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619778"
},
{
"category": "external",
"summary": "1620373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620373"
},
{
"category": "external",
"summary": "1623986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623986"
},
{
"category": "external",
"summary": "1624009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624009"
},
{
"category": "external",
"summary": "1627272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627272"
},
{
"category": "external",
"summary": "1628098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628098"
},
{
"category": "external",
"summary": "1629056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629056"
},
{
"category": "external",
"summary": "1629717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629717"
},
{
"category": "external",
"summary": "1629720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629720"
},
{
"category": "external",
"summary": "1631052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631052"
},
{
"category": "external",
"summary": "1631227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631227"
},
{
"category": "external",
"summary": "1631615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631615"
},
{
"category": "external",
"summary": "1631877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631877"
},
{
"category": "external",
"summary": "1633150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633150"
},
{
"category": "external",
"summary": "1633536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633536"
},
{
"category": "external",
"summary": "1636712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636712"
},
{
"category": "external",
"summary": "1636777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636777"
},
{
"category": "external",
"summary": "1642551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642551"
},
{
"category": "external",
"summary": "1646781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646781"
},
{
"category": "external",
"summary": "1646784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646784"
},
{
"category": "external",
"summary": "1648236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648236"
},
{
"category": "external",
"summary": "1656913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656913"
},
{
"category": "external",
"summary": "1666336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666336"
},
{
"category": "external",
"summary": "1666884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666884"
},
{
"category": "external",
"summary": "1667320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667320"
},
{
"category": "external",
"summary": "1667782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667782"
},
{
"category": "external",
"summary": "1668160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668160"
},
{
"category": "external",
"summary": "1668956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668956"
},
{
"category": "external",
"summary": "1672010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672010"
},
{
"category": "external",
"summary": "1673080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673080"
},
{
"category": "external",
"summary": "1673397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673397"
},
{
"category": "external",
"summary": "1673402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673402"
},
{
"category": "external",
"summary": "1676728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1676728"
},
{
"category": "external",
"summary": "1677073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677073"
},
{
"category": "external",
"summary": "1678515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678515"
},
{
"category": "external",
"summary": "1685989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685989"
},
{
"category": "external",
"summary": "1691009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691009"
},
{
"category": "external",
"summary": "1691018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691018"
},
{
"category": "external",
"summary": "1691048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691048"
},
{
"category": "external",
"summary": "1691563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691563"
},
{
"category": "external",
"summary": "1692018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692018"
},
{
"category": "external",
"summary": "1693101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693101"
},
{
"category": "external",
"summary": "1703916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703916"
},
{
"category": "external",
"summary": "1705312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705312"
},
{
"category": "external",
"summary": "1714160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714160"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2553.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-15T08:25:12+00:00",
"generator": {
"date": "2024-11-15T08:25:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:2553",
"initial_release_date": "2019-08-22T09:19:30+00:00",
"revision_history": [
{
"date": "2019-08-22T09:19:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-22T09:19:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:25:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "RHV-M 4.3",
"product": {
"name": "RHV-M 4.3",
"product_id": "7Server-RHV-S-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.12.0-33.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.12.0-33.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"product_id": "qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.12.0-33.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"product_id": "qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.12.0-33.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.12.0-33.el7?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"product": {
"name": "qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"product_id": "qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.12.0-33.el7?arch=ppc64le\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.12.0-33.el7?arch=ppc64le\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"product": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"product_id": "qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.12.0-33.el7?arch=ppc64le\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"product": {
"name": "qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"product_id": "qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.12.0-33.el7?arch=ppc64le\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"product_id": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.12.0-33.el7?arch=ppc64le\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.src",
"product": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.src",
"product_id": "qemu-kvm-rhev-10:2.12.0-33.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.12.0-33.el7?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.12.0-33.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le"
},
"product_reference": "qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.12.0-33.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le"
},
"product_reference": "qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le"
},
"product_reference": "qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.12.0-33.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.12.0-33.el7.x86_64 as a component of RHV-M 4.3",
"product_id": "7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHV-S-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64 as a component of RHV-M 4.3",
"product_id": "7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHV-S-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.src as a component of RHV-M 4.3",
"product_id": "7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.12.0-33.el7.src",
"relates_to_product_reference": "7Server-RHV-S-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.12.0-33.el7.x86_64 as a component of RHV-M 4.3",
"product_id": "7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHV-S-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64 as a component of RHV-M 4.3",
"product_id": "7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHV-S-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64 as a component of RHV-M 4.3",
"product_id": "7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHV-S-4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646781"
}
],
"notes": [
{
"category": "description",
"text": "Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the \u0027processor store buffer\u0027. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU\u0027s processor store buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "RHBZ#1646781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646781"
},
{
"category": "external",
"summary": "RHSB-mds",
"url": "https://access.redhat.com/security/vulnerabilities/mds"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12126"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)"
},
{
"cve": "CVE-2018-12127",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2019-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1667782"
}
],
"notes": [
{
"category": "description",
"text": "Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the \u0027load port\u0027 table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "RHBZ#1667782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667782"
},
{
"category": "external",
"summary": "RHSB-mds",
"url": "https://access.redhat.com/security/vulnerabilities/mds"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12127",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12127"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)"
},
{
"cve": "CVE-2018-12130",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "RHBZ#1646784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646784"
},
{
"category": "external",
"summary": "RHSB-mds",
"url": "https://access.redhat.com/security/vulnerabilities/mds"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12130"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)"
},
{
"acknowledgments": [
{
"names": [
"Arash Tohidi"
]
},
{
"names": [
"Daniel Shapira"
],
"organization": "Twistlock"
}
],
"cve": "CVE-2018-17958",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2018-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1636712"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow issue was found in the RTL8139 NIC emulation in QEMU. It could occur while receiving packets over the network if the size value is greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "QEMU: rtl8139: integer overflow leads to buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "RHBZ#1636712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17958",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17958"
}
],
"release_date": "2018-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "QEMU: rtl8139: integer overflow leads to buffer overflow"
},
{
"acknowledgments": [
{
"names": [
"Daniel Shapira"
],
"organization": "Twistlock"
}
],
"cve": "CVE-2018-17963",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2018-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1636777"
}
],
"notes": [
{
"category": "description",
"text": "A potential integer overflow issue was found in the networking back-end of QEMU. It could occur while receiving packets, because it accepted packets with large size value. Such overflow could lead to OOB buffer access issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "QEMU: net: ignore packets with large size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "RHBZ#1636777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17963",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17963"
}
],
"release_date": "2018-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "QEMU: net: ignore packets with large size"
},
{
"acknowledgments": [
{
"names": [
"Kurtis Miller"
],
"organization": "nccgroup.com"
}
],
"cve": "CVE-2018-20815",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693101"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "QEMU: device_tree: heap buffer overflow while loading device tree blob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20815"
},
{
"category": "external",
"summary": "RHBZ#1693101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693101"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20815",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20815"
}
],
"release_date": "2018-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "QEMU: device_tree: heap buffer overflow while loading device tree blob"
},
{
"cve": "CVE-2019-6501",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2019-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668160"
}
],
"notes": [
{
"category": "description",
"text": "In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "QEMU: scsi-generic: possible OOB access while handling inquiry request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-6501"
},
{
"category": "external",
"summary": "RHBZ#1668160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-6501",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6501"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-6501",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6501"
}
],
"release_date": "2019-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "QEMU: scsi-generic: possible OOB access while handling inquiry request"
},
{
"acknowledgments": [
{
"names": [
"William Bowling"
]
}
],
"cve": "CVE-2019-9824",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1678515"
}
],
"notes": [
{
"category": "description",
"text": "tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9824"
},
{
"category": "external",
"summary": "RHBZ#1678515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9824"
}
],
"release_date": "2019-03-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables"
},
{
"cve": "CVE-2019-11091",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705312"
}
],
"notes": [
{
"category": "description",
"text": "Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "RHBZ#1705312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705312"
},
{
"category": "external",
"summary": "RHSB-mds",
"url": "https://access.redhat.com/security/vulnerabilities/mds"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11091",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11091"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-22T09:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.ppc64le",
"7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-img-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-common-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.src",
"7Server-RHV-S-4.3:qemu-kvm-rhev-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7.x86_64",
"7Server-RHV-S-4.3:qemu-kvm-tools-rhev-10:2.12.0-33.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)"
}
]
}
SUSE-SU-2018:3332-1
Vulnerability from csaf_suse - Published: 2018-10-23 13:14 - Updated: 2018-10-23 13:14Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014)
- CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276)
Non security issues fixed:
- Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508)
Patchnames: SUSE-OpenStack-Cloud-7-2018-2398,SUSE-SLE-SAP-12-SP2-2018-2398,SUSE-SLE-SERVER-12-SP2-2018-2398,SUSE-SLE-SERVER-12-SP2-BCL-2018-2398,SUSE-Storage-4-2018-2398
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014)\n- CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276)\n\nNon security issues fixed:\n\n- Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508)\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-2398,SUSE-SLE-SAP-12-SP2-2018-2398,SUSE-SLE-SERVER-12-SP2-2018-2398,SUSE-SLE-SERVER-12-SP2-BCL-2018-2398,SUSE-Storage-4-2018-2398",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3332-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3332-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183332-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3332-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004769.html"
},
{
"category": "self",
"summary": "SUSE Bug 1094508",
"url": "https://bugzilla.suse.com/1094508"
},
{
"category": "self",
"summary": "SUSE Bug 1103276",
"url": "https://bugzilla.suse.com/1103276"
},
{
"category": "self",
"summary": "SUSE Bug 1111014",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-10-23T13:14:17Z",
"generator": {
"date": "2018-10-23T13:14:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3332-1",
"initial_release_date": "2018-10-23T13:14:17Z",
"revision_history": [
{
"date": "2018-10-23T13:14:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_05-43.42.1.x86_64",
"product": {
"name": "xen-4.7.6_05-43.42.1.x86_64",
"product_id": "xen-4.7.6_05-43.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_05-43.42.1.x86_64",
"product": {
"name": "xen-doc-html-4.7.6_05-43.42.1.x86_64",
"product_id": "xen-doc-html-4.7.6_05-43.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_05-43.42.1.x86_64",
"product": {
"name": "xen-libs-4.7.6_05-43.42.1.x86_64",
"product_id": "xen-libs-4.7.6_05-43.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"product_id": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_05-43.42.1.x86_64",
"product": {
"name": "xen-tools-4.7.6_05-43.42.1.x86_64",
"product_id": "xen-tools-4.7.6_05-43.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"product": {
"name": "xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"product_id": "xen-tools-domU-4.7.6_05-43.42.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_05-43.42.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_05-43.42.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_05-43.42.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_05-43.42.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_05-43.42.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_05-43.42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_05-43.42.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_05-43.42.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_05-43.42.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_05-43.42.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_05-43.42.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15468"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15468",
"url": "https://www.suse.com/security/cve/CVE-2018-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1103276 for CVE-2018-15468",
"url": "https://bugzilla.suse.com/1103276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-23T13:14:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-15468"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_05-43.42.1.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_05-43.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-23T13:14:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
}
]
}
SUSE-SU-2018:3490-1
Vulnerability from csaf_suse - Published: 2018-10-26 11:09 - Updated: 2018-10-26 11:09Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
XEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519)
- CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014)
- CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279)
- CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). (XSA-268) (bsc#1103275)
Note that SUSE does not ship ARM Xen, so we are not affected.
- CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276)
- CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. (XSA-273) (bsc#1091107)
Non security issues fixed:
- The affinity reporting via 'xl vcpu-list' was broken (bsc#1106263)
- Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508)
Patchnames: SUSE-SLE-DESKTOP-12-SP3-2018-2492,SUSE-SLE-SDK-12-SP3-2018-2492,SUSE-SLE-SERVER-12-SP3-2018-2492
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nXEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519)\n\n- CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014)\n- CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279)\n- CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). (XSA-268) (bsc#1103275)\n Note that SUSE does not ship ARM Xen, so we are not affected.\n- CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276)\n- CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. (XSA-273) (bsc#1091107)\n\nNon security issues fixed:\n\n- The affinity reporting via \u0027xl vcpu-list\u0027 was broken (bsc#1106263)\n- Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-2492,SUSE-SLE-SDK-12-SP3-2018-2492,SUSE-SLE-SERVER-12-SP3-2018-2492",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3490-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3490-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183490-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3490-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004800.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1078292",
"url": "https://bugzilla.suse.com/1078292"
},
{
"category": "self",
"summary": "SUSE Bug 1091107",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "self",
"summary": "SUSE Bug 1094508",
"url": "https://bugzilla.suse.com/1094508"
},
{
"category": "self",
"summary": "SUSE Bug 1103275",
"url": "https://bugzilla.suse.com/1103275"
},
{
"category": "self",
"summary": "SUSE Bug 1103276",
"url": "https://bugzilla.suse.com/1103276"
},
{
"category": "self",
"summary": "SUSE Bug 1103279",
"url": "https://bugzilla.suse.com/1103279"
},
{
"category": "self",
"summary": "SUSE Bug 1106263",
"url": "https://bugzilla.suse.com/1106263"
},
{
"category": "self",
"summary": "SUSE Bug 1111014",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15469 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15470 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3646/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2018-10-26T11:09:27Z",
"generator": {
"date": "2018-10-26T11:09:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3490-1",
"initial_release_date": "2018-10-26T11:09:27Z",
"revision_history": [
{
"date": "2018-10-26T11:09:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.3_03-3.44.2.aarch64",
"product": {
"name": "xen-devel-4.9.3_03-3.44.2.aarch64",
"product_id": "xen-devel-4.9.3_03-3.44.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.3_03-3.44.2.x86_64",
"product": {
"name": "xen-4.9.3_03-3.44.2.x86_64",
"product_id": "xen-4.9.3_03-3.44.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.3_03-3.44.2.x86_64",
"product": {
"name": "xen-libs-4.9.3_03-3.44.2.x86_64",
"product_id": "xen-libs-4.9.3_03-3.44.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"product_id": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.3_03-3.44.2.x86_64",
"product": {
"name": "xen-devel-4.9.3_03-3.44.2.x86_64",
"product_id": "xen-devel-4.9.3_03-3.44.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.3_03-3.44.2.x86_64",
"product": {
"name": "xen-doc-html-4.9.3_03-3.44.2.x86_64",
"product_id": "xen-doc-html-4.9.3_03-3.44.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.3_03-3.44.2.x86_64",
"product": {
"name": "xen-tools-4.9.3_03-3.44.2.x86_64",
"product_id": "xen-tools-4.9.3_03-3.44.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"product": {
"name": "xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"product_id": "xen-tools-domU-4.9.3_03-3.44.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-libs-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.9.3_03-3.44.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64"
},
"product_reference": "xen-devel-4.9.3_03-3.44.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-devel-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-libs-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-tools-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-libs-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-tools-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.3_03-3.44.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15468"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15468",
"url": "https://www.suse.com/security/cve/CVE-2018-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1103276 for CVE-2018-15468",
"url": "https://bugzilla.suse.com/1103276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-26T11:09:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-15468"
},
{
"cve": "CVE-2018-15469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15469"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15469",
"url": "https://www.suse.com/security/cve/CVE-2018-15469"
},
{
"category": "external",
"summary": "SUSE Bug 1103275 for CVE-2018-15469",
"url": "https://bugzilla.suse.com/1103275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-26T11:09:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-15469"
},
{
"cve": "CVE-2018-15470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15470"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 \"Operations on data structures\" of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15470",
"url": "https://www.suse.com/security/cve/CVE-2018-15470"
},
{
"category": "external",
"summary": "SUSE Bug 1103279 for CVE-2018-15470",
"url": "https://bugzilla.suse.com/1103279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-26T11:09:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-15470"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-26T11:09:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3646"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3646",
"url": "https://www.suse.com/security/cve/CVE-2018-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104365 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1106548 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1106548"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.3_03-3.44.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.3_03-3.44.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-26T11:09:27Z",
"details": "important"
}
],
"title": "CVE-2018-3646"
}
]
}
SUSE-SU-2018:3912-1
Vulnerability from csaf_suse - Published: 2018-11-26 16:46 - Updated: 2018-11-26 16:46Summary
Security update for qemu
Severity
Moderate
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
Patchnames: SUSE-SLE-SERVER-12-2018-2781
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).\n- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).\n- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).\n- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)\n- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the \u0027msg_len\u0027 field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2018-2781",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3912-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3912-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183912-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3912-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004891.html"
},
{
"category": "self",
"summary": "SUSE Bug 1106222",
"url": "https://bugzilla.suse.com/1106222"
},
{
"category": "self",
"summary": "SUSE Bug 1110910",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "self",
"summary": "SUSE Bug 1111006",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "self",
"summary": "SUSE Bug 1111010",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "self",
"summary": "SUSE Bug 1111013",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "self",
"summary": "SUSE Bug 1114422",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15746 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17958 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17962 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18849 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18849/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2018-11-26T16:46:26Z",
"generator": {
"date": "2018-11-26T16:46:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3912-1",
"initial_release_date": "2018-11-26T16:46:26Z",
"revision_history": [
{
"date": "2018-11-26T16:46:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0-48.46.2.noarch",
"product": {
"name": "qemu-ipxe-1.0.0-48.46.2.noarch",
"product_id": "qemu-ipxe-1.0.0-48.46.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.7.4-48.46.2.noarch",
"product": {
"name": "qemu-seabios-1.7.4-48.46.2.noarch",
"product_id": "qemu-seabios-1.7.4-48.46.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-48.46.2.noarch",
"product": {
"name": "qemu-sgabios-8-48.46.2.noarch",
"product_id": "qemu-sgabios-8-48.46.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.7.4-48.46.2.noarch",
"product": {
"name": "qemu-vgabios-1.7.4-48.46.2.noarch",
"product_id": "qemu-vgabios-1.7.4-48.46.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.0.2-48.46.2.ppc64le",
"product": {
"name": "qemu-2.0.2-48.46.2.ppc64le",
"product_id": "qemu-2.0.2-48.46.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.0.2-48.46.2.ppc64le",
"product": {
"name": "qemu-block-curl-2.0.2-48.46.2.ppc64le",
"product_id": "qemu-block-curl-2.0.2-48.46.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"product": {
"name": "qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"product_id": "qemu-guest-agent-2.0.2-48.46.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.0.2-48.46.2.ppc64le",
"product": {
"name": "qemu-lang-2.0.2-48.46.2.ppc64le",
"product_id": "qemu-lang-2.0.2-48.46.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.0.2-48.46.2.ppc64le",
"product": {
"name": "qemu-ppc-2.0.2-48.46.2.ppc64le",
"product_id": "qemu-ppc-2.0.2-48.46.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.0.2-48.46.2.ppc64le",
"product": {
"name": "qemu-tools-2.0.2-48.46.2.ppc64le",
"product_id": "qemu-tools-2.0.2-48.46.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.0.2-48.46.2.s390x",
"product": {
"name": "qemu-2.0.2-48.46.2.s390x",
"product_id": "qemu-2.0.2-48.46.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.0.2-48.46.2.s390x",
"product": {
"name": "qemu-block-curl-2.0.2-48.46.2.s390x",
"product_id": "qemu-block-curl-2.0.2-48.46.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.0.2-48.46.2.s390x",
"product": {
"name": "qemu-guest-agent-2.0.2-48.46.2.s390x",
"product_id": "qemu-guest-agent-2.0.2-48.46.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.0.2-48.46.2.s390x",
"product": {
"name": "qemu-kvm-2.0.2-48.46.2.s390x",
"product_id": "qemu-kvm-2.0.2-48.46.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.0.2-48.46.2.s390x",
"product": {
"name": "qemu-lang-2.0.2-48.46.2.s390x",
"product_id": "qemu-lang-2.0.2-48.46.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.0.2-48.46.2.s390x",
"product": {
"name": "qemu-s390-2.0.2-48.46.2.s390x",
"product_id": "qemu-s390-2.0.2-48.46.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.0.2-48.46.2.s390x",
"product": {
"name": "qemu-tools-2.0.2-48.46.2.s390x",
"product_id": "qemu-tools-2.0.2-48.46.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-2.0.2-48.46.2.x86_64",
"product_id": "qemu-2.0.2-48.46.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-block-curl-2.0.2-48.46.2.x86_64",
"product_id": "qemu-block-curl-2.0.2-48.46.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-block-rbd-2.0.2-48.46.2.x86_64",
"product_id": "qemu-block-rbd-2.0.2-48.46.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-guest-agent-2.0.2-48.46.2.x86_64",
"product_id": "qemu-guest-agent-2.0.2-48.46.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-kvm-2.0.2-48.46.2.x86_64",
"product_id": "qemu-kvm-2.0.2-48.46.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-lang-2.0.2-48.46.2.x86_64",
"product_id": "qemu-lang-2.0.2-48.46.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-tools-2.0.2-48.46.2.x86_64",
"product_id": "qemu-tools-2.0.2-48.46.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.0.2-48.46.2.x86_64",
"product": {
"name": "qemu-x86-2.0.2-48.46.2.x86_64",
"product_id": "qemu-x86-2.0.2-48.46.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.0.2-48.46.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le"
},
"product_reference": "qemu-2.0.2-48.46.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.0.2-48.46.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x"
},
"product_reference": "qemu-2.0.2-48.46.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.0.2-48.46.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le"
},
"product_reference": "qemu-block-curl-2.0.2-48.46.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.0.2-48.46.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x"
},
"product_reference": "qemu-block-curl-2.0.2-48.46.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-block-curl-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-block-rbd-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.0.2-48.46.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le"
},
"product_reference": "qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.0.2-48.46.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x"
},
"product_reference": "qemu-guest-agent-2.0.2-48.46.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-guest-agent-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-48.46.2.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-48.46.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.0.2-48.46.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x"
},
"product_reference": "qemu-kvm-2.0.2-48.46.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-kvm-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.0.2-48.46.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le"
},
"product_reference": "qemu-lang-2.0.2-48.46.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.0.2-48.46.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x"
},
"product_reference": "qemu-lang-2.0.2-48.46.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-lang-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.0.2-48.46.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le"
},
"product_reference": "qemu-ppc-2.0.2-48.46.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.0.2-48.46.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x"
},
"product_reference": "qemu-s390-2.0.2-48.46.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.7.4-48.46.2.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch"
},
"product_reference": "qemu-seabios-1.7.4-48.46.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-48.46.2.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch"
},
"product_reference": "qemu-sgabios-8-48.46.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.0.2-48.46.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le"
},
"product_reference": "qemu-tools-2.0.2-48.46.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.0.2-48.46.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x"
},
"product_reference": "qemu-tools-2.0.2-48.46.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-tools-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.7.4-48.46.2.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch"
},
"product_reference": "qemu-vgabios-1.7.4-48.46.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.0.2-48.46.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
},
"product_reference": "qemu-x86-2.0.2-48.46.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10839"
}
],
"notes": [
{
"category": "general",
"text": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10839",
"url": "https://www.suse.com/security/cve/CVE-2018-10839"
},
{
"category": "external",
"summary": "SUSE Bug 1110910 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "external",
"summary": "SUSE Bug 1110924 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-10839"
},
{
"cve": "CVE-2018-15746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15746"
}
],
"notes": [
{
"category": "general",
"text": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15746",
"url": "https://www.suse.com/security/cve/CVE-2018-15746"
},
{
"category": "external",
"summary": "SUSE Bug 1106222 for CVE-2018-15746",
"url": "https://bugzilla.suse.com/1106222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-15746"
},
{
"cve": "CVE-2018-17958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17958"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17958",
"url": "https://www.suse.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "SUSE Bug 1111006 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "external",
"summary": "SUSE Bug 1111007 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-17958"
},
{
"cve": "CVE-2018-17962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17962"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17962",
"url": "https://www.suse.com/security/cve/CVE-2018-17962"
},
{
"category": "external",
"summary": "SUSE Bug 1111010 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "external",
"summary": "SUSE Bug 1111011 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-17962"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-18849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18849"
}
],
"notes": [
{
"category": "general",
"text": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18849",
"url": "https://www.suse.com/security/cve/CVE-2018-18849"
},
{
"category": "external",
"summary": "SUSE Bug 1114422 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "external",
"summary": "SUSE Bug 1114423 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114423"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-curl-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-block-rbd-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-guest-agent-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ipxe-1.0.0-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-kvm-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-lang-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-ppc-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-s390-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-seabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-sgabios-8-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:qemu-tools-2.0.2-48.46.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:qemu-vgabios-1.7.4-48.46.2.noarch",
"SUSE Linux Enterprise Server 12-LTSS:qemu-x86-2.0.2-48.46.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-18849"
}
]
}
SUSE-SU-2018:3927-1
Vulnerability from csaf_suse - Published: 2018-11-27 12:39 - Updated: 2018-11-27 12:39Summary
Security update for qemu
Severity
Important
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process (bsc#1114529).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
Non-security issues fixed:
- Fix slowness in arm32 emulation (bsc#1112499).
- In order to improve spectre mitigation for s390x, add a new feature in the QEMU cpu model to provide the etoken cpu feature for guests (bsc#1107489).
Patchnames: SUSE-SLE-Module-Basesystem-15-2018-2794,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2794,SUSE-SLE-Module-Server-Applications-15-2018-2794
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
42 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).\n- CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process (bsc#1114529).\n- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).\n- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).\n- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)\n- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the \u0027msg_len\u0027 field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNon-security issues fixed:\n\n- Fix slowness in arm32 emulation (bsc#1112499).\n- In order to improve spectre mitigation for s390x, add a new feature in the QEMU cpu model to provide the etoken cpu feature for guests (bsc#1107489).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-2794,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2794,SUSE-SLE-Module-Server-Applications-15-2018-2794",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3927-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3927-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183927-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3927-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004899.html"
},
{
"category": "self",
"summary": "SUSE Bug 1106222",
"url": "https://bugzilla.suse.com/1106222"
},
{
"category": "self",
"summary": "SUSE Bug 1107489",
"url": "https://bugzilla.suse.com/1107489"
},
{
"category": "self",
"summary": "SUSE Bug 1110910",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "self",
"summary": "SUSE Bug 1111006",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "self",
"summary": "SUSE Bug 1111010",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "self",
"summary": "SUSE Bug 1111013",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "self",
"summary": "SUSE Bug 1112499",
"url": "https://bugzilla.suse.com/1112499"
},
{
"category": "self",
"summary": "SUSE Bug 1114422",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "self",
"summary": "SUSE Bug 1114529",
"url": "https://bugzilla.suse.com/1114529"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15746 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16847 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17958 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17962 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18849 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18849/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2018-11-27T12:39:22Z",
"generator": {
"date": "2018-11-27T12:39:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3927-1",
"initial_release_date": "2018-11-27T12:39:22Z",
"revision_history": [
{
"date": "2018-11-27T12:39:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-tools-2.11.2-9.12.2.aarch64",
"product_id": "qemu-tools-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-2.11.2-9.12.2.aarch64",
"product_id": "qemu-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-arm-2.11.2-9.12.2.aarch64",
"product_id": "qemu-arm-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-block-curl-2.11.2-9.12.2.aarch64",
"product_id": "qemu-block-curl-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"product_id": "qemu-block-iscsi-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-block-rbd-2.11.2-9.12.2.aarch64",
"product_id": "qemu-block-rbd-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-block-ssh-2.11.2-9.12.2.aarch64",
"product_id": "qemu-block-ssh-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-guest-agent-2.11.2-9.12.2.aarch64",
"product_id": "qemu-guest-agent-2.11.2-9.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.12.2.aarch64",
"product": {
"name": "qemu-lang-2.11.2-9.12.2.aarch64",
"product_id": "qemu-lang-2.11.2-9.12.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-9.12.2.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-9.12.2.noarch",
"product_id": "qemu-ipxe-1.0.0+-9.12.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.11.0-9.12.2.noarch",
"product": {
"name": "qemu-seabios-1.11.0-9.12.2.noarch",
"product_id": "qemu-seabios-1.11.0-9.12.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-9.12.2.noarch",
"product": {
"name": "qemu-sgabios-8-9.12.2.noarch",
"product_id": "qemu-sgabios-8-9.12.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.11.0-9.12.2.noarch",
"product": {
"name": "qemu-vgabios-1.11.0-9.12.2.noarch",
"product_id": "qemu-vgabios-1.11.0-9.12.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-tools-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-tools-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-block-curl-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-block-curl-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-block-iscsi-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-block-rbd-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-block-ssh-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-guest-agent-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-lang-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-lang-2.11.2-9.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-9.12.2.ppc64le",
"product": {
"name": "qemu-ppc-2.11.2-9.12.2.ppc64le",
"product_id": "qemu-ppc-2.11.2-9.12.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-tools-2.11.2-9.12.2.s390x",
"product_id": "qemu-tools-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-2.11.2-9.12.2.s390x",
"product_id": "qemu-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-block-curl-2.11.2-9.12.2.s390x",
"product_id": "qemu-block-curl-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.s390x",
"product_id": "qemu-block-iscsi-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-block-rbd-2.11.2-9.12.2.s390x",
"product_id": "qemu-block-rbd-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-block-ssh-2.11.2-9.12.2.s390x",
"product_id": "qemu-block-ssh-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-guest-agent-2.11.2-9.12.2.s390x",
"product_id": "qemu-guest-agent-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-kvm-2.11.2-9.12.2.s390x",
"product_id": "qemu-kvm-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-lang-2.11.2-9.12.2.s390x",
"product_id": "qemu-lang-2.11.2-9.12.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-9.12.2.s390x",
"product": {
"name": "qemu-s390-2.11.2-9.12.2.s390x",
"product_id": "qemu-s390-2.11.2-9.12.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-tools-2.11.2-9.12.2.x86_64",
"product_id": "qemu-tools-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-2.11.2-9.12.2.x86_64",
"product_id": "qemu-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-block-curl-2.11.2-9.12.2.x86_64",
"product_id": "qemu-block-curl-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"product_id": "qemu-block-iscsi-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-block-rbd-2.11.2-9.12.2.x86_64",
"product_id": "qemu-block-rbd-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-block-ssh-2.11.2-9.12.2.x86_64",
"product_id": "qemu-block-ssh-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-guest-agent-2.11.2-9.12.2.x86_64",
"product_id": "qemu-guest-agent-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-kvm-2.11.2-9.12.2.x86_64",
"product_id": "qemu-kvm-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-lang-2.11.2-9.12.2.x86_64",
"product_id": "qemu-lang-2.11.2-9.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-9.12.2.x86_64",
"product": {
"name": "qemu-x86-2.11.2-9.12.2.x86_64",
"product_id": "qemu-x86-2.11.2-9.12.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-tools-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-tools-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-tools-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-tools-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-arm-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-block-curl-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-block-curl-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-block-curl-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-block-curl-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-block-rbd-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-block-rbd-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-block-rbd-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-block-ssh-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-block-ssh-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-block-ssh-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-guest-agent-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-guest-agent-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-guest-agent-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-9.12.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-9.12.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-kvm-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-kvm-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.12.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64"
},
"product_reference": "qemu-lang-2.11.2-9.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-lang-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-lang-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-lang-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.11.2-9.12.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le"
},
"product_reference": "qemu-ppc-2.11.2-9.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.11.2-9.12.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x"
},
"product_reference": "qemu-s390-2.11.2-9.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.11.0-9.12.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch"
},
"product_reference": "qemu-seabios-1.11.0-9.12.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-9.12.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch"
},
"product_reference": "qemu-sgabios-8-9.12.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.11.0-9.12.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch"
},
"product_reference": "qemu-vgabios-1.11.0-9.12.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.11.2-9.12.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
},
"product_reference": "qemu-x86-2.11.2-9.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10839"
}
],
"notes": [
{
"category": "general",
"text": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10839",
"url": "https://www.suse.com/security/cve/CVE-2018-10839"
},
{
"category": "external",
"summary": "SUSE Bug 1110910 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "external",
"summary": "SUSE Bug 1110924 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-27T12:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-10839"
},
{
"cve": "CVE-2018-15746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15746"
}
],
"notes": [
{
"category": "general",
"text": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15746",
"url": "https://www.suse.com/security/cve/CVE-2018-15746"
},
{
"category": "external",
"summary": "SUSE Bug 1106222 for CVE-2018-15746",
"url": "https://bugzilla.suse.com/1106222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-27T12:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-15746"
},
{
"cve": "CVE-2018-16847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16847"
}
],
"notes": [
{
"category": "general",
"text": "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16847",
"url": "https://www.suse.com/security/cve/CVE-2018-16847"
},
{
"category": "external",
"summary": "SUSE Bug 1114529 for CVE-2018-16847",
"url": "https://bugzilla.suse.com/1114529"
},
{
"category": "external",
"summary": "SUSE Bug 1114540 for CVE-2018-16847",
"url": "https://bugzilla.suse.com/1114540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-27T12:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-16847"
},
{
"cve": "CVE-2018-17958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17958"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17958",
"url": "https://www.suse.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "SUSE Bug 1111006 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "external",
"summary": "SUSE Bug 1111007 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-27T12:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-17958"
},
{
"cve": "CVE-2018-17962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17962"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17962",
"url": "https://www.suse.com/security/cve/CVE-2018-17962"
},
{
"category": "external",
"summary": "SUSE Bug 1111010 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "external",
"summary": "SUSE Bug 1111011 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-27T12:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-17962"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-27T12:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-18849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18849"
}
],
"notes": [
{
"category": "general",
"text": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18849",
"url": "https://www.suse.com/security/cve/CVE-2018-18849"
},
{
"category": "external",
"summary": "SUSE Bug 1114422 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "external",
"summary": "SUSE Bug 1114423 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114423"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.12.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.12.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.12.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.12.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-27T12:39:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-18849"
}
]
}
SUSE-SU-2018:3973-1
Vulnerability from csaf_suse - Published: 2018-12-04 16:27 - Updated: 2018-12-04 16:27Summary
Security update for qemu
Severity
Moderate
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
Patchnames: SUSE-SLE-SERVER-12-SP1-2018-2834
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).\n- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).\n- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).\n- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)\n- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the \u0027msg_len\u0027 field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP1-2018-2834",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3973-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3973-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183973-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3973-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183973-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1106222",
"url": "https://bugzilla.suse.com/1106222"
},
{
"category": "self",
"summary": "SUSE Bug 1110910",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "self",
"summary": "SUSE Bug 1111006",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "self",
"summary": "SUSE Bug 1111010",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "self",
"summary": "SUSE Bug 1111013",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "self",
"summary": "SUSE Bug 1114422",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15746 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17958 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17962 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18849 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18849/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2018-12-04T16:27:13Z",
"generator": {
"date": "2018-12-04T16:27:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3973-1",
"initial_release_date": "2018-12-04T16:27:13Z",
"revision_history": [
{
"date": "2018-12-04T16:27:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0-33.17.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0-33.17.1.noarch",
"product_id": "qemu-ipxe-1.0.0-33.17.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.8.1-33.17.1.noarch",
"product": {
"name": "qemu-seabios-1.8.1-33.17.1.noarch",
"product_id": "qemu-seabios-1.8.1-33.17.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-33.17.1.noarch",
"product": {
"name": "qemu-sgabios-8-33.17.1.noarch",
"product_id": "qemu-sgabios-8-33.17.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.8.1-33.17.1.noarch",
"product": {
"name": "qemu-vgabios-1.8.1-33.17.1.noarch",
"product_id": "qemu-vgabios-1.8.1-33.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.17.1.ppc64le",
"product": {
"name": "qemu-2.3.1-33.17.1.ppc64le",
"product_id": "qemu-2.3.1-33.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.17.1.ppc64le",
"product": {
"name": "qemu-block-curl-2.3.1-33.17.1.ppc64le",
"product_id": "qemu-block-curl-2.3.1-33.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"product": {
"name": "qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"product_id": "qemu-guest-agent-2.3.1-33.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.17.1.ppc64le",
"product": {
"name": "qemu-lang-2.3.1-33.17.1.ppc64le",
"product_id": "qemu-lang-2.3.1-33.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.3.1-33.17.1.ppc64le",
"product": {
"name": "qemu-ppc-2.3.1-33.17.1.ppc64le",
"product_id": "qemu-ppc-2.3.1-33.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.17.1.ppc64le",
"product": {
"name": "qemu-tools-2.3.1-33.17.1.ppc64le",
"product_id": "qemu-tools-2.3.1-33.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.17.1.s390x",
"product": {
"name": "qemu-2.3.1-33.17.1.s390x",
"product_id": "qemu-2.3.1-33.17.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.17.1.s390x",
"product": {
"name": "qemu-block-curl-2.3.1-33.17.1.s390x",
"product_id": "qemu-block-curl-2.3.1-33.17.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.17.1.s390x",
"product": {
"name": "qemu-guest-agent-2.3.1-33.17.1.s390x",
"product_id": "qemu-guest-agent-2.3.1-33.17.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.3.1-33.17.1.s390x",
"product": {
"name": "qemu-kvm-2.3.1-33.17.1.s390x",
"product_id": "qemu-kvm-2.3.1-33.17.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.17.1.s390x",
"product": {
"name": "qemu-lang-2.3.1-33.17.1.s390x",
"product_id": "qemu-lang-2.3.1-33.17.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.3.1-33.17.1.s390x",
"product": {
"name": "qemu-s390-2.3.1-33.17.1.s390x",
"product_id": "qemu-s390-2.3.1-33.17.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.17.1.s390x",
"product": {
"name": "qemu-tools-2.3.1-33.17.1.s390x",
"product_id": "qemu-tools-2.3.1-33.17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-2.3.1-33.17.1.x86_64",
"product_id": "qemu-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-block-curl-2.3.1-33.17.1.x86_64",
"product_id": "qemu-block-curl-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.3.1-33.17.1.x86_64",
"product_id": "qemu-block-rbd-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.3.1-33.17.1.x86_64",
"product_id": "qemu-guest-agent-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-kvm-2.3.1-33.17.1.x86_64",
"product_id": "qemu-kvm-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-lang-2.3.1-33.17.1.x86_64",
"product_id": "qemu-lang-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-tools-2.3.1-33.17.1.x86_64",
"product_id": "qemu-tools-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-x86-2.3.1-33.17.1.x86_64",
"product_id": "qemu-x86-2.3.1-33.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le"
},
"product_reference": "qemu-2.3.1-33.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x"
},
"product_reference": "qemu-2.3.1-33.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le"
},
"product_reference": "qemu-block-curl-2.3.1-33.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x"
},
"product_reference": "qemu-block-curl-2.3.1-33.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-block-curl-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le"
},
"product_reference": "qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x"
},
"product_reference": "qemu-guest-agent-2.3.1-33.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-33.17.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.3.1-33.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x"
},
"product_reference": "qemu-kvm-2.3.1-33.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-kvm-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le"
},
"product_reference": "qemu-lang-2.3.1-33.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x"
},
"product_reference": "qemu-lang-2.3.1-33.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-lang-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.3.1-33.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le"
},
"product_reference": "qemu-ppc-2.3.1-33.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.3.1-33.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x"
},
"product_reference": "qemu-s390-2.3.1-33.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.8.1-33.17.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch"
},
"product_reference": "qemu-seabios-1.8.1-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-33.17.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch"
},
"product_reference": "qemu-sgabios-8-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le"
},
"product_reference": "qemu-tools-2.3.1-33.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x"
},
"product_reference": "qemu-tools-2.3.1-33.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-tools-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.8.1-33.17.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch"
},
"product_reference": "qemu-vgabios-1.8.1-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-x86-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10839"
}
],
"notes": [
{
"category": "general",
"text": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10839",
"url": "https://www.suse.com/security/cve/CVE-2018-10839"
},
{
"category": "external",
"summary": "SUSE Bug 1110910 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "external",
"summary": "SUSE Bug 1110924 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-10839"
},
{
"cve": "CVE-2018-15746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15746"
}
],
"notes": [
{
"category": "general",
"text": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15746",
"url": "https://www.suse.com/security/cve/CVE-2018-15746"
},
{
"category": "external",
"summary": "SUSE Bug 1106222 for CVE-2018-15746",
"url": "https://bugzilla.suse.com/1106222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-15746"
},
{
"cve": "CVE-2018-17958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17958"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17958",
"url": "https://www.suse.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "SUSE Bug 1111006 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "external",
"summary": "SUSE Bug 1111007 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-17958"
},
{
"cve": "CVE-2018-17962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17962"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17962",
"url": "https://www.suse.com/security/cve/CVE-2018-17962"
},
{
"category": "external",
"summary": "SUSE Bug 1111010 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "external",
"summary": "SUSE Bug 1111011 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-17962"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-18849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18849"
}
],
"notes": [
{
"category": "general",
"text": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18849",
"url": "https://www.suse.com/security/cve/CVE-2018-18849"
},
{
"category": "external",
"summary": "SUSE Bug 1114422 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "external",
"summary": "SUSE Bug 1114423 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114423"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-18849"
}
]
}
SUSE-SU-2018:3973-2
Vulnerability from csaf_suse - Published: 2019-04-27 15:51 - Updated: 2019-04-27 15:51Summary
Security update for qemu
Severity
Moderate
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
Patchnames: SUSE-SLE-SAP-12-SP1-2019-1077
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).\n- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).\n- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).\n- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)\n- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the \u0027msg_len\u0027 field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2019-1077",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3973-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3973-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183973-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3973-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005395.html"
},
{
"category": "self",
"summary": "SUSE Bug 1106222",
"url": "https://bugzilla.suse.com/1106222"
},
{
"category": "self",
"summary": "SUSE Bug 1110910",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "self",
"summary": "SUSE Bug 1111006",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "self",
"summary": "SUSE Bug 1111010",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "self",
"summary": "SUSE Bug 1111013",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "self",
"summary": "SUSE Bug 1114422",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15746 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17958 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17962 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18849 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18849/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-04-27T15:51:47Z",
"generator": {
"date": "2019-04-27T15:51:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3973-2",
"initial_release_date": "2019-04-27T15:51:47Z",
"revision_history": [
{
"date": "2019-04-27T15:51:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0-33.17.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0-33.17.1.noarch",
"product_id": "qemu-ipxe-1.0.0-33.17.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.8.1-33.17.1.noarch",
"product": {
"name": "qemu-seabios-1.8.1-33.17.1.noarch",
"product_id": "qemu-seabios-1.8.1-33.17.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-33.17.1.noarch",
"product": {
"name": "qemu-sgabios-8-33.17.1.noarch",
"product_id": "qemu-sgabios-8-33.17.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.8.1-33.17.1.noarch",
"product": {
"name": "qemu-vgabios-1.8.1-33.17.1.noarch",
"product_id": "qemu-vgabios-1.8.1-33.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-2.3.1-33.17.1.x86_64",
"product_id": "qemu-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-block-curl-2.3.1-33.17.1.x86_64",
"product_id": "qemu-block-curl-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.3.1-33.17.1.x86_64",
"product_id": "qemu-block-rbd-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.3.1-33.17.1.x86_64",
"product_id": "qemu-guest-agent-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-kvm-2.3.1-33.17.1.x86_64",
"product_id": "qemu-kvm-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-lang-2.3.1-33.17.1.x86_64",
"product_id": "qemu-lang-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-tools-2.3.1-33.17.1.x86_64",
"product_id": "qemu-tools-2.3.1-33.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.3.1-33.17.1.x86_64",
"product": {
"name": "qemu-x86-2.3.1-33.17.1.x86_64",
"product_id": "qemu-x86-2.3.1-33.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-block-curl-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-33.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-kvm-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-lang-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.8.1-33.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch"
},
"product_reference": "qemu-seabios-1.8.1-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-33.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch"
},
"product_reference": "qemu-sgabios-8-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-tools-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.8.1-33.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch"
},
"product_reference": "qemu-vgabios-1.8.1-33.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.3.1-33.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
},
"product_reference": "qemu-x86-2.3.1-33.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10839"
}
],
"notes": [
{
"category": "general",
"text": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10839",
"url": "https://www.suse.com/security/cve/CVE-2018-10839"
},
{
"category": "external",
"summary": "SUSE Bug 1110910 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "external",
"summary": "SUSE Bug 1110924 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2018-10839"
},
{
"cve": "CVE-2018-15746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15746"
}
],
"notes": [
{
"category": "general",
"text": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15746",
"url": "https://www.suse.com/security/cve/CVE-2018-15746"
},
{
"category": "external",
"summary": "SUSE Bug 1106222 for CVE-2018-15746",
"url": "https://bugzilla.suse.com/1106222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2018-15746"
},
{
"cve": "CVE-2018-17958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17958"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17958",
"url": "https://www.suse.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "SUSE Bug 1111006 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "external",
"summary": "SUSE Bug 1111007 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2018-17958"
},
{
"cve": "CVE-2018-17962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17962"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17962",
"url": "https://www.suse.com/security/cve/CVE-2018-17962"
},
{
"category": "external",
"summary": "SUSE Bug 1111010 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "external",
"summary": "SUSE Bug 1111011 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2018-17962"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-18849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18849"
}
],
"notes": [
{
"category": "general",
"text": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18849",
"url": "https://www.suse.com/security/cve/CVE-2018-18849"
},
{
"category": "external",
"summary": "SUSE Bug 1114422 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "external",
"summary": "SUSE Bug 1114423 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114423"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2018-18849"
}
]
}
SUSE-SU-2018:3975-1
Vulnerability from csaf_suse - Published: 2018-12-04 16:27 - Updated: 2018-12-04 16:27Summary
Security update for kvm
Severity
Moderate
Notes
Title of the patch: Security update for kvm
Description of the patch: This update for kvm fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
- CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185).
Patchnames: slessp4-kvm-13891
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kvm fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).\n- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).\n- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).\n- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)\n- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the \u0027msg_len\u0027 field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).\n- CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-kvm-13891",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3975-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3975-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183975-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3975-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183975-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1106222",
"url": "https://bugzilla.suse.com/1106222"
},
{
"category": "self",
"summary": "SUSE Bug 1110910",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "self",
"summary": "SUSE Bug 1111006",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "self",
"summary": "SUSE Bug 1111010",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "self",
"summary": "SUSE Bug 1111013",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "self",
"summary": "SUSE Bug 1112185",
"url": "https://bugzilla.suse.com/1112185"
},
{
"category": "self",
"summary": "SUSE Bug 1114422",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15746 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17958 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17962 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18438 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18849 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18849/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2018-12-04T16:27:54Z",
"generator": {
"date": "2018-12-04T16:27:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3975-1",
"initial_release_date": "2018-12-04T16:27:54Z",
"revision_history": [
{
"date": "2018-12-04T16:27:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.18.2.i586",
"product": {
"name": "kvm-1.4.2-60.18.2.i586",
"product_id": "kvm-1.4.2-60.18.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.18.2.s390x",
"product": {
"name": "kvm-1.4.2-60.18.2.s390x",
"product_id": "kvm-1.4.2-60.18.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.18.2.x86_64",
"product": {
"name": "kvm-1.4.2-60.18.2.x86_64",
"product_id": "kvm-1.4.2-60.18.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.18.2.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586"
},
"product_reference": "kvm-1.4.2-60.18.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.18.2.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x"
},
"product_reference": "kvm-1.4.2-60.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.18.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64"
},
"product_reference": "kvm-1.4.2-60.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.18.2.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586"
},
"product_reference": "kvm-1.4.2-60.18.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x"
},
"product_reference": "kvm-1.4.2-60.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
},
"product_reference": "kvm-1.4.2-60.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10839"
}
],
"notes": [
{
"category": "general",
"text": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10839",
"url": "https://www.suse.com/security/cve/CVE-2018-10839"
},
{
"category": "external",
"summary": "SUSE Bug 1110910 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "external",
"summary": "SUSE Bug 1110924 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-10839"
},
{
"cve": "CVE-2018-15746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15746"
}
],
"notes": [
{
"category": "general",
"text": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15746",
"url": "https://www.suse.com/security/cve/CVE-2018-15746"
},
{
"category": "external",
"summary": "SUSE Bug 1106222 for CVE-2018-15746",
"url": "https://bugzilla.suse.com/1106222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-15746"
},
{
"cve": "CVE-2018-17958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17958"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17958",
"url": "https://www.suse.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "SUSE Bug 1111006 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "external",
"summary": "SUSE Bug 1111007 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-17958"
},
{
"cve": "CVE-2018-17962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17962"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17962",
"url": "https://www.suse.com/security/cve/CVE-2018-17962"
},
{
"category": "external",
"summary": "SUSE Bug 1111010 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "external",
"summary": "SUSE Bug 1111011 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-17962"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-18438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18438"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18438",
"url": "https://www.suse.com/security/cve/CVE-2018-18438"
},
{
"category": "external",
"summary": "SUSE Bug 1112185 for CVE-2018-18438",
"url": "https://bugzilla.suse.com/1112185"
},
{
"category": "external",
"summary": "SUSE Bug 1112188 for CVE-2018-18438",
"url": "https://bugzilla.suse.com/1112188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-18438"
},
{
"cve": "CVE-2018-18849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18849"
}
],
"notes": [
{
"category": "general",
"text": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18849",
"url": "https://www.suse.com/security/cve/CVE-2018-18849"
},
{
"category": "external",
"summary": "SUSE Bug 1114422 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "external",
"summary": "SUSE Bug 1114423 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114423"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-04T16:27:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-18849"
}
]
}
SUSE-SU-2018:3987-1
Vulnerability from csaf_suse - Published: 2018-12-05 13:48 - Updated: 2018-12-05 13:48Summary
Security update for kvm
Severity
Moderate
Notes
Title of the patch: Security update for kvm
Description of the patch: This update for kvm fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
- CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185).
Patchnames: sleposp3-kvm-13894,slessp3-kvm-13894
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kvm fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).\n- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).\n- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).\n- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)\n- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the \u0027msg_len\u0027 field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).\n- CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-kvm-13894,slessp3-kvm-13894",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3987-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3987-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183987-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3987-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004921.html"
},
{
"category": "self",
"summary": "SUSE Bug 1106222",
"url": "https://bugzilla.suse.com/1106222"
},
{
"category": "self",
"summary": "SUSE Bug 1110910",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "self",
"summary": "SUSE Bug 1111006",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "self",
"summary": "SUSE Bug 1111010",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "self",
"summary": "SUSE Bug 1111013",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "self",
"summary": "SUSE Bug 1112185",
"url": "https://bugzilla.suse.com/1112185"
},
{
"category": "self",
"summary": "SUSE Bug 1114422",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15746 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17958 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17962 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18438 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18849 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18849/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2018-12-05T13:48:59Z",
"generator": {
"date": "2018-12-05T13:48:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3987-1",
"initial_release_date": "2018-12-05T13:48:59Z",
"revision_history": [
{
"date": "2018-12-05T13:48:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-53.26.2.i586",
"product": {
"name": "kvm-1.4.2-53.26.2.i586",
"product_id": "kvm-1.4.2-53.26.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-53.26.2.s390x",
"product": {
"name": "kvm-1.4.2-53.26.2.s390x",
"product_id": "kvm-1.4.2-53.26.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-53.26.2.x86_64",
"product": {
"name": "kvm-1.4.2-53.26.2.x86_64",
"product_id": "kvm-1.4.2-53.26.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.26.2.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586"
},
"product_reference": "kvm-1.4.2-53.26.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.26.2.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586"
},
"product_reference": "kvm-1.4.2-53.26.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.26.2.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x"
},
"product_reference": "kvm-1.4.2-53.26.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.26.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64"
},
"product_reference": "kvm-1.4.2-53.26.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.26.2.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586"
},
"product_reference": "kvm-1.4.2-53.26.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.26.2.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x"
},
"product_reference": "kvm-1.4.2-53.26.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.26.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
},
"product_reference": "kvm-1.4.2-53.26.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10839"
}
],
"notes": [
{
"category": "general",
"text": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10839",
"url": "https://www.suse.com/security/cve/CVE-2018-10839"
},
{
"category": "external",
"summary": "SUSE Bug 1110910 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "external",
"summary": "SUSE Bug 1110924 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T13:48:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-10839"
},
{
"cve": "CVE-2018-15746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15746"
}
],
"notes": [
{
"category": "general",
"text": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15746",
"url": "https://www.suse.com/security/cve/CVE-2018-15746"
},
{
"category": "external",
"summary": "SUSE Bug 1106222 for CVE-2018-15746",
"url": "https://bugzilla.suse.com/1106222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T13:48:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-15746"
},
{
"cve": "CVE-2018-17958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17958"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17958",
"url": "https://www.suse.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "SUSE Bug 1111006 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "external",
"summary": "SUSE Bug 1111007 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T13:48:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-17958"
},
{
"cve": "CVE-2018-17962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17962"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17962",
"url": "https://www.suse.com/security/cve/CVE-2018-17962"
},
{
"category": "external",
"summary": "SUSE Bug 1111010 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "external",
"summary": "SUSE Bug 1111011 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T13:48:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-17962"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T13:48:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-18438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18438"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18438",
"url": "https://www.suse.com/security/cve/CVE-2018-18438"
},
{
"category": "external",
"summary": "SUSE Bug 1112185 for CVE-2018-18438",
"url": "https://bugzilla.suse.com/1112185"
},
{
"category": "external",
"summary": "SUSE Bug 1112188 for CVE-2018-18438",
"url": "https://bugzilla.suse.com/1112188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T13:48:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-18438"
},
{
"cve": "CVE-2018-18849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18849"
}
],
"notes": [
{
"category": "general",
"text": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18849",
"url": "https://www.suse.com/security/cve/CVE-2018-18849"
},
{
"category": "external",
"summary": "SUSE Bug 1114422 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "external",
"summary": "SUSE Bug 1114423 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114423"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.26.2.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.26.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T13:48:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-18849"
}
]
}
SUSE-SU-2018:4129-1
Vulnerability from csaf_suse - Published: 2018-12-14 15:13 - Updated: 2018-12-14 15:13Summary
Security update for qemu
Severity
Moderate
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).
Non-security issues fixed:
- Improving disk performance for qemu on xen (bsc#1100408)
Patchnames: SUSE-SLE-DESKTOP-12-SP3-2018-2944,SUSE-SLE-SERVER-12-SP3-2018-2944
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).\n- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).\n- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).\n- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013)\n- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the \u0027msg_len\u0027 field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNon-security issues fixed:\n\n- Improving disk performance for qemu on xen (bsc#1100408)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-2944,SUSE-SLE-SERVER-12-SP3-2018-2944",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4129-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:4129-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184129-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:4129-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004966.html"
},
{
"category": "self",
"summary": "SUSE Bug 1100408",
"url": "https://bugzilla.suse.com/1100408"
},
{
"category": "self",
"summary": "SUSE Bug 1106222",
"url": "https://bugzilla.suse.com/1106222"
},
{
"category": "self",
"summary": "SUSE Bug 1110910",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "self",
"summary": "SUSE Bug 1111006",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "self",
"summary": "SUSE Bug 1111010",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "self",
"summary": "SUSE Bug 1111013",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "self",
"summary": "SUSE Bug 1114422",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15746 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17958 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17962 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17963 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18849 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18849/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2018-12-14T15:13:03Z",
"generator": {
"date": "2018-12-14T15:13:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:4129-1",
"initial_release_date": "2018-12-14T15:13:03Z",
"revision_history": [
{
"date": "2018-12-14T15:13:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-2.9.1-6.22.3.aarch64",
"product_id": "qemu-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-arm-2.9.1-6.22.3.aarch64",
"product_id": "qemu-arm-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-block-curl-2.9.1-6.22.3.aarch64",
"product_id": "qemu-block-curl-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"product_id": "qemu-block-iscsi-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-block-rbd-2.9.1-6.22.3.aarch64",
"product_id": "qemu-block-rbd-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-block-ssh-2.9.1-6.22.3.aarch64",
"product_id": "qemu-block-ssh-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-guest-agent-2.9.1-6.22.3.aarch64",
"product_id": "qemu-guest-agent-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-lang-2.9.1-6.22.3.aarch64",
"product_id": "qemu-lang-2.9.1-6.22.3.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.22.3.aarch64",
"product": {
"name": "qemu-tools-2.9.1-6.22.3.aarch64",
"product_id": "qemu-tools-2.9.1-6.22.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-6.22.3.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-6.22.3.noarch",
"product_id": "qemu-ipxe-1.0.0+-6.22.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.10.2-6.22.3.noarch",
"product": {
"name": "qemu-seabios-1.10.2-6.22.3.noarch",
"product_id": "qemu-seabios-1.10.2-6.22.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-6.22.3.noarch",
"product": {
"name": "qemu-sgabios-8-6.22.3.noarch",
"product_id": "qemu-sgabios-8-6.22.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.10.2-6.22.3.noarch",
"product": {
"name": "qemu-vgabios-1.10.2-6.22.3.noarch",
"product_id": "qemu-vgabios-1.10.2-6.22.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-2.9.1-6.22.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-block-curl-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-block-curl-2.9.1-6.22.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-block-iscsi-2.9.1-6.22.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-block-ssh-2.9.1-6.22.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-guest-agent-2.9.1-6.22.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-lang-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-lang-2.9.1-6.22.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-ppc-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-ppc-2.9.1-6.22.3.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.22.3.ppc64le",
"product": {
"name": "qemu-tools-2.9.1-6.22.3.ppc64le",
"product_id": "qemu-tools-2.9.1-6.22.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-2.9.1-6.22.3.s390x",
"product_id": "qemu-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-block-curl-2.9.1-6.22.3.s390x",
"product_id": "qemu-block-curl-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.s390x",
"product_id": "qemu-block-iscsi-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-block-ssh-2.9.1-6.22.3.s390x",
"product_id": "qemu-block-ssh-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-guest-agent-2.9.1-6.22.3.s390x",
"product_id": "qemu-guest-agent-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-kvm-2.9.1-6.22.3.s390x",
"product_id": "qemu-kvm-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-lang-2.9.1-6.22.3.s390x",
"product_id": "qemu-lang-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-s390-2.9.1-6.22.3.s390x",
"product_id": "qemu-s390-2.9.1-6.22.3.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.22.3.s390x",
"product": {
"name": "qemu-tools-2.9.1-6.22.3.s390x",
"product_id": "qemu-tools-2.9.1-6.22.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-2.9.1-6.22.3.x86_64",
"product_id": "qemu-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-block-curl-2.9.1-6.22.3.x86_64",
"product_id": "qemu-block-curl-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-kvm-2.9.1-6.22.3.x86_64",
"product_id": "qemu-kvm-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-tools-2.9.1-6.22.3.x86_64",
"product_id": "qemu-tools-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-x86-2.9.1-6.22.3.x86_64",
"product_id": "qemu-x86-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"product_id": "qemu-block-iscsi-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-block-rbd-2.9.1-6.22.3.x86_64",
"product_id": "qemu-block-rbd-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-block-ssh-2.9.1-6.22.3.x86_64",
"product_id": "qemu-block-ssh-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-guest-agent-2.9.1-6.22.3.x86_64",
"product_id": "qemu-guest-agent-2.9.1-6.22.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.22.3.x86_64",
"product": {
"name": "qemu-lang-2.9.1-6.22.3.x86_64",
"product_id": "qemu-lang-2.9.1-6.22.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.22.3.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.22.3.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.22.3.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch"
},
"product_reference": "qemu-sgabios-8-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.22.3.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-arm-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.22.3.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-kvm-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-ppc-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-s390-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.22.3.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.22.3.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch"
},
"product_reference": "qemu-sgabios-8-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.22.3.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-arm-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.22.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-kvm-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-ppc-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-s390-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.22.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.22.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch"
},
"product_reference": "qemu-sgabios-8-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.22.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.22.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.22.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.22.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10839"
}
],
"notes": [
{
"category": "general",
"text": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10839",
"url": "https://www.suse.com/security/cve/CVE-2018-10839"
},
{
"category": "external",
"summary": "SUSE Bug 1110910 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110910"
},
{
"category": "external",
"summary": "SUSE Bug 1110924 for CVE-2018-10839",
"url": "https://bugzilla.suse.com/1110924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10839"
},
{
"cve": "CVE-2018-15746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15746"
}
],
"notes": [
{
"category": "general",
"text": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15746",
"url": "https://www.suse.com/security/cve/CVE-2018-15746"
},
{
"category": "external",
"summary": "SUSE Bug 1106222 for CVE-2018-15746",
"url": "https://bugzilla.suse.com/1106222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-15746"
},
{
"cve": "CVE-2018-17958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17958"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17958",
"url": "https://www.suse.com/security/cve/CVE-2018-17958"
},
{
"category": "external",
"summary": "SUSE Bug 1111006 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111006"
},
{
"category": "external",
"summary": "SUSE Bug 1111007 for CVE-2018-17958",
"url": "https://bugzilla.suse.com/1111007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-17958"
},
{
"cve": "CVE-2018-17962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17962"
}
],
"notes": [
{
"category": "general",
"text": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17962",
"url": "https://www.suse.com/security/cve/CVE-2018-17962"
},
{
"category": "external",
"summary": "SUSE Bug 1111010 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111010"
},
{
"category": "external",
"summary": "SUSE Bug 1111011 for CVE-2018-17962",
"url": "https://bugzilla.suse.com/1111011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-17962"
},
{
"cve": "CVE-2018-17963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17963"
}
],
"notes": [
{
"category": "general",
"text": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17963",
"url": "https://www.suse.com/security/cve/CVE-2018-17963"
},
{
"category": "external",
"summary": "SUSE Bug 1111013 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111013"
},
{
"category": "external",
"summary": "SUSE Bug 1111014 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1111014"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-17963",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-17963"
},
{
"cve": "CVE-2018-18849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18849"
}
],
"notes": [
{
"category": "general",
"text": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18849",
"url": "https://www.suse.com/security/cve/CVE-2018-18849"
},
{
"category": "external",
"summary": "SUSE Bug 1114422 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114422"
},
{
"category": "external",
"summary": "SUSE Bug 1114423 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1114423"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-18849",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-arm-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-s390-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.22.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.22.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.22.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-14T15:13:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-18849"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…