SUSE-SU-2019:2956-1
- Source
- https://www.suse.com/support/update/announcement/2019/suse-su-20192956-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2956-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2019:2956-1
- Upstream
- Related
- Published
- 2019-11-12T18:15:08Z
- Modified
- 2025-05-08T17:13:45.972608Z
- Summary
- Security update for qemu
- Details
-
This update for qemu fixes the following issues:
Remove a backslash '\' escape character from 80-qemu-ga.rules (bsc#1153358) Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in sles 12 sp4 or newer guest only needs one escape character.
Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)
- Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4
- References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-20192956-1/
- https://bugzilla.suse.com/1119991
- https://bugzilla.suse.com/1146873
- https://bugzilla.suse.com/1152506
- https://bugzilla.suse.com/1153358
- https://bugzilla.suse.com/1155812
- https://www.suse.com/security/cve/CVE-2018-12207
- https://www.suse.com/security/cve/CVE-2018-20126
- https://www.suse.com/security/cve/CVE-2019-11135
- https://www.suse.com/security/cve/CVE-2019-12068
Affected packages
SUSE:Linux Enterprise Desktop 12 SP4
qemu
Package
- Name
- qemu
- Purl
- pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.11.2-5.23.2
Ecosystem specific
{
"binaries": [
{
"qemu-ipxe": "1.0.0+-5.23.2",
"qemu-kvm": "2.11.2-5.23.2",
"qemu-block-curl": "2.11.2-5.23.2",
"qemu-sgabios": "8-5.23.2",
"qemu-vgabios": "1.11.0-5.23.2",
"qemu-seabios": "1.11.0-5.23.2",
"qemu-tools": "2.11.2-5.23.2",
"qemu": "2.11.2-5.23.2",
"qemu-x86": "2.11.2-5.23.2"
}
]
}SUSE:Linux Enterprise Server 12 SP4
qemu
Package
- Name
- qemu
- Purl
- pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.11.2-5.23.2
Ecosystem specific
{
"binaries": [
{
"qemu-ipxe": "1.0.0+-5.23.2",
"qemu-s390": "2.11.2-5.23.2",
"qemu-seabios": "1.11.0-5.23.2",
"qemu-block-curl": "2.11.2-5.23.2",
"qemu": "2.11.2-5.23.2",
"qemu-kvm": "2.11.2-5.23.2",
"qemu-block-iscsi": "2.11.2-5.23.2",
"qemu-lang": "2.11.2-5.23.2",
"qemu-block-rbd": "2.11.2-5.23.2",
"qemu-sgabios": "8-5.23.2",
"qemu-ppc": "2.11.2-5.23.2",
"qemu-arm": "2.11.2-5.23.2",
"qemu-vgabios": "1.11.0-5.23.2",
"qemu-block-ssh": "2.11.2-5.23.2",
"qemu-guest-agent": "2.11.2-5.23.2",
"qemu-tools": "2.11.2-5.23.2",
"qemu-x86": "2.11.2-5.23.2"
}
]
}SUSE:Linux Enterprise Server for SAP Applications 12 SP4
qemu
Package
- Name
- qemu
- Purl
- pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.11.2-5.23.2
Ecosystem specific
{
"binaries": [
{
"qemu-ipxe": "1.0.0+-5.23.2",
"qemu-s390": "2.11.2-5.23.2",
"qemu-seabios": "1.11.0-5.23.2",
"qemu-block-curl": "2.11.2-5.23.2",
"qemu": "2.11.2-5.23.2",
"qemu-kvm": "2.11.2-5.23.2",
"qemu-block-iscsi": "2.11.2-5.23.2",
"qemu-lang": "2.11.2-5.23.2",
"qemu-block-rbd": "2.11.2-5.23.2",
"qemu-sgabios": "8-5.23.2",
"qemu-ppc": "2.11.2-5.23.2",
"qemu-arm": "2.11.2-5.23.2",
"qemu-vgabios": "1.11.0-5.23.2",
"qemu-block-ssh": "2.11.2-5.23.2",
"qemu-guest-agent": "2.11.2-5.23.2",
"qemu-tools": "2.11.2-5.23.2",
"qemu-x86": "2.11.2-5.23.2"
}
]
}