An update that solves 14 vulnerabilities, contains one
feature and has 5 fixes is now available.
Description:
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset
(bsc#1185981)
- CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU
device (bsc#1186010)
- CVE-2021-3545: Fix information disclosure due to uninitialized memory
read (bsc#1185990)
- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block
SDMA (bsc#1176681)
- CVE-2020-10756: Fix out-of-bounds read information disclosure in
icmp6_send_echoreply(bsc#1172380)
- For the record, these issues are fixed in this package already. Most are
alternate references to previously mentioned issues: (CVE-2019-15890,
bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534,
CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935,
CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484,
CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975)
Non-security issues fixed:
- Fix issue where s390 guest fails to find zipl boot menu index
(bsc#1183979)
- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)
- Host CPU microcode revision will be visible inside VMs when the proper
CPU-model is used (jsc#SLE-17785):
- Fix testsuite error (bsc#1184574)
- Fix qemu crash with iothread when block commit after snapshot
(bsc#1187013)
- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)
- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: