SUSE-SU-2019:2192-1 -- SLES qemu, qemu-guest-agentID: oval:org.secpod.oval:def:89050551 | Date: (C)2023-10-16 (M)2023-10-15 |
Class: PATCH | Family: unix |
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long . - CVE-2019-5008: Fix DoS in sparc64 virtual machine possible through guest device driver . Bug fixes and enhancements: - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge - Add SnowRidge-Server vcpu model - Add in documentation about md-clear feature - Fix SEV issue where older machine type is not processed correctly - Fix case of a bad pointer in Xen PV usb support code - Further refine arch-capabilities handling to help with security and performance in Intel hosts - Add support for one more security/performance related vcpu feature - Ignore csske for expanding the cpu model
Platform: |
SUSE Linux Enterprise Desktop 15 SP1 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
qemu |
qemu-guest-agent |