SUSE-SU-2018:2973-1 -- SLES qemu, qemu-guest-agentID: oval:org.secpod.oval:def:89043868 | Date: (C)2021-03-05 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command to the agent via the listening socket causing DoS - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams With this release the mitigations for Spectre v4 are moved the the patches from upstream .
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
qemu |
qemu-guest-agent |