1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2018:2650-1

[SUSE-SU-2018:2650-1] Security update for kvm

Severity Moderate
Affected Packages 3
CVEs 3
Info Packages References Vulnerabilities

Security update for kvm

This update for kvm fixes the following security issues:

  • CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735)
  • CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223)

With this release the mitigations for Spectre v4 are moved the the patches from
upstream (CVE-2018-3639, bsc#1092885).

Package Affected Version
pkg:rpm/suse/kvm?arch=x86_64&distro=sles-11&sp=4 < 1.4.2-60.15.2
pkg:rpm/suse/kvm?arch=s390x&distro=sles-11&sp=4 < 1.4.2-60.15.2
pkg:rpm/suse/kvm?arch=i586&distro=sles-11&sp=4 < 1.4.2-60.15.2
ID
SUSE-SU-2018:2650-1
Severity
moderate
URL
https://www.suse.com/support/update/announcement/2018/suse-su-20182650-1/
Published
2018-09-07T10:42:35
(6 years ago)
Modified
2018-09-07T10:42:35
(6 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kvm?arch=x86_64&distro=sles-11&sp=4 suse kvm < 1.4.2-60.15.2 sles-11 x86_64
Affected pkg:rpm/suse/kvm?arch=s390x&distro=sles-11&sp=4 suse kvm < 1.4.2-60.15.2 sles-11 s390x
Affected pkg:rpm/suse/kvm?arch=i586&distro=sles-11&sp=4 suse kvm < 1.4.2-60.15.2 sles-11 i586
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date