SB2019042505 - OpenSUSE Linux update for qemu
Published: April 25, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2018-20815)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the deprecated "load_image" function, as defined in the "device_tree.c" file. A remote attacker can submit a large image file to the affected system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Out-of-bounds read (CVE-ID: CVE-2019-3812)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to an out-of-bounds read condition in the i2c_ddc() function, as defined in the hw/i2c/i2c-ddc.c source code file. A local attacker can execute malicious i2c commands, trigger an out-of-bounds read condition and access sensitive information on a targeted system.
3) Improper access control (CVE-ID: CVE-2019-8934)
The vulnerability allows a local user to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in the hw/ppc/spapr.c in the way hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes. A local user from guest operating system can gain access to sensitive information on the host operating system.4) Memory leak (CVE-ID: CVE-2019-9824)
The vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due memory leak within the SLiRP networking implementation. A local user can read uninitialised stack memory contents.
Remediation
Install update from vendor's website.