SB2019090204 - OpenSUSE Linux update for qemu
Published: September 2, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2019-12155)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in "hw/display/qxl.c". A remote attacker can perform a denial of service (DoS) attack.
2) Improper access control (CVE-ID: CVE-2019-13164)
The vulnerability allows a local attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to qemu-bridge-helper.c does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size. A local attacker can create a tap device and attach it to a denied bridge interface, bypass the Access Control List (ACL) and get access to confidential data transmitted on the bridge.
3) Heap-based buffer overflow (CVE-ID: CVE-2019-14378)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ip_reass() function in ip_input.c in libslirp. A remote authenticated attacker can send a large packet, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) NULL pointer dereference (CVE-ID: CVE-2019-5008)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in "hw/sparc64/sun4u.c". A remote attacker can trigger denial of service conditions via a device driver.
Remediation
Install update from vendor's website.