Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-12068 (GCVE-0-2019-12068)
Vulnerability from cvelistv5
Published
2019-09-24 19:59
Modified
2024-08-04 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-26T13:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12068",
"datePublished": "2019-09-24T19:59:44",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-12068\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-09-24T20:15:11.747\",\"lastModified\":\"2024-11-21T04:22:10.287\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.\"},{\"lang\":\"es\",\"value\":\"En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, y 1:2.1+dfsg-12+deb8u12 (corregida), cuando se ejecuta el script en la funci\u00f3n lsi_execute_script(), el emulador del adaptador scsi de LSI avanza el \u00edndice \\\"s-)dsp\\\" para leer el pr\u00f3ximo opcode. Esto puede conllevar a un bucle infinito si el siguiente opcode est\u00e1 vac\u00edo. Mueve la salida del bucle existente despu\u00e9s de 10k iteraciones para que cubra tambi\u00e9n los opcodes no operativos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.0,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:4.1-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80139FFB-0C8E-4D88-B457-3460D1BDCE81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:2.1\\\\+dfsg-12\\\\+deb8u6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1550DA8-F690-4336-8A55-0A762CB4457C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:2.8\\\\+dfsg-6\\\\+deb9u8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F879A847-3201-4368-9727-5BD52E5BC7DA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:3.1\\\\+dfsg-8\\\\+deb10u2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D616634-2792-430E-8979-AF2AA875890F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:3.1\\\\+dfsg-8\\\\~deb10u1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA49E4C-9EB1-49A2-82A6-A21A17D46A9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2019-12068\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4665\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2019-12068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
suse-su-2020:1526-1
Vulnerability from csaf_suse
Published
2020-06-03 10:04
Modified
2020-06-03 10:04
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).
- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).
Patchnames
SUSE-2020-1526,SUSE-OpenStack-Cloud-7-2020-1526,SUSE-SLE-SAP-12-SP2-2020-1526,SUSE-SLE-SERVER-12-SP2-2020-1526,SUSE-SLE-SERVER-12-SP2-BCL-2020-1526
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).\n- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).\n- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).\n- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).\n- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).\n- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).\n- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1526,SUSE-OpenStack-Cloud-7-2020-1526,SUSE-SLE-SAP-12-SP2-2020-1526,SUSE-SLE-SERVER-12-SP2-2020-1526,SUSE-SLE-SERVER-12-SP2-BCL-2020-1526",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1526-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1526-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201526-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1526-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/006877.html"
},
{
"category": "self",
"summary": "SUSE Bug 1123156",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1161066",
"url": "https://bugzilla.suse.com/1161066"
},
{
"category": "self",
"summary": "SUSE Bug 1163018",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "self",
"summary": "SUSE Bug 1166240",
"url": "https://bugzilla.suse.com/1166240"
},
{
"category": "self",
"summary": "SUSE Bug 1170940",
"url": "https://bugzilla.suse.com/1170940"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1711 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1983 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7039 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8608 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8608/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2020-06-03T10:04:37Z",
"generator": {
"date": "2020-06-03T10:04:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1526-1",
"initial_release_date": "2020-06-03T10:04:37Z",
"revision_history": [
{
"date": "2020-06-03T10:04:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-2.6.2-41.59.1.aarch64",
"product_id": "qemu-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-arm-2.6.2-41.59.1.aarch64",
"product_id": "qemu-arm-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-block-curl-2.6.2-41.59.1.aarch64",
"product_id": "qemu-block-curl-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-block-dmg-2.6.2-41.59.1.aarch64",
"product_id": "qemu-block-dmg-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-block-iscsi-2.6.2-41.59.1.aarch64",
"product_id": "qemu-block-iscsi-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-block-rbd-2.6.2-41.59.1.aarch64",
"product_id": "qemu-block-rbd-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-block-ssh-2.6.2-41.59.1.aarch64",
"product_id": "qemu-block-ssh-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-extra-2.6.2-41.59.1.aarch64",
"product_id": "qemu-extra-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-guest-agent-2.6.2-41.59.1.aarch64",
"product_id": "qemu-guest-agent-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-lang-2.6.2-41.59.1.aarch64",
"product_id": "qemu-lang-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-linux-user-2.6.2-41.59.1.aarch64",
"product_id": "qemu-linux-user-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-ppc-2.6.2-41.59.1.aarch64",
"product_id": "qemu-ppc-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-s390-2.6.2-41.59.1.aarch64",
"product_id": "qemu-s390-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-testsuite-2.6.2-41.59.1.aarch64",
"product_id": "qemu-testsuite-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-tools-2.6.2-41.59.1.aarch64",
"product_id": "qemu-tools-2.6.2-41.59.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.6.2-41.59.1.aarch64",
"product": {
"name": "qemu-x86-2.6.2-41.59.1.aarch64",
"product_id": "qemu-x86-2.6.2-41.59.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-2.6.2-41.59.1.i586",
"product_id": "qemu-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-arm-2.6.2-41.59.1.i586",
"product_id": "qemu-arm-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-block-curl-2.6.2-41.59.1.i586",
"product_id": "qemu-block-curl-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-block-dmg-2.6.2-41.59.1.i586",
"product_id": "qemu-block-dmg-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-block-iscsi-2.6.2-41.59.1.i586",
"product_id": "qemu-block-iscsi-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-block-ssh-2.6.2-41.59.1.i586",
"product_id": "qemu-block-ssh-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-extra-2.6.2-41.59.1.i586",
"product_id": "qemu-extra-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-guest-agent-2.6.2-41.59.1.i586",
"product_id": "qemu-guest-agent-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-kvm-2.6.2-41.59.1.i586",
"product_id": "qemu-kvm-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-lang-2.6.2-41.59.1.i586",
"product_id": "qemu-lang-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-linux-user-2.6.2-41.59.1.i586",
"product_id": "qemu-linux-user-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-ppc-2.6.2-41.59.1.i586",
"product_id": "qemu-ppc-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-s390-2.6.2-41.59.1.i586",
"product_id": "qemu-s390-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-testsuite-2.6.2-41.59.1.i586",
"product_id": "qemu-testsuite-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-tools-2.6.2-41.59.1.i586",
"product_id": "qemu-tools-2.6.2-41.59.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.6.2-41.59.1.i586",
"product": {
"name": "qemu-x86-2.6.2-41.59.1.i586",
"product_id": "qemu-x86-2.6.2-41.59.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0-41.59.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0-41.59.1.noarch",
"product_id": "qemu-ipxe-1.0.0-41.59.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.9.1-41.59.1.noarch",
"product": {
"name": "qemu-seabios-1.9.1-41.59.1.noarch",
"product_id": "qemu-seabios-1.9.1-41.59.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-41.59.1.noarch",
"product": {
"name": "qemu-sgabios-8-41.59.1.noarch",
"product_id": "qemu-sgabios-8-41.59.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.9.1-41.59.1.noarch",
"product": {
"name": "qemu-vgabios-1.9.1-41.59.1.noarch",
"product_id": "qemu-vgabios-1.9.1-41.59.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-arm-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-arm-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-block-curl-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-block-curl-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-block-dmg-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-block-dmg-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-block-iscsi-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-block-iscsi-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-block-ssh-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-extra-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-extra-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-guest-agent-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-lang-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-lang-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-linux-user-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-linux-user-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-ppc-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-ppc-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-s390-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-s390-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-testsuite-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-testsuite-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-tools-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-tools-2.6.2-41.59.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.6.2-41.59.1.ppc64le",
"product": {
"name": "qemu-x86-2.6.2-41.59.1.ppc64le",
"product_id": "qemu-x86-2.6.2-41.59.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-2.6.2-41.59.1.s390x",
"product_id": "qemu-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-arm-2.6.2-41.59.1.s390x",
"product_id": "qemu-arm-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-block-curl-2.6.2-41.59.1.s390x",
"product_id": "qemu-block-curl-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-block-dmg-2.6.2-41.59.1.s390x",
"product_id": "qemu-block-dmg-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-block-iscsi-2.6.2-41.59.1.s390x",
"product_id": "qemu-block-iscsi-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-block-ssh-2.6.2-41.59.1.s390x",
"product_id": "qemu-block-ssh-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-extra-2.6.2-41.59.1.s390x",
"product_id": "qemu-extra-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-guest-agent-2.6.2-41.59.1.s390x",
"product_id": "qemu-guest-agent-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-kvm-2.6.2-41.59.1.s390x",
"product_id": "qemu-kvm-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-lang-2.6.2-41.59.1.s390x",
"product_id": "qemu-lang-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-linux-user-2.6.2-41.59.1.s390x",
"product_id": "qemu-linux-user-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-ppc-2.6.2-41.59.1.s390x",
"product_id": "qemu-ppc-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-s390-2.6.2-41.59.1.s390x",
"product_id": "qemu-s390-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-tools-2.6.2-41.59.1.s390x",
"product_id": "qemu-tools-2.6.2-41.59.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.6.2-41.59.1.s390x",
"product": {
"name": "qemu-x86-2.6.2-41.59.1.s390x",
"product_id": "qemu-x86-2.6.2-41.59.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-2.6.2-41.59.1.x86_64",
"product_id": "qemu-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-arm-2.6.2-41.59.1.x86_64",
"product_id": "qemu-arm-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-block-curl-2.6.2-41.59.1.x86_64",
"product_id": "qemu-block-curl-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-block-dmg-2.6.2-41.59.1.x86_64",
"product_id": "qemu-block-dmg-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-block-iscsi-2.6.2-41.59.1.x86_64",
"product_id": "qemu-block-iscsi-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.6.2-41.59.1.x86_64",
"product_id": "qemu-block-rbd-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-block-ssh-2.6.2-41.59.1.x86_64",
"product_id": "qemu-block-ssh-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-extra-2.6.2-41.59.1.x86_64",
"product_id": "qemu-extra-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.6.2-41.59.1.x86_64",
"product_id": "qemu-guest-agent-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-kvm-2.6.2-41.59.1.x86_64",
"product_id": "qemu-kvm-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-lang-2.6.2-41.59.1.x86_64",
"product_id": "qemu-lang-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-linux-user-2.6.2-41.59.1.x86_64",
"product_id": "qemu-linux-user-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-ppc-2.6.2-41.59.1.x86_64",
"product_id": "qemu-ppc-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-s390-2.6.2-41.59.1.x86_64",
"product_id": "qemu-s390-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-testsuite-2.6.2-41.59.1.x86_64",
"product_id": "qemu-testsuite-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-tools-2.6.2-41.59.1.x86_64",
"product_id": "qemu-tools-2.6.2-41.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.6.2-41.59.1.x86_64",
"product": {
"name": "qemu-x86-2.6.2-41.59.1.x86_64",
"product_id": "qemu-x86-2.6.2-41.59.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-41.59.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-41.59.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-kvm-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-kvm-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-s390-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.9.1-41.59.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-seabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-41.59.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch"
},
"product_reference": "qemu-sgabios-8-41.59.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.9.1-41.59.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-vgabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.6.2-41.59.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-x86-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-41.59.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-kvm-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-ppc-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.9.1-41.59.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-seabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-41.59.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch"
},
"product_reference": "qemu-sgabios-8-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.9.1-41.59.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-vgabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-x86-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-kvm-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-kvm-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-ppc-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-s390-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.9.1-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-seabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch"
},
"product_reference": "qemu-sgabios-8-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.9.1-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-vgabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-x86-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-curl-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-kvm-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-lang-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.9.1-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-seabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch"
},
"product_reference": "qemu-sgabios-8-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-tools-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.9.1-41.59.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch"
},
"product_reference": "qemu-vgabios-1.9.1-41.59.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.6.2-41.59.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64"
},
"product_reference": "qemu-x86-2.6.2-41.59.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-03T10:04:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-03T10:04:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-6778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6778"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6778",
"url": "https://www.suse.com/security/cve/CVE-2019-6778"
},
{
"category": "external",
"summary": "SUSE Bug 1123156 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "external",
"summary": "SUSE Bug 1123157 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123157"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-03T10:04:37Z",
"details": "important"
}
],
"title": "CVE-2019-6778"
},
{
"cve": "CVE-2020-1711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1711"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1711",
"url": "https://www.suse.com/security/cve/CVE-2020-1711"
},
{
"category": "external",
"summary": "SUSE Bug 1166240 for CVE-2020-1711",
"url": "https://bugzilla.suse.com/1166240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-03T10:04:37Z",
"details": "important"
}
],
"title": "CVE-2020-1711"
},
{
"cve": "CVE-2020-1983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1983"
}
],
"notes": [
{
"category": "general",
"text": "A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1983",
"url": "https://www.suse.com/security/cve/CVE-2020-1983"
},
{
"category": "external",
"summary": "SUSE Bug 1170940 for CVE-2020-1983",
"url": "https://bugzilla.suse.com/1170940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-03T10:04:37Z",
"details": "important"
}
],
"title": "CVE-2020-1983"
},
{
"cve": "CVE-2020-7039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7039"
}
],
"notes": [
{
"category": "general",
"text": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7039",
"url": "https://www.suse.com/security/cve/CVE-2020-7039"
},
{
"category": "external",
"summary": "SUSE Bug 1161066 for CVE-2020-7039",
"url": "https://bugzilla.suse.com/1161066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-03T10:04:37Z",
"details": "important"
}
],
"title": "CVE-2020-7039"
},
{
"cve": "CVE-2020-8608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8608"
}
],
"notes": [
{
"category": "general",
"text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8608",
"url": "https://www.suse.com/security/cve/CVE-2020-8608"
},
{
"category": "external",
"summary": "SUSE Bug 1163018 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "external",
"summary": "SUSE Bug 1163019 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ppc-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-sgabios-8-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-x86-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-curl-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-rbd-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-block-ssh-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-guest-agent-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-ipxe-1.0.0-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-kvm-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-lang-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-s390-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-seabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-sgabios-8-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.s390x",
"SUSE OpenStack Cloud 7:qemu-tools-2.6.2-41.59.1.x86_64",
"SUSE OpenStack Cloud 7:qemu-vgabios-1.9.1-41.59.1.noarch",
"SUSE OpenStack Cloud 7:qemu-x86-2.6.2-41.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-03T10:04:37Z",
"details": "important"
}
],
"title": "CVE-2020-8608"
}
]
}
suse-su-2019:2956-1
Vulnerability from csaf_suse
Published
2019-11-12 18:15
Modified
2019-11-12 18:15
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
- Remove a backslash '\' escape character from 80-qemu-ga.rules (bsc#1153358)
Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in
sles 12 sp4 or newer guest only needs one escape character.
- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068
bsc#1146873)
- Expose taa-no 'feature', indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no 'feature', indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207
bsc#1155812)
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4
Patchnames
SUSE-2019-2956,SUSE-SLE-DESKTOP-12-SP4-2019-2956,SUSE-SLE-SERVER-12-SP4-2019-2956
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\n- Remove a backslash \u0027\\\u0027 escape character from 80-qemu-ga.rules (bsc#1153358)\n Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in\n sles 12 sp4 or newer guest only needs one escape character.\n\n- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)\n- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068\n bsc#1146873)\n- Expose taa-no \u0027feature\u0027, indicating CPU does not have the\n TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)\n- Expose pschange-mc-no \u0027feature\u0027, indicating CPU does not have\n the page size change machine check vulnerability (CVE-2018-12207\n bsc#1155812)\n- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2956,SUSE-SLE-DESKTOP-12-SP4-2019-2956,SUSE-SLE-SERVER-12-SP4-2019-2956",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2956-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2956-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192956-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2956-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006129.html"
},
{
"category": "self",
"summary": "SUSE Bug 1119991",
"url": "https://bugzilla.suse.com/1119991"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1152506",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "self",
"summary": "SUSE Bug 1153358",
"url": "https://bugzilla.suse.com/1153358"
},
{
"category": "self",
"summary": "SUSE Bug 1155812",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-11-12T18:15:08Z",
"generator": {
"date": "2019-11-12T18:15:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2956-1",
"initial_release_date": "2019-11-12T18:15:08Z",
"revision_history": [
{
"date": "2019-11-12T18:15:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-2.11.2-5.23.2.aarch64",
"product_id": "qemu-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-arm-2.11.2-5.23.2.aarch64",
"product_id": "qemu-arm-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-block-curl-2.11.2-5.23.2.aarch64",
"product_id": "qemu-block-curl-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-block-dmg-2.11.2-5.23.2.aarch64",
"product_id": "qemu-block-dmg-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"product_id": "qemu-block-iscsi-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-block-rbd-2.11.2-5.23.2.aarch64",
"product_id": "qemu-block-rbd-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-block-ssh-2.11.2-5.23.2.aarch64",
"product_id": "qemu-block-ssh-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-extra-2.11.2-5.23.2.aarch64",
"product_id": "qemu-extra-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-guest-agent-2.11.2-5.23.2.aarch64",
"product_id": "qemu-guest-agent-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-lang-2.11.2-5.23.2.aarch64",
"product_id": "qemu-lang-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-linux-user-2.11.2-5.23.2.aarch64",
"product_id": "qemu-linux-user-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-ppc-2.11.2-5.23.2.aarch64",
"product_id": "qemu-ppc-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-s390-2.11.2-5.23.2.aarch64",
"product_id": "qemu-s390-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-tools-2.11.2-5.23.2.aarch64",
"product_id": "qemu-tools-2.11.2-5.23.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-5.23.2.aarch64",
"product": {
"name": "qemu-x86-2.11.2-5.23.2.aarch64",
"product_id": "qemu-x86-2.11.2-5.23.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-2.11.2-5.23.2.i586",
"product_id": "qemu-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-arm-2.11.2-5.23.2.i586",
"product_id": "qemu-arm-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-block-curl-2.11.2-5.23.2.i586",
"product_id": "qemu-block-curl-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-block-dmg-2.11.2-5.23.2.i586",
"product_id": "qemu-block-dmg-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.i586",
"product_id": "qemu-block-iscsi-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-block-ssh-2.11.2-5.23.2.i586",
"product_id": "qemu-block-ssh-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-extra-2.11.2-5.23.2.i586",
"product_id": "qemu-extra-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-guest-agent-2.11.2-5.23.2.i586",
"product_id": "qemu-guest-agent-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-kvm-2.11.2-5.23.2.i586",
"product_id": "qemu-kvm-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-lang-2.11.2-5.23.2.i586",
"product_id": "qemu-lang-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-linux-user-2.11.2-5.23.2.i586",
"product_id": "qemu-linux-user-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-ppc-2.11.2-5.23.2.i586",
"product_id": "qemu-ppc-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-s390-2.11.2-5.23.2.i586",
"product_id": "qemu-s390-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-tools-2.11.2-5.23.2.i586",
"product_id": "qemu-tools-2.11.2-5.23.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-5.23.2.i586",
"product": {
"name": "qemu-x86-2.11.2-5.23.2.i586",
"product_id": "qemu-x86-2.11.2-5.23.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-5.23.2.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-5.23.2.noarch",
"product_id": "qemu-ipxe-1.0.0+-5.23.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.11.0-5.23.2.noarch",
"product": {
"name": "qemu-seabios-1.11.0-5.23.2.noarch",
"product_id": "qemu-seabios-1.11.0-5.23.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-5.23.2.noarch",
"product": {
"name": "qemu-sgabios-8-5.23.2.noarch",
"product_id": "qemu-sgabios-8-5.23.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.11.0-5.23.2.noarch",
"product": {
"name": "qemu-vgabios-1.11.0-5.23.2.noarch",
"product_id": "qemu-vgabios-1.11.0-5.23.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-arm-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-arm-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-block-curl-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-block-curl-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-block-dmg-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-block-dmg-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-block-iscsi-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-block-rbd-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-block-rbd-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-block-ssh-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-extra-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-extra-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-guest-agent-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-lang-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-lang-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-linux-user-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-linux-user-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-ppc-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-ppc-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-s390-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-s390-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-tools-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-tools-2.11.2-5.23.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-5.23.2.ppc64le",
"product": {
"name": "qemu-x86-2.11.2-5.23.2.ppc64le",
"product_id": "qemu-x86-2.11.2-5.23.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-2.11.2-5.23.2.s390x",
"product_id": "qemu-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-arm-2.11.2-5.23.2.s390x",
"product_id": "qemu-arm-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-block-curl-2.11.2-5.23.2.s390x",
"product_id": "qemu-block-curl-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-block-dmg-2.11.2-5.23.2.s390x",
"product_id": "qemu-block-dmg-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.s390x",
"product_id": "qemu-block-iscsi-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-block-rbd-2.11.2-5.23.2.s390x",
"product_id": "qemu-block-rbd-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-block-ssh-2.11.2-5.23.2.s390x",
"product_id": "qemu-block-ssh-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-extra-2.11.2-5.23.2.s390x",
"product_id": "qemu-extra-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-guest-agent-2.11.2-5.23.2.s390x",
"product_id": "qemu-guest-agent-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-kvm-2.11.2-5.23.2.s390x",
"product_id": "qemu-kvm-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-lang-2.11.2-5.23.2.s390x",
"product_id": "qemu-lang-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-linux-user-2.11.2-5.23.2.s390x",
"product_id": "qemu-linux-user-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-ppc-2.11.2-5.23.2.s390x",
"product_id": "qemu-ppc-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-s390-2.11.2-5.23.2.s390x",
"product_id": "qemu-s390-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-tools-2.11.2-5.23.2.s390x",
"product_id": "qemu-tools-2.11.2-5.23.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-5.23.2.s390x",
"product": {
"name": "qemu-x86-2.11.2-5.23.2.s390x",
"product_id": "qemu-x86-2.11.2-5.23.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-2.11.2-5.23.2.x86_64",
"product_id": "qemu-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-arm-2.11.2-5.23.2.x86_64",
"product_id": "qemu-arm-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-block-curl-2.11.2-5.23.2.x86_64",
"product_id": "qemu-block-curl-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-block-dmg-2.11.2-5.23.2.x86_64",
"product_id": "qemu-block-dmg-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"product_id": "qemu-block-iscsi-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-block-rbd-2.11.2-5.23.2.x86_64",
"product_id": "qemu-block-rbd-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-block-ssh-2.11.2-5.23.2.x86_64",
"product_id": "qemu-block-ssh-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-extra-2.11.2-5.23.2.x86_64",
"product_id": "qemu-extra-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-guest-agent-2.11.2-5.23.2.x86_64",
"product_id": "qemu-guest-agent-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-kvm-2.11.2-5.23.2.x86_64",
"product_id": "qemu-kvm-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-lang-2.11.2-5.23.2.x86_64",
"product_id": "qemu-lang-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-linux-user-2.11.2-5.23.2.x86_64",
"product_id": "qemu-linux-user-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-ppc-2.11.2-5.23.2.x86_64",
"product_id": "qemu-ppc-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-s390-2.11.2-5.23.2.x86_64",
"product_id": "qemu-s390-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-tools-2.11.2-5.23.2.x86_64",
"product_id": "qemu-tools-2.11.2-5.23.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-5.23.2.x86_64",
"product": {
"name": "qemu-x86-2.11.2-5.23.2.x86_64",
"product_id": "qemu-x86-2.11.2-5.23.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-5.23.2.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-kvm-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.11.0-5.23.2.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch"
},
"product_reference": "qemu-seabios-1.11.0-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-5.23.2.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch"
},
"product_reference": "qemu-sgabios-8-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.11.0-5.23.2.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch"
},
"product_reference": "qemu-vgabios-1.11.0-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-x86-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-arm-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-rbd-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-rbd-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-5.23.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-kvm-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-kvm-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-ppc-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-s390-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.11.0-5.23.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch"
},
"product_reference": "qemu-seabios-1.11.0-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-5.23.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch"
},
"product_reference": "qemu-sgabios-8-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.11.0-5.23.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch"
},
"product_reference": "qemu-vgabios-1.11.0-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-x86-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-arm-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-curl-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-rbd-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-rbd-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-block-ssh-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-guest-agent-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-5.23.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-kvm-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-kvm-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-lang-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-ppc-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-s390-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.11.0-5.23.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch"
},
"product_reference": "qemu-seabios-1.11.0-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-5.23.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch"
},
"product_reference": "qemu-sgabios-8-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-tools-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.11.0-5.23.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch"
},
"product_reference": "qemu-vgabios-1.11.0-5.23.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.11.2-5.23.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
},
"product_reference": "qemu-x86-2.11.2-5.23.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:15:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-20126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20126"
}
],
"notes": [
{
"category": "general",
"text": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20126",
"url": "https://www.suse.com/security/cve/CVE-2018-20126"
},
{
"category": "external",
"summary": "SUSE Bug 1119991 for CVE-2018-20126",
"url": "https://bugzilla.suse.com/1119991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:15:08Z",
"details": "low"
}
],
"title": "CVE-2018-20126"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:15:08Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-arm-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-curl-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-iscsi-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-rbd-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-block-ssh-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-guest-agent-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ipxe-1.0.0+-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-kvm-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-lang-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-ppc-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-s390-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-seabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-sgabios-8-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-tools-2.11.2-5.23.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-vgabios-1.11.0-5.23.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:qemu-x86-2.11.2-5.23.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:15:08Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
}
]
}
suse-su-2019:2783-1
Vulnerability from csaf_suse
Published
2019-10-25 12:28
Modified
2019-10-25 12:28
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Patchnames
SUSE-2019-2783,SUSE-OpenStack-Cloud-7-2019-2783,SUSE-SLE-SAP-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-BCL-2019-2783,SUSE-Storage-4-2019-2783
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\t \n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2783,SUSE-OpenStack-Cloud-7-2019-2783,SUSE-SLE-SAP-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-BCL-2019-2783,SUSE-Storage-4-2019-2783",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2783-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2783-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192783-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2783-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006058.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-25T12:28:11Z",
"generator": {
"date": "2019-10-25T12:28:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2783-1",
"initial_release_date": "2019-10-25T12:28:11Z",
"revision_history": [
{
"date": "2019-10-25T12:28:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.7.6_06-43.54.2.i586",
"product": {
"name": "xen-devel-4.7.6_06-43.54.2.i586",
"product_id": "xen-devel-4.7.6_06-43.54.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_06-43.54.2.i586",
"product": {
"name": "xen-libs-4.7.6_06-43.54.2.i586",
"product_id": "xen-libs-4.7.6_06-43.54.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_06-43.54.2.i586",
"product": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.i586",
"product_id": "xen-tools-domU-4.7.6_06-43.54.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-devel-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-devel-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-doc-html-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-libs-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-tools-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-tools-domU-4.7.6_06-43.54.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
suse-su-2019:2955-1
Vulnerability from csaf_suse
Published
2019-11-12 18:14
Modified
2019-11-12 18:14
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which
includes 2 fixes we already carry, as well as one additional use-
after-free fix in slirp. (CVE-2018-20126 bsc#1119991,
CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811
respectively)
Security issues fixed:
- CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873)
- CVE-2019-11135: Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506)
- CVE-2018-12207: Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (bsc#1117665)
Other issues fixed:
- Change how this bug gets fixed (bsc#1144087)
- Disable file locking in the Xen PV disk backend to avoid locking
issues with PV domUs during migration. The issues triggered by
the locking can not be properly handled in libxl. The locking
introduced in qemu-2.10 was removed again in qemu-4.0.
(bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)
- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)
- Additional hardware instruction support for s390, also update
qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)
Patchnames
SUSE-2019-2955,SUSE-SLE-Module-Basesystem-15-SP1-2019-2955,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2955,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2955
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nqemu was updated to v3.1.1.1, a stable, bug-fix-only release, which\nincludes 2 fixes we already carry, as well as one additional use-\nafter-free fix in slirp. (CVE-2018-20126 bsc#1119991,\nCVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811\nrespectively)\n\nSecurity issues fixed:\n\n- CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873)\n- CVE-2019-11135: Expose taa-no \u0027feature\u0027, indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506)\n- CVE-2018-12207: Expose pschange-mc-no \u0027feature\u0027, indicating CPU does not have the page size change machine check vulnerability (bsc#1117665)\n\nOther issues fixed:\n\n- Change how this bug gets fixed (bsc#1144087)\n- Disable file locking in the Xen PV disk backend to avoid locking\n issues with PV domUs during migration. The issues triggered by\n the locking can not be properly handled in libxl. The locking\n introduced in qemu-2.10 was removed again in qemu-4.0.\n (bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)\n- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)\n- Additional hardware instruction support for s390, also update\n qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2955,SUSE-SLE-Module-Basesystem-15-SP1-2019-2955,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2955,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2955",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2955-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2955-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2955-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1079730",
"url": "https://bugzilla.suse.com/1079730"
},
{
"category": "self",
"summary": "SUSE Bug 1098403",
"url": "https://bugzilla.suse.com/1098403"
},
{
"category": "self",
"summary": "SUSE Bug 1111025",
"url": "https://bugzilla.suse.com/1111025"
},
{
"category": "self",
"summary": "SUSE Bug 1117665",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "self",
"summary": "SUSE Bug 1119991",
"url": "https://bugzilla.suse.com/1119991"
},
{
"category": "self",
"summary": "SUSE Bug 1143794",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "self",
"summary": "SUSE Bug 1144087",
"url": "https://bugzilla.suse.com/1144087"
},
{
"category": "self",
"summary": "SUSE Bug 1145379",
"url": "https://bugzilla.suse.com/1145379"
},
{
"category": "self",
"summary": "SUSE Bug 1145427",
"url": "https://bugzilla.suse.com/1145427"
},
{
"category": "self",
"summary": "SUSE Bug 1145436",
"url": "https://bugzilla.suse.com/1145436"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1152506",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE Bug SLE-6132",
"url": "https://bugzilla.suse.com/SLE-6132"
},
{
"category": "self",
"summary": "SUSE Bug SLE-6237",
"url": "https://bugzilla.suse.com/SLE-6237"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-11-12T18:14:55Z",
"generator": {
"date": "2019-11-12T18:14:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2955-1",
"initial_release_date": "2019-11-12T18:14:55Z",
"revision_history": [
{
"date": "2019-11-12T18:14:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-arm-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-arm-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-audio-alsa-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-audio-oss-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-audio-oss-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-audio-oss-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-audio-pa-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-audio-pa-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-block-curl-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-block-dmg-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-block-dmg-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-block-iscsi-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-block-rbd-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-block-ssh-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-extra-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-extra-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-extra-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-guest-agent-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-lang-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-lang-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-linux-user-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-linux-user-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-ppc-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-ppc-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-s390-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-s390-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-s390-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-tools-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-tools-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-ui-curses-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-ui-curses-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-ui-gtk-3.1.1.1-9.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-x86-3.1.1.1-9.6.2.aarch64",
"product": {
"name": "qemu-x86-3.1.1.1-9.6.2.aarch64",
"product_id": "qemu-x86-3.1.1.1-9.6.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-3.1.1.1-9.6.2.i586",
"product_id": "qemu-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-arm-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-arm-3.1.1.1-9.6.2.i586",
"product_id": "qemu-arm-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.i586",
"product_id": "qemu-audio-alsa-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-audio-oss-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-audio-oss-3.1.1.1-9.6.2.i586",
"product_id": "qemu-audio-oss-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-audio-pa-3.1.1.1-9.6.2.i586",
"product_id": "qemu-audio-pa-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.i586",
"product_id": "qemu-block-curl-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-block-dmg-3.1.1.1-9.6.2.i586",
"product_id": "qemu-block-dmg-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.i586",
"product_id": "qemu-block-iscsi-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.i586",
"product_id": "qemu-block-ssh-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-extra-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-extra-3.1.1.1-9.6.2.i586",
"product_id": "qemu-extra-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.i586",
"product_id": "qemu-guest-agent-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-kvm-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-kvm-3.1.1.1-9.6.2.i586",
"product_id": "qemu-kvm-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-lang-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-lang-3.1.1.1-9.6.2.i586",
"product_id": "qemu-lang-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-linux-user-3.1.1.1-9.6.2.i586",
"product_id": "qemu-linux-user-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-ppc-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-ppc-3.1.1.1-9.6.2.i586",
"product_id": "qemu-ppc-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-s390-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-s390-3.1.1.1-9.6.2.i586",
"product_id": "qemu-s390-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-tools-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-tools-3.1.1.1-9.6.2.i586",
"product_id": "qemu-tools-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-ui-curses-3.1.1.1-9.6.2.i586",
"product_id": "qemu-ui-curses-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.i586",
"product_id": "qemu-ui-gtk-3.1.1.1-9.6.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-x86-3.1.1.1-9.6.2.i586",
"product": {
"name": "qemu-x86-3.1.1.1-9.6.2.i586",
"product_id": "qemu-x86-3.1.1.1-9.6.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-9.6.2.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-9.6.2.noarch",
"product_id": "qemu-ipxe-1.0.0+-9.6.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.12.0-9.6.2.noarch",
"product": {
"name": "qemu-seabios-1.12.0-9.6.2.noarch",
"product_id": "qemu-seabios-1.12.0-9.6.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-9.6.2.noarch",
"product": {
"name": "qemu-sgabios-8-9.6.2.noarch",
"product_id": "qemu-sgabios-8-9.6.2.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.12.0-9.6.2.noarch",
"product": {
"name": "qemu-vgabios-1.12.0-9.6.2.noarch",
"product_id": "qemu-vgabios-1.12.0-9.6.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-arm-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-arm-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-arm-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-audio-alsa-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-audio-oss-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-audio-oss-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-audio-oss-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-audio-pa-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-audio-pa-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-block-curl-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-block-dmg-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-block-dmg-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-block-rbd-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-block-ssh-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-extra-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-extra-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-extra-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-guest-agent-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-lang-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-lang-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-linux-user-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-linux-user-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-ppc-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-s390-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-s390-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-s390-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-tools-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-tools-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-ui-curses-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-ui-curses-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-ui-gtk-3.1.1.1-9.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-x86-3.1.1.1-9.6.2.ppc64le",
"product": {
"name": "qemu-x86-3.1.1.1-9.6.2.ppc64le",
"product_id": "qemu-x86-3.1.1.1-9.6.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-arm-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-arm-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-arm-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-audio-alsa-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-audio-oss-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-audio-oss-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-audio-oss-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-audio-pa-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-audio-pa-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-block-curl-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-block-dmg-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-block-dmg-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-block-iscsi-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-block-rbd-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-block-ssh-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-extra-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-extra-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-extra-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-guest-agent-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-kvm-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-kvm-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-lang-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-lang-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-linux-user-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-linux-user-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ppc-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-ppc-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-ppc-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-s390-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-s390-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-tools-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-tools-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-ui-curses-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-ui-curses-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-ui-gtk-3.1.1.1-9.6.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-x86-3.1.1.1-9.6.2.s390x",
"product": {
"name": "qemu-x86-3.1.1.1-9.6.2.s390x",
"product_id": "qemu-x86-3.1.1.1-9.6.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-arm-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-arm-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-audio-alsa-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-audio-oss-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-audio-pa-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-block-curl-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-block-dmg-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-block-dmg-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-block-iscsi-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-block-rbd-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-block-ssh-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-extra-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-extra-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-guest-agent-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-kvm-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-kvm-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-lang-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-lang-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-linux-user-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-linux-user-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-ppc-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-ppc-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-s390-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-s390-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-tools-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-tools-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-ui-curses-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-ui-gtk-3.1.1.1-9.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-3.1.1.1-9.6.2.x86_64",
"product": {
"name": "qemu-x86-3.1.1.1-9.6.2.x86_64",
"product_id": "qemu-x86-3.1.1.1-9.6.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-tools-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-tools-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-tools-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-tools-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-arm-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-alsa-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-oss-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-pa-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-block-curl-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-9.6.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-9.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-kvm-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-kvm-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-3.1.1.1-9.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64"
},
"product_reference": "qemu-lang-3.1.1.1-9.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-lang-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-lang-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-lang-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-3.1.1.1-9.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le"
},
"product_reference": "qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-3.1.1.1-9.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x"
},
"product_reference": "qemu-s390-3.1.1.1-9.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.12.0-9.6.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch"
},
"product_reference": "qemu-seabios-1.12.0-9.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-9.6.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch"
},
"product_reference": "qemu-sgabios-8-9.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-curses-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-gtk-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.12.0-9.6.2.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch"
},
"product_reference": "qemu-vgabios-1.12.0-9.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-3.1.1.1-9.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
},
"product_reference": "qemu-x86-3.1.1.1-9.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-20126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20126"
}
],
"notes": [
{
"category": "general",
"text": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20126",
"url": "https://www.suse.com/security/cve/CVE-2018-20126"
},
{
"category": "external",
"summary": "SUSE Bug 1119991 for CVE-2018-20126",
"url": "https://bugzilla.suse.com/1119991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:55Z",
"details": "low"
}
],
"title": "CVE-2018-20126"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:55Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:qemu-tools-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-arm-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-alsa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-oss-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-audio-pa-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-curl-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-iscsi-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-rbd-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-block-ssh-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-guest-agent-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ipxe-1.0.0+-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-kvm-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-lang-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ppc-3.1.1.1-9.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-s390-3.1.1.1-9.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-seabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-sgabios-8-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-curses-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-ui-gtk-3.1.1.1-9.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-vgabios-1.12.0-9.6.2.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:qemu-x86-3.1.1.1-9.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
}
]
}
suse-su-2019:2954-1
Vulnerability from csaf_suse
Published
2019-11-12 18:14
Modified
2019-11-12 18:14
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15
- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)
- Expose taa-no 'feature', indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no 'feature', indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
Patchnames
SUSE-2019-2954,SUSE-SLE-Module-Basesystem-15-2019-2954,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2954,SUSE-SLE-Module-Server-Applications-15-2019-2954
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\n- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15\n- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)\n- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)\n- Expose taa-no \u0027feature\u0027, indicating CPU does not have the\n TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)\n- Expose pschange-mc-no \u0027feature\u0027, indicating CPU does not have\n the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2954,SUSE-SLE-Module-Basesystem-15-2019-2954,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2954,SUSE-SLE-Module-Server-Applications-15-2019-2954",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2954-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2954-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192954-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2954-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006132.html"
},
{
"category": "self",
"summary": "SUSE Bug 1119991",
"url": "https://bugzilla.suse.com/1119991"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1152506",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "self",
"summary": "SUSE Bug 1155812",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-11-12T18:14:28Z",
"generator": {
"date": "2019-11-12T18:14:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2954-1",
"initial_release_date": "2019-11-12T18:14:28Z",
"revision_history": [
{
"date": "2019-11-12T18:14:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-2.11.2-9.33.1.aarch64",
"product_id": "qemu-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-arm-2.11.2-9.33.1.aarch64",
"product_id": "qemu-arm-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-block-curl-2.11.2-9.33.1.aarch64",
"product_id": "qemu-block-curl-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-block-dmg-2.11.2-9.33.1.aarch64",
"product_id": "qemu-block-dmg-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"product_id": "qemu-block-iscsi-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-block-rbd-2.11.2-9.33.1.aarch64",
"product_id": "qemu-block-rbd-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-block-ssh-2.11.2-9.33.1.aarch64",
"product_id": "qemu-block-ssh-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-extra-2.11.2-9.33.1.aarch64",
"product_id": "qemu-extra-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-guest-agent-2.11.2-9.33.1.aarch64",
"product_id": "qemu-guest-agent-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-lang-2.11.2-9.33.1.aarch64",
"product_id": "qemu-lang-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-linux-user-2.11.2-9.33.1.aarch64",
"product_id": "qemu-linux-user-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-ppc-2.11.2-9.33.1.aarch64",
"product_id": "qemu-ppc-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-s390-2.11.2-9.33.1.aarch64",
"product_id": "qemu-s390-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-testsuite-2.11.2-9.33.1.aarch64",
"product_id": "qemu-testsuite-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-tools-2.11.2-9.33.1.aarch64",
"product_id": "qemu-tools-2.11.2-9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-9.33.1.aarch64",
"product": {
"name": "qemu-x86-2.11.2-9.33.1.aarch64",
"product_id": "qemu-x86-2.11.2-9.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-2.11.2-9.33.1.i586",
"product_id": "qemu-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-arm-2.11.2-9.33.1.i586",
"product_id": "qemu-arm-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-block-curl-2.11.2-9.33.1.i586",
"product_id": "qemu-block-curl-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-block-dmg-2.11.2-9.33.1.i586",
"product_id": "qemu-block-dmg-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.i586",
"product_id": "qemu-block-iscsi-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-block-ssh-2.11.2-9.33.1.i586",
"product_id": "qemu-block-ssh-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-extra-2.11.2-9.33.1.i586",
"product_id": "qemu-extra-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-guest-agent-2.11.2-9.33.1.i586",
"product_id": "qemu-guest-agent-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-kvm-2.11.2-9.33.1.i586",
"product_id": "qemu-kvm-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-lang-2.11.2-9.33.1.i586",
"product_id": "qemu-lang-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-linux-user-2.11.2-9.33.1.i586",
"product_id": "qemu-linux-user-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-ppc-2.11.2-9.33.1.i586",
"product_id": "qemu-ppc-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-s390-2.11.2-9.33.1.i586",
"product_id": "qemu-s390-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-testsuite-2.11.2-9.33.1.i586",
"product_id": "qemu-testsuite-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-tools-2.11.2-9.33.1.i586",
"product_id": "qemu-tools-2.11.2-9.33.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-9.33.1.i586",
"product": {
"name": "qemu-x86-2.11.2-9.33.1.i586",
"product_id": "qemu-x86-2.11.2-9.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-9.33.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-9.33.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-9.33.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.11.0-9.33.1.noarch",
"product": {
"name": "qemu-seabios-1.11.0-9.33.1.noarch",
"product_id": "qemu-seabios-1.11.0-9.33.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-9.33.1.noarch",
"product": {
"name": "qemu-sgabios-8-9.33.1.noarch",
"product_id": "qemu-sgabios-8-9.33.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.11.0-9.33.1.noarch",
"product": {
"name": "qemu-vgabios-1.11.0-9.33.1.noarch",
"product_id": "qemu-vgabios-1.11.0-9.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-arm-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-arm-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-block-curl-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-block-curl-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-block-dmg-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-block-dmg-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-block-iscsi-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-block-rbd-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-block-ssh-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-extra-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-extra-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-guest-agent-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-lang-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-lang-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-linux-user-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-linux-user-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-ppc-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-ppc-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-s390-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-s390-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-testsuite-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-testsuite-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-tools-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-tools-2.11.2-9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-9.33.1.ppc64le",
"product": {
"name": "qemu-x86-2.11.2-9.33.1.ppc64le",
"product_id": "qemu-x86-2.11.2-9.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-2.11.2-9.33.1.s390x",
"product_id": "qemu-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-arm-2.11.2-9.33.1.s390x",
"product_id": "qemu-arm-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-block-curl-2.11.2-9.33.1.s390x",
"product_id": "qemu-block-curl-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-block-dmg-2.11.2-9.33.1.s390x",
"product_id": "qemu-block-dmg-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.s390x",
"product_id": "qemu-block-iscsi-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-block-rbd-2.11.2-9.33.1.s390x",
"product_id": "qemu-block-rbd-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-block-ssh-2.11.2-9.33.1.s390x",
"product_id": "qemu-block-ssh-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-extra-2.11.2-9.33.1.s390x",
"product_id": "qemu-extra-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-guest-agent-2.11.2-9.33.1.s390x",
"product_id": "qemu-guest-agent-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-kvm-2.11.2-9.33.1.s390x",
"product_id": "qemu-kvm-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-lang-2.11.2-9.33.1.s390x",
"product_id": "qemu-lang-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-linux-user-2.11.2-9.33.1.s390x",
"product_id": "qemu-linux-user-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-ppc-2.11.2-9.33.1.s390x",
"product_id": "qemu-ppc-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-s390-2.11.2-9.33.1.s390x",
"product_id": "qemu-s390-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-tools-2.11.2-9.33.1.s390x",
"product_id": "qemu-tools-2.11.2-9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-9.33.1.s390x",
"product": {
"name": "qemu-x86-2.11.2-9.33.1.s390x",
"product_id": "qemu-x86-2.11.2-9.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-2.11.2-9.33.1.x86_64",
"product_id": "qemu-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-arm-2.11.2-9.33.1.x86_64",
"product_id": "qemu-arm-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-block-curl-2.11.2-9.33.1.x86_64",
"product_id": "qemu-block-curl-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-block-dmg-2.11.2-9.33.1.x86_64",
"product_id": "qemu-block-dmg-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"product_id": "qemu-block-iscsi-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.11.2-9.33.1.x86_64",
"product_id": "qemu-block-rbd-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-block-ssh-2.11.2-9.33.1.x86_64",
"product_id": "qemu-block-ssh-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-extra-2.11.2-9.33.1.x86_64",
"product_id": "qemu-extra-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.11.2-9.33.1.x86_64",
"product_id": "qemu-guest-agent-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-kvm-2.11.2-9.33.1.x86_64",
"product_id": "qemu-kvm-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-lang-2.11.2-9.33.1.x86_64",
"product_id": "qemu-lang-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-linux-user-2.11.2-9.33.1.x86_64",
"product_id": "qemu-linux-user-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-ppc-2.11.2-9.33.1.x86_64",
"product_id": "qemu-ppc-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-s390-2.11.2-9.33.1.x86_64",
"product_id": "qemu-s390-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-testsuite-2.11.2-9.33.1.x86_64",
"product_id": "qemu-testsuite-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-tools-2.11.2-9.33.1.x86_64",
"product_id": "qemu-tools-2.11.2-9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-9.33.1.x86_64",
"product": {
"name": "qemu-x86-2.11.2-9.33.1.x86_64",
"product_id": "qemu-x86-2.11.2-9.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-tools-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-tools-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-tools-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-tools-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-arm-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-block-curl-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-block-curl-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-block-curl-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-block-curl-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-block-rbd-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-block-rbd-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-block-ssh-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-block-ssh-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-guest-agent-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-guest-agent-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-9.33.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-kvm-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-kvm-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.33.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64"
},
"product_reference": "qemu-lang-2.11.2-9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-lang-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-lang-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-lang-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.11.2-9.33.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le"
},
"product_reference": "qemu-ppc-2.11.2-9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.11.2-9.33.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x"
},
"product_reference": "qemu-s390-2.11.2-9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.11.0-9.33.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch"
},
"product_reference": "qemu-seabios-1.11.0-9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-9.33.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch"
},
"product_reference": "qemu-sgabios-8-9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.11.0-9.33.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch"
},
"product_reference": "qemu-vgabios-1.11.0-9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.11.2-9.33.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
},
"product_reference": "qemu-x86-2.11.2-9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:28Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-20126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20126"
}
],
"notes": [
{
"category": "general",
"text": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20126",
"url": "https://www.suse.com/security/cve/CVE-2018-20126"
},
{
"category": "external",
"summary": "SUSE Bug 1119991 for CVE-2018-20126",
"url": "https://bugzilla.suse.com/1119991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:28Z",
"details": "low"
}
],
"title": "CVE-2018-20126"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:28Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:qemu-tools-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-arm-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-curl-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-iscsi-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-rbd-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-block-ssh-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-guest-agent-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ipxe-1.0.0+-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-kvm-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-lang-2.11.2-9.33.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ppc-2.11.2-9.33.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-s390-2.11.2-9.33.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-seabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-sgabios-8-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-vgabios-1.11.0-9.33.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-x86-2.11.2-9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:14:28Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
}
]
}
suse-su-2021:14706-1
Vulnerability from csaf_suse
Published
2021-04-23 15:32
Modified
2021-04-23 15:32
Summary
Security update for kvm
Notes
Title of the patch
Security update for kvm
Description of the patch
This update for kvm fixes the following issues:
- Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385)
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)
- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)
- Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467)
- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)
- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Fix use-after-free in slirp (CVE-2019-15890 bsc#1149811)
- Fix for similar problems as for the original fix prompting this issue (CVE-2019-6778 bsc#1123156)
- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 CVE-2020-7039 bsc#1161066)
- Fix use after free in slirp (CVE-2020-1983 bsc#1170940)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)
- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)
- Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)
Patchnames
sleposp3-kvm-14706
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kvm fixes the following issues:\n\n- Fix OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c (CVE-2020-12829, bsc#1172385)\n- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)\n- Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)\n- Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)\n- Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)\n- Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)\n- Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)\n- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)\n- Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467)\n- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)\n- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)\n- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)\n- Fix use-after-free in slirp (CVE-2019-15890 bsc#1149811)\n- Fix for similar problems as for the original fix prompting this issue (CVE-2019-6778 bsc#1123156)\n- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 CVE-2020-7039 bsc#1161066)\n- Fix use after free in slirp (CVE-2020-1983 bsc#1170940)\n- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)\n- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)\n- Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-kvm-14706",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_14706-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:14706-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114706-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:14706-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008673.html"
},
{
"category": "self",
"summary": "SUSE Bug 1123156",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1161066",
"url": "https://bugzilla.suse.com/1161066"
},
{
"category": "self",
"summary": "SUSE Bug 1163018",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "self",
"summary": "SUSE Bug 1170940",
"url": "https://bugzilla.suse.com/1170940"
},
{
"category": "self",
"summary": "SUSE Bug 1172383",
"url": "https://bugzilla.suse.com/1172383"
},
{
"category": "self",
"summary": "SUSE Bug 1172384",
"url": "https://bugzilla.suse.com/1172384"
},
{
"category": "self",
"summary": "SUSE Bug 1172385",
"url": "https://bugzilla.suse.com/1172385"
},
{
"category": "self",
"summary": "SUSE Bug 1172478",
"url": "https://bugzilla.suse.com/1172478"
},
{
"category": "self",
"summary": "SUSE Bug 1175441",
"url": "https://bugzilla.suse.com/1175441"
},
{
"category": "self",
"summary": "SUSE Bug 1176673",
"url": "https://bugzilla.suse.com/1176673"
},
{
"category": "self",
"summary": "SUSE Bug 1176682",
"url": "https://bugzilla.suse.com/1176682"
},
{
"category": "self",
"summary": "SUSE Bug 1176684",
"url": "https://bugzilla.suse.com/1176684"
},
{
"category": "self",
"summary": "SUSE Bug 1178934",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "self",
"summary": "SUSE Bug 1179467",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "self",
"summary": "SUSE Bug 1181108",
"url": "https://bugzilla.suse.com/1181108"
},
{
"category": "self",
"summary": "SUSE Bug 1182137",
"url": "https://bugzilla.suse.com/1182137"
},
{
"category": "self",
"summary": "SUSE Bug 1182425",
"url": "https://bugzilla.suse.com/1182425"
},
{
"category": "self",
"summary": "SUSE Bug 1182577",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3689 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1779 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12829 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13361 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13765 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14364 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1983 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25084 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25624 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25625 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25723 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29130 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29443 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7039 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8608 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20181 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20257 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20257/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2021-04-23T15:32:45Z",
"generator": {
"date": "2021-04-23T15:32:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:14706-1",
"initial_release_date": "2021-04-23T15:32:45Z",
"revision_history": [
{
"date": "2021-04-23T15:32:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-53.38.1.i586",
"product": {
"name": "kvm-1.4.2-53.38.1.i586",
"product_id": "kvm-1.4.2-53.38.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-53.38.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
},
"product_reference": "kvm-1.4.2-53.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3689"
}
],
"notes": [
{
"category": "general",
"text": "The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3689",
"url": "https://www.suse.com/security/cve/CVE-2014-3689"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 1189862 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/1189862"
},
{
"category": "external",
"summary": "SUSE Bug 901508 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/901508"
},
{
"category": "external",
"summary": "SUSE Bug 962611 for CVE-2014-3689",
"url": "https://bugzilla.suse.com/962611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "important"
}
],
"title": "CVE-2014-3689"
},
{
"cve": "CVE-2015-1779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1779"
}
],
"notes": [
{
"category": "general",
"text": "The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1779",
"url": "https://www.suse.com/security/cve/CVE-2015-1779"
},
{
"category": "external",
"summary": "SUSE Bug 924018 for CVE-2015-1779",
"url": "https://bugzilla.suse.com/924018"
},
{
"category": "external",
"summary": "SUSE Bug 962632 for CVE-2015-1779",
"url": "https://bugzilla.suse.com/962632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2015-1779"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-6778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6778"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6778",
"url": "https://www.suse.com/security/cve/CVE-2019-6778"
},
{
"category": "external",
"summary": "SUSE Bug 1123156 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "external",
"summary": "SUSE Bug 1123157 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123157"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "important"
}
],
"title": "CVE-2019-6778"
},
{
"cve": "CVE-2020-12829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12829"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12829",
"url": "https://www.suse.com/security/cve/CVE-2020-12829"
},
{
"category": "external",
"summary": "SUSE Bug 1172385 for CVE-2020-12829",
"url": "https://bugzilla.suse.com/1172385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-12829"
},
{
"cve": "CVE-2020-13361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13361"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13361",
"url": "https://www.suse.com/security/cve/CVE-2020-13361"
},
{
"category": "external",
"summary": "SUSE Bug 1172384 for CVE-2020-13361",
"url": "https://bugzilla.suse.com/1172384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "low"
}
],
"title": "CVE-2020-13361"
},
{
"cve": "CVE-2020-13362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13362"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13362",
"url": "https://www.suse.com/security/cve/CVE-2020-13362"
},
{
"category": "external",
"summary": "SUSE Bug 1172383 for CVE-2020-13362",
"url": "https://bugzilla.suse.com/1172383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "low"
}
],
"title": "CVE-2020-13362"
},
{
"cve": "CVE-2020-13765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13765"
}
],
"notes": [
{
"category": "general",
"text": "rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13765",
"url": "https://www.suse.com/security/cve/CVE-2020-13765"
},
{
"category": "external",
"summary": "SUSE Bug 1172478 for CVE-2020-13765",
"url": "https://bugzilla.suse.com/1172478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "important"
}
],
"title": "CVE-2020-13765"
},
{
"cve": "CVE-2020-14364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14364"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice \u0027setup_len\u0027 exceeds its \u0027data_buf[4096]\u0027 in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14364",
"url": "https://www.suse.com/security/cve/CVE-2020-14364"
},
{
"category": "external",
"summary": "SUSE Bug 1175441 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1175441"
},
{
"category": "external",
"summary": "SUSE Bug 1175534 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1175534"
},
{
"category": "external",
"summary": "SUSE Bug 1176494 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1176494"
},
{
"category": "external",
"summary": "SUSE Bug 1177130 for CVE-2020-14364",
"url": "https://bugzilla.suse.com/1177130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-14364"
},
{
"cve": "CVE-2020-1983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1983"
}
],
"notes": [
{
"category": "general",
"text": "A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1983",
"url": "https://www.suse.com/security/cve/CVE-2020-1983"
},
{
"category": "external",
"summary": "SUSE Bug 1170940 for CVE-2020-1983",
"url": "https://bugzilla.suse.com/1170940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "important"
}
],
"title": "CVE-2020-1983"
},
{
"cve": "CVE-2020-25084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25084"
}
],
"notes": [
{
"category": "general",
"text": "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25084",
"url": "https://www.suse.com/security/cve/CVE-2020-25084"
},
{
"category": "external",
"summary": "SUSE Bug 1176673 for CVE-2020-25084",
"url": "https://bugzilla.suse.com/1176673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-25084"
},
{
"cve": "CVE-2020-25624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25624"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25624",
"url": "https://www.suse.com/security/cve/CVE-2020-25624"
},
{
"category": "external",
"summary": "SUSE Bug 1176682 for CVE-2020-25624",
"url": "https://bugzilla.suse.com/1176682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-25624"
},
{
"cve": "CVE-2020-25625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25625"
}
],
"notes": [
{
"category": "general",
"text": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25625",
"url": "https://www.suse.com/security/cve/CVE-2020-25625"
},
{
"category": "external",
"summary": "SUSE Bug 1176684 for CVE-2020-25625",
"url": "https://bugzilla.suse.com/1176684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "low"
}
],
"title": "CVE-2020-25625"
},
{
"cve": "CVE-2020-25723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25723"
}
],
"notes": [
{
"category": "general",
"text": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25723",
"url": "https://www.suse.com/security/cve/CVE-2020-25723"
},
{
"category": "external",
"summary": "SUSE Bug 1178934 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178934"
},
{
"category": "external",
"summary": "SUSE Bug 1178935 for CVE-2020-25723",
"url": "https://bugzilla.suse.com/1178935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "low"
}
],
"title": "CVE-2020-25723"
},
{
"cve": "CVE-2020-29130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29130"
}
],
"notes": [
{
"category": "general",
"text": "slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29130",
"url": "https://www.suse.com/security/cve/CVE-2020-29130"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1179467 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179467"
},
{
"category": "external",
"summary": "SUSE Bug 1179477 for CVE-2020-29130",
"url": "https://bugzilla.suse.com/1179477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-29130"
},
{
"cve": "CVE-2020-29443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29443"
}
],
"notes": [
{
"category": "general",
"text": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29443",
"url": "https://www.suse.com/security/cve/CVE-2020-29443"
},
{
"category": "external",
"summary": "SUSE Bug 1181108 for CVE-2020-29443",
"url": "https://bugzilla.suse.com/1181108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-29443"
},
{
"cve": "CVE-2020-7039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7039"
}
],
"notes": [
{
"category": "general",
"text": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7039",
"url": "https://www.suse.com/security/cve/CVE-2020-7039"
},
{
"category": "external",
"summary": "SUSE Bug 1161066 for CVE-2020-7039",
"url": "https://bugzilla.suse.com/1161066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "important"
}
],
"title": "CVE-2020-7039"
},
{
"cve": "CVE-2020-8608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8608"
}
],
"notes": [
{
"category": "general",
"text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8608",
"url": "https://www.suse.com/security/cve/CVE-2020-8608"
},
{
"category": "external",
"summary": "SUSE Bug 1163018 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "external",
"summary": "SUSE Bug 1163019 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "important"
}
],
"title": "CVE-2020-8608"
},
{
"cve": "CVE-2021-20181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20181"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20181",
"url": "https://www.suse.com/security/cve/CVE-2021-20181"
},
{
"category": "external",
"summary": "SUSE Bug 1182137 for CVE-2021-20181",
"url": "https://bugzilla.suse.com/1182137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "important"
}
],
"title": "CVE-2021-20181"
},
{
"cve": "CVE-2021-20257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20257"
}
],
"notes": [
{
"category": "general",
"text": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20257",
"url": "https://www.suse.com/security/cve/CVE-2021-20257"
},
{
"category": "external",
"summary": "SUSE Bug 1182577 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182577"
},
{
"category": "external",
"summary": "SUSE Bug 1182846 for CVE-2021-20257",
"url": "https://bugzilla.suse.com/1182846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.38.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T15:32:45Z",
"details": "low"
}
],
"title": "CVE-2021-20257"
}
]
}
suse-su-2020:1538-1
Vulnerability from csaf_suse
Published
2020-06-04 10:59
Modified
2020-06-04 10:59
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).
- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).
Non-security issue fixed:
- Make sure that required memory is mapped properly during an incoming migration of a Xen HVM domU (bsc#1160024).
Patchnames
HPE-Helion-OpenStack-8-2020-1538,SUSE-2020-1538,SUSE-OpenStack-Cloud-8-2020-1538,SUSE-OpenStack-Cloud-Crowbar-8-2020-1538,SUSE-SLE-SAP-12-SP3-2020-1538,SUSE-SLE-SERVER-12-SP3-2020-1538,SUSE-SLE-SERVER-12-SP3-BCL-2020-1538,SUSE-Storage-5-2020-1538
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).\n- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).\n- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).\n- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).\n- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).\n- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).\n- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).\n\nNon-security issue fixed:\n\n- Make sure that required memory is mapped properly during an incoming migration of a Xen HVM domU (bsc#1160024).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-1538,SUSE-2020-1538,SUSE-OpenStack-Cloud-8-2020-1538,SUSE-OpenStack-Cloud-Crowbar-8-2020-1538,SUSE-SLE-SAP-12-SP3-2020-1538,SUSE-SLE-SERVER-12-SP3-2020-1538,SUSE-SLE-SERVER-12-SP3-BCL-2020-1538,SUSE-Storage-5-2020-1538",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1538-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1538-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201538-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1538-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/006886.html"
},
{
"category": "self",
"summary": "SUSE Bug 1123156",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1160024",
"url": "https://bugzilla.suse.com/1160024"
},
{
"category": "self",
"summary": "SUSE Bug 1161066",
"url": "https://bugzilla.suse.com/1161066"
},
{
"category": "self",
"summary": "SUSE Bug 1163018",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "self",
"summary": "SUSE Bug 1166240",
"url": "https://bugzilla.suse.com/1166240"
},
{
"category": "self",
"summary": "SUSE Bug 1170940",
"url": "https://bugzilla.suse.com/1170940"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1711 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1983 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7039 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8608 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8608/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2020-06-04T10:59:37Z",
"generator": {
"date": "2020-06-04T10:59:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1538-1",
"initial_release_date": "2020-06-04T10:59:37Z",
"revision_history": [
{
"date": "2020-06-04T10:59:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-2.9.1-6.44.1.aarch64",
"product_id": "qemu-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-arm-2.9.1-6.44.1.aarch64",
"product_id": "qemu-arm-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-block-curl-2.9.1-6.44.1.aarch64",
"product_id": "qemu-block-curl-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-block-dmg-2.9.1-6.44.1.aarch64",
"product_id": "qemu-block-dmg-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"product_id": "qemu-block-iscsi-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-block-rbd-2.9.1-6.44.1.aarch64",
"product_id": "qemu-block-rbd-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-block-ssh-2.9.1-6.44.1.aarch64",
"product_id": "qemu-block-ssh-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-extra-2.9.1-6.44.1.aarch64",
"product_id": "qemu-extra-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-guest-agent-2.9.1-6.44.1.aarch64",
"product_id": "qemu-guest-agent-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-lang-2.9.1-6.44.1.aarch64",
"product_id": "qemu-lang-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-linux-user-2.9.1-6.44.1.aarch64",
"product_id": "qemu-linux-user-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-ppc-2.9.1-6.44.1.aarch64",
"product_id": "qemu-ppc-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-s390-2.9.1-6.44.1.aarch64",
"product_id": "qemu-s390-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-tools-2.9.1-6.44.1.aarch64",
"product_id": "qemu-tools-2.9.1-6.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.9.1-6.44.1.aarch64",
"product": {
"name": "qemu-x86-2.9.1-6.44.1.aarch64",
"product_id": "qemu-x86-2.9.1-6.44.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-2.9.1-6.44.1.i586",
"product_id": "qemu-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-arm-2.9.1-6.44.1.i586",
"product_id": "qemu-arm-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-block-curl-2.9.1-6.44.1.i586",
"product_id": "qemu-block-curl-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-block-dmg-2.9.1-6.44.1.i586",
"product_id": "qemu-block-dmg-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.i586",
"product_id": "qemu-block-iscsi-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-block-ssh-2.9.1-6.44.1.i586",
"product_id": "qemu-block-ssh-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-extra-2.9.1-6.44.1.i586",
"product_id": "qemu-extra-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-guest-agent-2.9.1-6.44.1.i586",
"product_id": "qemu-guest-agent-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-kvm-2.9.1-6.44.1.i586",
"product_id": "qemu-kvm-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-lang-2.9.1-6.44.1.i586",
"product_id": "qemu-lang-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-linux-user-2.9.1-6.44.1.i586",
"product_id": "qemu-linux-user-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-ppc-2.9.1-6.44.1.i586",
"product_id": "qemu-ppc-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-s390-2.9.1-6.44.1.i586",
"product_id": "qemu-s390-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-tools-2.9.1-6.44.1.i586",
"product_id": "qemu-tools-2.9.1-6.44.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.9.1-6.44.1.i586",
"product": {
"name": "qemu-x86-2.9.1-6.44.1.i586",
"product_id": "qemu-x86-2.9.1-6.44.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-6.44.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.10.2-6.44.1.noarch",
"product": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch",
"product_id": "qemu-seabios-1.10.2-6.44.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-6.44.1.noarch",
"product": {
"name": "qemu-sgabios-8-6.44.1.noarch",
"product_id": "qemu-sgabios-8-6.44.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.10.2-6.44.1.noarch",
"product": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch",
"product_id": "qemu-vgabios-1.10.2-6.44.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-arm-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-arm-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-block-curl-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-block-curl-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-block-dmg-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-block-dmg-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-block-iscsi-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-block-rbd-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-block-rbd-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-block-ssh-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-extra-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-extra-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-guest-agent-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-lang-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-lang-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-linux-user-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-linux-user-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-ppc-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-ppc-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-s390-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-s390-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-tools-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-tools-2.9.1-6.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.9.1-6.44.1.ppc64le",
"product": {
"name": "qemu-x86-2.9.1-6.44.1.ppc64le",
"product_id": "qemu-x86-2.9.1-6.44.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-2.9.1-6.44.1.s390x",
"product_id": "qemu-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-arm-2.9.1-6.44.1.s390x",
"product_id": "qemu-arm-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-block-curl-2.9.1-6.44.1.s390x",
"product_id": "qemu-block-curl-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-block-dmg-2.9.1-6.44.1.s390x",
"product_id": "qemu-block-dmg-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.s390x",
"product_id": "qemu-block-iscsi-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-block-rbd-2.9.1-6.44.1.s390x",
"product_id": "qemu-block-rbd-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-block-ssh-2.9.1-6.44.1.s390x",
"product_id": "qemu-block-ssh-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-extra-2.9.1-6.44.1.s390x",
"product_id": "qemu-extra-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-guest-agent-2.9.1-6.44.1.s390x",
"product_id": "qemu-guest-agent-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-kvm-2.9.1-6.44.1.s390x",
"product_id": "qemu-kvm-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-lang-2.9.1-6.44.1.s390x",
"product_id": "qemu-lang-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-linux-user-2.9.1-6.44.1.s390x",
"product_id": "qemu-linux-user-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-ppc-2.9.1-6.44.1.s390x",
"product_id": "qemu-ppc-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-s390-2.9.1-6.44.1.s390x",
"product_id": "qemu-s390-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-tools-2.9.1-6.44.1.s390x",
"product_id": "qemu-tools-2.9.1-6.44.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.9.1-6.44.1.s390x",
"product": {
"name": "qemu-x86-2.9.1-6.44.1.s390x",
"product_id": "qemu-x86-2.9.1-6.44.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-2.9.1-6.44.1.x86_64",
"product_id": "qemu-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"product_id": "qemu-block-curl-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"product_id": "qemu-block-iscsi-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"product_id": "qemu-block-rbd-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"product_id": "qemu-block-ssh-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"product_id": "qemu-guest-agent-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64",
"product_id": "qemu-kvm-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64",
"product_id": "qemu-lang-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64",
"product_id": "qemu-tools-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64",
"product_id": "qemu-x86-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-arm-2.9.1-6.44.1.x86_64",
"product_id": "qemu-arm-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-block-dmg-2.9.1-6.44.1.x86_64",
"product_id": "qemu-block-dmg-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-extra-2.9.1-6.44.1.x86_64",
"product_id": "qemu-extra-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-linux-user-2.9.1-6.44.1.x86_64",
"product_id": "qemu-linux-user-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-ppc-2.9.1-6.44.1.x86_64",
"product_id": "qemu-ppc-2.9.1-6.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.9.1-6.44.1.x86_64",
"product": {
"name": "qemu-s390-2.9.1-6.44.1.x86_64",
"product_id": "qemu-s390-2.9.1-6.44.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.44.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch"
},
"product_reference": "qemu-sgabios-8-6.44.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.44.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch"
},
"product_reference": "qemu-sgabios-8-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.44.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch"
},
"product_reference": "qemu-sgabios-8-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-ppc-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.44.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch"
},
"product_reference": "qemu-sgabios-8-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-arm-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-ppc-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-s390-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch"
},
"product_reference": "qemu-sgabios-8-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch"
},
"product_reference": "qemu-sgabios-8-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-arm-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-curl-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-6.44.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-6.44.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-kvm-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-lang-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.10.2-6.44.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-seabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-6.44.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch"
},
"product_reference": "qemu-sgabios-8-6.44.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-tools-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.10.2-6.44.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch"
},
"product_reference": "qemu-vgabios-1.10.2-6.44.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.9.1-6.44.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64"
},
"product_reference": "qemu-x86-2.9.1-6.44.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T10:59:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T10:59:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-6778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6778"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6778",
"url": "https://www.suse.com/security/cve/CVE-2019-6778"
},
{
"category": "external",
"summary": "SUSE Bug 1123156 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "external",
"summary": "SUSE Bug 1123157 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123157"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T10:59:37Z",
"details": "important"
}
],
"title": "CVE-2019-6778"
},
{
"cve": "CVE-2020-1711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1711"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1711",
"url": "https://www.suse.com/security/cve/CVE-2020-1711"
},
{
"category": "external",
"summary": "SUSE Bug 1166240 for CVE-2020-1711",
"url": "https://bugzilla.suse.com/1166240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T10:59:37Z",
"details": "important"
}
],
"title": "CVE-2020-1711"
},
{
"cve": "CVE-2020-1983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1983"
}
],
"notes": [
{
"category": "general",
"text": "A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1983",
"url": "https://www.suse.com/security/cve/CVE-2020-1983"
},
{
"category": "external",
"summary": "SUSE Bug 1170940 for CVE-2020-1983",
"url": "https://bugzilla.suse.com/1170940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T10:59:37Z",
"details": "important"
}
],
"title": "CVE-2020-1983"
},
{
"cve": "CVE-2020-7039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7039"
}
],
"notes": [
{
"category": "general",
"text": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7039",
"url": "https://www.suse.com/security/cve/CVE-2020-7039"
},
{
"category": "external",
"summary": "SUSE Bug 1161066 for CVE-2020-7039",
"url": "https://bugzilla.suse.com/1161066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T10:59:37Z",
"details": "important"
}
],
"title": "CVE-2020-7039"
},
{
"cve": "CVE-2020-8608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8608"
}
],
"notes": [
{
"category": "general",
"text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8608",
"url": "https://www.suse.com/security/cve/CVE-2020-8608"
},
{
"category": "external",
"summary": "SUSE Bug 1163018 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "external",
"summary": "SUSE Bug 1163019 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:qemu-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-lang-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-seabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-sgabios-8-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-tools-2.9.1-6.44.1.x86_64",
"HPE Helion OpenStack 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"HPE Helion OpenStack 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-sgabios-8-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Enterprise Storage 5:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Enterprise Storage 5:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Enterprise Storage 5:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-arm-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-s390-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ppc-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-sgabios-8-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud 8:qemu-x86-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-curl-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-iscsi-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-rbd-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-block-ssh-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-guest-agent-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-ipxe-1.0.0+-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-kvm-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-lang-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-seabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-sgabios-8-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-tools-2.9.1-6.44.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:qemu-vgabios-1.10.2-6.44.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:qemu-x86-2.9.1-6.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-04T10:59:37Z",
"details": "important"
}
],
"title": "CVE-2020-8608"
}
]
}
suse-su-2020:14396-1
Vulnerability from csaf_suse
Published
2020-06-11 13:23
Modified
2020-06-11 13:23
Summary
Security update for kvm
Notes
Title of the patch
Security update for kvm
Description of the patch
This update for kvm fixes the following issues:
Security issues fixed:
- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).
- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).
Patchnames
slessp4-kvm-14396
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kvm fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).\n- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).\n- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).\n- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).\n- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).\n- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-kvm-14396",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_14396-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:14396-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014396-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:14396-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/006934.html"
},
{
"category": "self",
"summary": "SUSE Bug 1123156",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1161066",
"url": "https://bugzilla.suse.com/1161066"
},
{
"category": "self",
"summary": "SUSE Bug 1163018",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "self",
"summary": "SUSE Bug 1170940",
"url": "https://bugzilla.suse.com/1170940"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1983 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7039 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8608 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8608/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2020-06-11T13:23:22Z",
"generator": {
"date": "2020-06-11T13:23:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:14396-1",
"initial_release_date": "2020-06-11T13:23:22Z",
"revision_history": [
{
"date": "2020-06-11T13:23:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.31.1.i586",
"product": {
"name": "kvm-1.4.2-60.31.1.i586",
"product_id": "kvm-1.4.2-60.31.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.31.1.s390x",
"product": {
"name": "kvm-1.4.2-60.31.1.s390x",
"product_id": "kvm-1.4.2-60.31.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-60.31.1.x86_64",
"product": {
"name": "kvm-1.4.2-60.31.1.x86_64",
"product_id": "kvm-1.4.2-60.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.31.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586"
},
"product_reference": "kvm-1.4.2-60.31.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.31.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x"
},
"product_reference": "kvm-1.4.2-60.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-60.31.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
},
"product_reference": "kvm-1.4.2-60.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-11T13:23:22Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-11T13:23:22Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-6778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6778"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6778",
"url": "https://www.suse.com/security/cve/CVE-2019-6778"
},
{
"category": "external",
"summary": "SUSE Bug 1123156 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "external",
"summary": "SUSE Bug 1123157 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123157"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-11T13:23:22Z",
"details": "important"
}
],
"title": "CVE-2019-6778"
},
{
"cve": "CVE-2020-1983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1983"
}
],
"notes": [
{
"category": "general",
"text": "A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1983",
"url": "https://www.suse.com/security/cve/CVE-2020-1983"
},
{
"category": "external",
"summary": "SUSE Bug 1170940 for CVE-2020-1983",
"url": "https://bugzilla.suse.com/1170940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-11T13:23:22Z",
"details": "important"
}
],
"title": "CVE-2020-1983"
},
{
"cve": "CVE-2020-7039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7039"
}
],
"notes": [
{
"category": "general",
"text": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7039",
"url": "https://www.suse.com/security/cve/CVE-2020-7039"
},
{
"category": "external",
"summary": "SUSE Bug 1161066 for CVE-2020-7039",
"url": "https://bugzilla.suse.com/1161066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-11T13:23:22Z",
"details": "important"
}
],
"title": "CVE-2020-7039"
},
{
"cve": "CVE-2020-8608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8608"
}
],
"notes": [
{
"category": "general",
"text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8608",
"url": "https://www.suse.com/security/cve/CVE-2020-8608"
},
{
"category": "external",
"summary": "SUSE Bug 1163018 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "external",
"summary": "SUSE Bug 1163019 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-11T13:23:22Z",
"details": "important"
}
],
"title": "CVE-2020-8608"
}
]
}
suse-su-2020:1514-1
Vulnerability from csaf_suse
Published
2020-06-02 08:14
Modified
2020-06-02 08:14
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).
- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).
- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).
- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).
- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).
Patchnames
SUSE-2020-1514,SUSE-SLE-SAP-12-SP1-2020-1514,SUSE-SLE-SERVER-12-SP1-2020-1514
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240).\n- CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873).\n- CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940).\n- CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).\n- CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).\n- CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811).\n- Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1514,SUSE-SLE-SAP-12-SP1-2020-1514,SUSE-SLE-SERVER-12-SP1-2020-1514",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1514-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1514-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201514-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1514-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/006872.html"
},
{
"category": "self",
"summary": "SUSE Bug 1123156",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1161066",
"url": "https://bugzilla.suse.com/1161066"
},
{
"category": "self",
"summary": "SUSE Bug 1163018",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "self",
"summary": "SUSE Bug 1166240",
"url": "https://bugzilla.suse.com/1166240"
},
{
"category": "self",
"summary": "SUSE Bug 1170940",
"url": "https://bugzilla.suse.com/1170940"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1711 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1983 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7039 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8608 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8608/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2020-06-02T08:14:29Z",
"generator": {
"date": "2020-06-02T08:14:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1514-1",
"initial_release_date": "2020-06-02T08:14:29Z",
"revision_history": [
{
"date": "2020-06-02T08:14:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-2.3.1-33.29.1.aarch64",
"product_id": "qemu-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-arm-2.3.1-33.29.1.aarch64",
"product_id": "qemu-arm-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-block-curl-2.3.1-33.29.1.aarch64",
"product_id": "qemu-block-curl-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-extra-2.3.1-33.29.1.aarch64",
"product_id": "qemu-extra-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-guest-agent-2.3.1-33.29.1.aarch64",
"product_id": "qemu-guest-agent-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-lang-2.3.1-33.29.1.aarch64",
"product_id": "qemu-lang-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-linux-user-2.3.1-33.29.1.aarch64",
"product_id": "qemu-linux-user-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-ppc-2.3.1-33.29.1.aarch64",
"product_id": "qemu-ppc-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-s390-2.3.1-33.29.1.aarch64",
"product_id": "qemu-s390-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.3.1-33.29.2.aarch64",
"product": {
"name": "qemu-testsuite-2.3.1-33.29.2.aarch64",
"product_id": "qemu-testsuite-2.3.1-33.29.2.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-tools-2.3.1-33.29.1.aarch64",
"product_id": "qemu-tools-2.3.1-33.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.3.1-33.29.1.aarch64",
"product": {
"name": "qemu-x86-2.3.1-33.29.1.aarch64",
"product_id": "qemu-x86-2.3.1-33.29.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-2.3.1-33.29.1.i586",
"product_id": "qemu-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-arm-2.3.1-33.29.1.i586",
"product_id": "qemu-arm-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-block-curl-2.3.1-33.29.1.i586",
"product_id": "qemu-block-curl-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-extra-2.3.1-33.29.1.i586",
"product_id": "qemu-extra-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-guest-agent-2.3.1-33.29.1.i586",
"product_id": "qemu-guest-agent-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-kvm-2.3.1-33.29.1.i586",
"product_id": "qemu-kvm-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-lang-2.3.1-33.29.1.i586",
"product_id": "qemu-lang-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-linux-user-2.3.1-33.29.1.i586",
"product_id": "qemu-linux-user-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-ppc-2.3.1-33.29.1.i586",
"product_id": "qemu-ppc-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-s390-2.3.1-33.29.1.i586",
"product_id": "qemu-s390-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.3.1-33.29.2.i586",
"product": {
"name": "qemu-testsuite-2.3.1-33.29.2.i586",
"product_id": "qemu-testsuite-2.3.1-33.29.2.i586"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-tools-2.3.1-33.29.1.i586",
"product_id": "qemu-tools-2.3.1-33.29.1.i586"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.3.1-33.29.1.i586",
"product": {
"name": "qemu-x86-2.3.1-33.29.1.i586",
"product_id": "qemu-x86-2.3.1-33.29.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0-33.29.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0-33.29.1.noarch",
"product_id": "qemu-ipxe-1.0.0-33.29.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.8.1-33.29.1.noarch",
"product": {
"name": "qemu-seabios-1.8.1-33.29.1.noarch",
"product_id": "qemu-seabios-1.8.1-33.29.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-33.29.1.noarch",
"product": {
"name": "qemu-sgabios-8-33.29.1.noarch",
"product_id": "qemu-sgabios-8-33.29.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.8.1-33.29.1.noarch",
"product": {
"name": "qemu-vgabios-1.8.1-33.29.1.noarch",
"product_id": "qemu-vgabios-1.8.1-33.29.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-arm-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-arm-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-block-curl-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-block-curl-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-extra-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-extra-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-guest-agent-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-lang-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-lang-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-linux-user-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-linux-user-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-ppc-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-ppc-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-s390-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-s390-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.3.1-33.29.2.ppc64le",
"product": {
"name": "qemu-testsuite-2.3.1-33.29.2.ppc64le",
"product_id": "qemu-testsuite-2.3.1-33.29.2.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-tools-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-tools-2.3.1-33.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.3.1-33.29.1.ppc64le",
"product": {
"name": "qemu-x86-2.3.1-33.29.1.ppc64le",
"product_id": "qemu-x86-2.3.1-33.29.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-2.3.1-33.29.1.s390x",
"product_id": "qemu-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-arm-2.3.1-33.29.1.s390x",
"product_id": "qemu-arm-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-block-curl-2.3.1-33.29.1.s390x",
"product_id": "qemu-block-curl-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-extra-2.3.1-33.29.1.s390x",
"product_id": "qemu-extra-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-guest-agent-2.3.1-33.29.1.s390x",
"product_id": "qemu-guest-agent-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-kvm-2.3.1-33.29.1.s390x",
"product_id": "qemu-kvm-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-lang-2.3.1-33.29.1.s390x",
"product_id": "qemu-lang-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-linux-user-2.3.1-33.29.1.s390x",
"product_id": "qemu-linux-user-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-ppc-2.3.1-33.29.1.s390x",
"product_id": "qemu-ppc-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-s390-2.3.1-33.29.1.s390x",
"product_id": "qemu-s390-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.3.1-33.29.2.s390x",
"product": {
"name": "qemu-testsuite-2.3.1-33.29.2.s390x",
"product_id": "qemu-testsuite-2.3.1-33.29.2.s390x"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-tools-2.3.1-33.29.1.s390x",
"product_id": "qemu-tools-2.3.1-33.29.1.s390x"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.3.1-33.29.1.s390x",
"product": {
"name": "qemu-x86-2.3.1-33.29.1.s390x",
"product_id": "qemu-x86-2.3.1-33.29.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-2.3.1-33.29.1.x86_64",
"product_id": "qemu-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-arm-2.3.1-33.29.1.x86_64",
"product_id": "qemu-arm-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-block-curl-2.3.1-33.29.1.x86_64",
"product_id": "qemu-block-curl-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.3.1-33.29.1.x86_64",
"product_id": "qemu-block-rbd-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-extra-2.3.1-33.29.1.x86_64",
"product_id": "qemu-extra-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.3.1-33.29.1.x86_64",
"product_id": "qemu-guest-agent-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-kvm-2.3.1-33.29.1.x86_64",
"product_id": "qemu-kvm-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-lang-2.3.1-33.29.1.x86_64",
"product_id": "qemu-lang-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-linux-user-2.3.1-33.29.1.x86_64",
"product_id": "qemu-linux-user-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-ppc-2.3.1-33.29.1.x86_64",
"product_id": "qemu-ppc-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-s390-2.3.1-33.29.1.x86_64",
"product_id": "qemu-s390-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-testsuite-2.3.1-33.29.2.x86_64",
"product": {
"name": "qemu-testsuite-2.3.1-33.29.2.x86_64",
"product_id": "qemu-testsuite-2.3.1-33.29.2.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-tools-2.3.1-33.29.1.x86_64",
"product_id": "qemu-tools-2.3.1-33.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.3.1-33.29.1.x86_64",
"product": {
"name": "qemu-x86-2.3.1-33.29.1.x86_64",
"product_id": "qemu-x86-2.3.1-33.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-block-curl-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-33.29.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-kvm-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-lang-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.8.1-33.29.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch"
},
"product_reference": "qemu-seabios-1.8.1-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-33.29.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch"
},
"product_reference": "qemu-sgabios-8-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-tools-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.8.1-33.29.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch"
},
"product_reference": "qemu-vgabios-1.8.1-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-x86-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le"
},
"product_reference": "qemu-2.3.1-33.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x"
},
"product_reference": "qemu-2.3.1-33.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le"
},
"product_reference": "qemu-block-curl-2.3.1-33.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x"
},
"product_reference": "qemu-block-curl-2.3.1-33.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-block-curl-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le"
},
"product_reference": "qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x"
},
"product_reference": "qemu-guest-agent-2.3.1-33.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0-33.29.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.3.1-33.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x"
},
"product_reference": "qemu-kvm-2.3.1-33.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-kvm-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le"
},
"product_reference": "qemu-lang-2.3.1-33.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x"
},
"product_reference": "qemu-lang-2.3.1-33.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-lang-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.3.1-33.29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le"
},
"product_reference": "qemu-ppc-2.3.1-33.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.3.1-33.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x"
},
"product_reference": "qemu-s390-2.3.1-33.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.8.1-33.29.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch"
},
"product_reference": "qemu-seabios-1.8.1-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-33.29.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch"
},
"product_reference": "qemu-sgabios-8-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le"
},
"product_reference": "qemu-tools-2.3.1-33.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x"
},
"product_reference": "qemu-tools-2.3.1-33.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-tools-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.8.1-33.29.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch"
},
"product_reference": "qemu-vgabios-1.8.1-33.29.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.3.1-33.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64"
},
"product_reference": "qemu-x86-2.3.1-33.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T08:14:29Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T08:14:29Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-6778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6778"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6778",
"url": "https://www.suse.com/security/cve/CVE-2019-6778"
},
{
"category": "external",
"summary": "SUSE Bug 1123156 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123156"
},
{
"category": "external",
"summary": "SUSE Bug 1123157 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1123157"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-6778",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T08:14:29Z",
"details": "important"
}
],
"title": "CVE-2019-6778"
},
{
"cve": "CVE-2020-1711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1711"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1711",
"url": "https://www.suse.com/security/cve/CVE-2020-1711"
},
{
"category": "external",
"summary": "SUSE Bug 1166240 for CVE-2020-1711",
"url": "https://bugzilla.suse.com/1166240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T08:14:29Z",
"details": "important"
}
],
"title": "CVE-2020-1711"
},
{
"cve": "CVE-2020-1983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1983"
}
],
"notes": [
{
"category": "general",
"text": "A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1983",
"url": "https://www.suse.com/security/cve/CVE-2020-1983"
},
{
"category": "external",
"summary": "SUSE Bug 1170940 for CVE-2020-1983",
"url": "https://bugzilla.suse.com/1170940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T08:14:29Z",
"details": "important"
}
],
"title": "CVE-2020-1983"
},
{
"cve": "CVE-2020-7039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7039"
}
],
"notes": [
{
"category": "general",
"text": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7039",
"url": "https://www.suse.com/security/cve/CVE-2020-7039"
},
{
"category": "external",
"summary": "SUSE Bug 1161066 for CVE-2020-7039",
"url": "https://bugzilla.suse.com/1161066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T08:14:29Z",
"details": "important"
}
],
"title": "CVE-2020-7039"
},
{
"cve": "CVE-2020-8608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8608"
}
],
"notes": [
{
"category": "general",
"text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8608",
"url": "https://www.suse.com/security/cve/CVE-2020-8608"
},
{
"category": "external",
"summary": "SUSE Bug 1163018 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163018"
},
{
"category": "external",
"summary": "SUSE Bug 1163019 for CVE-2020-8608",
"url": "https://bugzilla.suse.com/1163019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-ppc-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-s390-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:qemu-x86-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-33.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-33.29.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-33.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-02T08:14:29Z",
"details": "important"
}
],
"title": "CVE-2020-8608"
}
]
}
suse-su-2020:0388-1
Vulnerability from csaf_suse
Published
2020-02-17 14:03
Modified
2020-02-17 14:03
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304).
- CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279).
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497 XSA-305).
- CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI (bsc#1145652).
- CVE-2019-12068: Fixed an infinite loop while executing script (bsc#1146874).
- CVE-2019-12155: Fixed a null pointer dereference while releasing spice resources (bsc#1135905).
- CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in slirp networking implementation (bsc#1143797).
- CVE-2019-15890: Fixed a use-after-free during packet reassembly (bsc#1149813).
- CVE-2019-17340: Fixed grant table transfer issues on large hosts (XSA-284 bsc#1126140).
- CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285 bsc#1126141).
- CVE-2019-17342: Fixed steal_page violating page_struct access discipline (XSA-287 bsc#1126192).
- CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288 bsc#1126195).
- CVE-2019-17344: Fixed a missing preemption in x86 PV page table unvalidation (XSA-290 bsc#1126196).
- CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293 bsc#1126201).
- CVE-2019-18420: Fixed a hypervisor crash that could be caused by malicious x86 PV guests, resulting in a denial of service (bsc#1154448 XSA-296).
- CVE-2019-18421: Fixed a privilege escalation through malicious PV guest administrators (bsc#1154458 XSA-299).
- CVE-2019-18424: Fixed a privilege escalation through DMA to physical devices by untrusted domains (bsc#1154461 XSA-302).
- CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used mode (bsc#1154456 XSA-298).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).
Patchnames
SUSE-2020-388,SUSE-SLE-SAP-12-SP1-2020-388,SUSE-SLE-SERVER-12-SP1-2020-388
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304).\n- CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279).\n- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described \u0027Microarchitectural Data Sampling\u0027 attack. (bsc#1152497 XSA-305).\n- CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI (bsc#1145652).\n- CVE-2019-12068: Fixed an infinite loop while executing script (bsc#1146874).\n- CVE-2019-12155: Fixed a null pointer dereference while releasing spice resources (bsc#1135905).\n- CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in slirp networking implementation (bsc#1143797).\n- CVE-2019-15890: Fixed a use-after-free during packet reassembly (bsc#1149813).\n- CVE-2019-17340: Fixed grant table transfer issues on large hosts (XSA-284 bsc#1126140).\n- CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285 bsc#1126141).\n- CVE-2019-17342: Fixed steal_page violating page_struct access discipline (XSA-287 bsc#1126192).\n- CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288 bsc#1126195).\n- CVE-2019-17344: Fixed a missing preemption in x86 PV page table unvalidation (XSA-290 bsc#1126196).\n- CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293 bsc#1126201).\n- CVE-2019-18420: Fixed a hypervisor crash that could be caused by malicious x86 PV guests, resulting in a denial of service (bsc#1154448 XSA-296).\n- CVE-2019-18421: Fixed a privilege escalation through malicious PV guest administrators (bsc#1154458 XSA-299).\n- CVE-2019-18424: Fixed a privilege escalation through DMA to physical devices by untrusted domains (bsc#1154461 XSA-302). \n- CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used mode (bsc#1154456 XSA-298).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-388,SUSE-SLE-SAP-12-SP1-2020-388,SUSE-SLE-SERVER-12-SP1-2020-388",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0388-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0388-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200388-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0388-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-February/006485.html"
},
{
"category": "self",
"summary": "SUSE Bug 1115045",
"url": "https://bugzilla.suse.com/1115045"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1135905",
"url": "https://bugzilla.suse.com/1135905"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145652",
"url": "https://bugzilla.suse.com/1145652"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE Bug 1157888",
"url": "https://bugzilla.suse.com/1157888"
},
{
"category": "self",
"summary": "SUSE Bug 1158003",
"url": "https://bugzilla.suse.com/1158003"
},
{
"category": "self",
"summary": "SUSE Bug 1158004",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "self",
"summary": "SUSE Bug 1158005",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "self",
"summary": "SUSE Bug 1158006",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "self",
"summary": "SUSE Bug 1158007",
"url": "https://bugzilla.suse.com/1158007"
},
{
"category": "self",
"summary": "SUSE Bug 1161181",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19965 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12067 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7211 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7211/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-02-17T14:03:16Z",
"generator": {
"date": "2020-02-17T14:03:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0388-1",
"initial_release_date": "2020-02-17T14:03:16Z",
"revision_history": [
{
"date": "2020-02-17T14:03:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.5.5_28-22.64.1.i586",
"product": {
"name": "xen-devel-4.5.5_28-22.64.1.i586",
"product_id": "xen-devel-4.5.5_28-22.64.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.5.5_28-22.64.1.i586",
"product": {
"name": "xen-libs-4.5.5_28-22.64.1.i586",
"product_id": "xen-libs-4.5.5_28-22.64.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.5.5_28-22.64.1.i586",
"product": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.i586",
"product_id": "xen-tools-domU-4.5.5_28-22.64.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-devel-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-devel-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-doc-html-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"product": {
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"product_id": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-libs-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-libs-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-tools-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-tools-4.5.5_28-22.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"product": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"product_id": "xen-tools-domU-4.5.5_28-22.64.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64"
},
"product_reference": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-doc-html-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64"
},
"product_reference": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.5_28-22.64.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
},
"product_reference": "xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-19965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19965"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19965",
"url": "https://www.suse.com/security/cve/CVE-2018-19965"
},
{
"category": "external",
"summary": "SUSE Bug 1115045 for CVE-2018-19965",
"url": "https://bugzilla.suse.com/1115045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-19965"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12067"
}
],
"notes": [
{
"category": "general",
"text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12067",
"url": "https://www.suse.com/security/cve/CVE-2019-12067"
},
{
"category": "external",
"summary": "SUSE Bug 1145642 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145642"
},
{
"category": "external",
"summary": "SUSE Bug 1145652 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "low"
}
],
"title": "CVE-2019-12067"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-12155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12155"
}
],
"notes": [
{
"category": "general",
"text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12155",
"url": "https://www.suse.com/security/cve/CVE-2019-12155"
},
{
"category": "external",
"summary": "SUSE Bug 1135902 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135902"
},
{
"category": "external",
"summary": "SUSE Bug 1135905 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "low"
}
],
"title": "CVE-2019-12155"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
},
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
},
{
"cve": "CVE-2020-7211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7211"
}
],
"notes": [
{
"category": "general",
"text": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7211",
"url": "https://www.suse.com/security/cve/CVE-2020-7211"
},
{
"category": "external",
"summary": "SUSE Bug 1161180 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161180"
},
{
"category": "external",
"summary": "SUSE Bug 1161181 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1161181"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-7211",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-17T14:03:16Z",
"details": "moderate"
}
],
"title": "CVE-2020-7211"
}
]
}
suse-su-2019:14199-1
Vulnerability from csaf_suse
Published
2019-10-24 11:23
Modified
2019-10-24 11:23
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).
- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which
could have led to denial of service (bsc#1135905).
Patchnames
slessp4-xen-14199
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).\n- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which\n could have led to denial of service (bsc#1135905).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-xen-14199",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14199-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14199-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914199-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14199-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006052.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1135905",
"url": "https://bugzilla.suse.com/1135905"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145652",
"url": "https://bugzilla.suse.com/1145652"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12067 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-24T11:23:17Z",
"generator": {
"date": "2019-10-24T11:23:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14199-1",
"initial_release_date": "2019-10-24T11:23:17Z",
"revision_history": [
{
"date": "2019-10-24T11:23:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product_id": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_40-61.49.1.i586",
"product": {
"name": "xen-libs-4.4.4_40-61.49.1.i586",
"product_id": "xen-libs-4.4.4_40-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"product": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"product_id": "xen-tools-domU-4.4.4_40-61.49.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-doc-html-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-libs-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-libs-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-tools-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-tools-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-tools-domU-4.4.4_40-61.49.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586"
},
"product_reference": "xen-libs-4.4.4_40-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12067"
}
],
"notes": [
{
"category": "general",
"text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12067",
"url": "https://www.suse.com/security/cve/CVE-2019-12067"
},
{
"category": "external",
"summary": "SUSE Bug 1145642 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145642"
},
{
"category": "external",
"summary": "SUSE Bug 1145652 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "low"
}
],
"title": "CVE-2019-12067"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-12155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12155"
}
],
"notes": [
{
"category": "general",
"text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12155",
"url": "https://www.suse.com/security/cve/CVE-2019-12155"
},
{
"category": "external",
"summary": "SUSE Bug 1135902 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135902"
},
{
"category": "external",
"summary": "SUSE Bug 1135905 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "low"
}
],
"title": "CVE-2019-12155"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
suse-su-2019:2769-1
Vulnerability from csaf_suse
Published
2019-10-24 11:23
Modified
2019-10-24 11:23
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issue fixed:
- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).
Patchnames
HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issue fixed: \n\n- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2769-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2769-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192769-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2769-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006050.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1133818",
"url": "https://bugzilla.suse.com/1133818"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-24T11:23:02Z",
"generator": {
"date": "2019-10-24T11:23:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2769-1",
"initial_release_date": "2019-10-24T11:23:02Z",
"revision_history": [
{
"date": "2019-10-24T11:23:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-devel-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-libs-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product_id": "xen-devel-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product_id": "xen-libs-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-devel-4.9.4_04-3.56.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
suse-su-2019:2753-1
Vulnerability from csaf_suse
Published
2019-10-23 11:45
Modified
2019-10-23 11:45
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen to version 4.11.2 fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issues fixed:
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Patchnames
SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen to version 4.11.2 fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issues fixed: \n\n- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above\n (bsc#1137717).\n- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). \n- Fixed an issue where libxenlight could not create new domain (bsc#1131811).\n- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).\n- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2753-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2753-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2753-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006046.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1111331",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1129642",
"url": "https://bugzilla.suse.com/1129642"
},
{
"category": "self",
"summary": "SUSE Bug 1131811",
"url": "https://bugzilla.suse.com/1131811"
},
{
"category": "self",
"summary": "SUSE Bug 1137717",
"url": "https://bugzilla.suse.com/1137717"
},
{
"category": "self",
"summary": "SUSE Bug 1138294",
"url": "https://bugzilla.suse.com/1138294"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145240",
"url": "https://bugzilla.suse.com/1145240"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-23T11:45:48Z",
"generator": {
"date": "2019-10-23T11:45:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2753-1",
"initial_release_date": "2019-10-23T11:45:48Z",
"revision_history": [
{
"date": "2019-10-23T11:45:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-devel-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-libs-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product_id": "xen-devel-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product_id": "xen-libs-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-devel-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
suse-su-2019:14201-1
Vulnerability from csaf_suse
Published
2019-10-25 12:28
Modified
2019-10-25 12:28
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).
- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which
could have led to denial of service (bsc#1135905).
- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).
- CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).
Patchnames
sleposp3-xen-14201
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).\n- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which\n could have led to denial of service (bsc#1135905).\n- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).\n- CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-xen-14201",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14201-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14201-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914201-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14201-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006057.html"
},
{
"category": "self",
"summary": "SUSE Bug 1047675",
"url": "https://bugzilla.suse.com/1047675"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1130680",
"url": "https://bugzilla.suse.com/1130680"
},
{
"category": "self",
"summary": "SUSE Bug 1135905",
"url": "https://bugzilla.suse.com/1135905"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145652",
"url": "https://bugzilla.suse.com/1145652"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10806 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20815 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12067 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-25T12:28:21Z",
"generator": {
"date": "2019-10-25T12:28:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14201-1",
"initial_release_date": "2019-10-25T12:28:21Z",
"revision_history": [
{
"date": "2019-10-25T12:28:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product_id": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product": {
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product_id": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_21-45.33.1.i586",
"product": {
"name": "xen-libs-4.2.5_21-45.33.1.i586",
"product_id": "xen-libs-4.2.5_21-45.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_21-45.33.1.i586",
"product": {
"name": "xen-tools-domU-4.2.5_21-45.33.1.i586",
"product_id": "xen-tools-domU-4.2.5_21-45.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586"
},
"product_reference": "xen-libs-4.2.5_21-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_21-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10806"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10806",
"url": "https://www.suse.com/security/cve/CVE-2017-10806"
},
{
"category": "external",
"summary": "SUSE Bug 1047674 for CVE-2017-10806",
"url": "https://bugzilla.suse.com/1047674"
},
{
"category": "external",
"summary": "SUSE Bug 1047675 for CVE-2017-10806",
"url": "https://bugzilla.suse.com/1047675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2017-10806"
},
{
"cve": "CVE-2018-20815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20815"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20815",
"url": "https://www.suse.com/security/cve/CVE-2018-20815"
},
{
"category": "external",
"summary": "SUSE Bug 1118900 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1118900"
},
{
"category": "external",
"summary": "SUSE Bug 1130675 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1130675"
},
{
"category": "external",
"summary": "SUSE Bug 1130680 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1130680"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-20815"
},
{
"cve": "CVE-2019-12067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12067"
}
],
"notes": [
{
"category": "general",
"text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12067",
"url": "https://www.suse.com/security/cve/CVE-2019-12067"
},
{
"category": "external",
"summary": "SUSE Bug 1145642 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145642"
},
{
"category": "external",
"summary": "SUSE Bug 1145652 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "low"
}
],
"title": "CVE-2019-12067"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-12155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12155"
}
],
"notes": [
{
"category": "general",
"text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12155",
"url": "https://www.suse.com/security/cve/CVE-2019-12155"
},
{
"category": "external",
"summary": "SUSE Bug 1135902 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135902"
},
{
"category": "external",
"summary": "SUSE Bug 1135905 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "low"
}
],
"title": "CVE-2019-12155"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
}
]
}
ghsa-4699-632x-4vxr
Vulnerability from github
Published
2022-05-24 22:00
Modified
2024-04-04 03:06
Severity ?
VLAI Severity ?
Details
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
{
"affected": [],
"aliases": [
"CVE-2019-12068"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-24T20:15:00Z",
"severity": "LOW"
},
"details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GHSA-4699-632x-4vxr",
"modified": "2024-04-04T03:06:56Z",
"published": "2022-05-24T22:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
opensuse-su-2019:2505-1
Vulnerability from csaf_opensuse
Published
2019-11-14 05:54
Modified
2019-11-14 05:54
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15
- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)
- Expose taa-no 'feature', indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no 'feature', indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2505
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\n- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15\n- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)\n- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)\n- Expose taa-no \u0027feature\u0027, indicating CPU does not have the\n TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)\n- Expose pschange-mc-no \u0027feature\u0027, indicating CPU does not have\n the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2505",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2505-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2505-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2505-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB"
},
{
"category": "self",
"summary": "SUSE Bug 1119991",
"url": "https://bugzilla.suse.com/1119991"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1152506",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "self",
"summary": "SUSE Bug 1155812",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-11-14T05:54:23Z",
"generator": {
"date": "2019-11-14T05:54:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2505-1",
"initial_release_date": "2019-11-14T05:54:23Z",
"revision_history": [
{
"date": "2019-11-14T05:54:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"product": {
"name": "qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"product_id": "qemu-seabios-1.11.0-lp150.7.28.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-lp150.7.28.1.noarch",
"product": {
"name": "qemu-sgabios-8-lp150.7.28.1.noarch",
"product_id": "qemu-sgabios-8-lp150.7.28.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"product": {
"name": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"product_id": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-arm-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-extra-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-lang-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-s390-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-tools-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-x86-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-x86-2.11.2-lp150.7.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-extra-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.11.0-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch"
},
"product_reference": "qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch"
},
"product_reference": "qemu-sgabios-8-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch"
},
"product_reference": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-x86-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-20126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20126"
}
],
"notes": [
{
"category": "general",
"text": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20126",
"url": "https://www.suse.com/security/cve/CVE-2018-20126"
},
{
"category": "external",
"summary": "SUSE Bug 1119991 for CVE-2018-20126",
"url": "https://bugzilla.suse.com/1119991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "low"
}
],
"title": "CVE-2018-20126"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
}
]
}
opensuse-su-2019:2510-1
Vulnerability from csaf_opensuse
Published
2019-11-14 06:31
Modified
2019-11-14 06:31
Summary
Security update for qemu
Notes
Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following issues:
qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which
includes 2 fixes we already carry, as well as one additional use-
after-free fix in slirp. (CVE-2018-20126 bsc#1119991,
CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811
respectively)
Security issues fixed:
- CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873)
- CVE-2019-11135: Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506)
- CVE-2018-12207: Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (bsc#1117665)
Other issues fixed:
- Change how this bug gets fixed (bsc#1144087)
- Disable file locking in the Xen PV disk backend to avoid locking
issues with PV domUs during migration. The issues triggered by
the locking can not be properly handled in libxl. The locking
introduced in qemu-2.10 was removed again in qemu-4.0.
(bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)
- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)
- Additional hardware instruction support for s390, also update
qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames
openSUSE-2019-2510
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nqemu was updated to v3.1.1.1, a stable, bug-fix-only release, which\nincludes 2 fixes we already carry, as well as one additional use-\nafter-free fix in slirp. (CVE-2018-20126 bsc#1119991,\nCVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811\nrespectively)\n\nSecurity issues fixed:\n\n- CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873)\n- CVE-2019-11135: Expose taa-no \u0027feature\u0027, indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506)\n- CVE-2018-12207: Expose pschange-mc-no \u0027feature\u0027, indicating CPU does not have the page size change machine check vulnerability (bsc#1117665)\n\nOther issues fixed:\n\n- Change how this bug gets fixed (bsc#1144087)\n- Disable file locking in the Xen PV disk backend to avoid locking\n issues with PV domUs during migration. The issues triggered by\n the locking can not be properly handled in libxl. The locking\n introduced in qemu-2.10 was removed again in qemu-4.0.\n (bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)\n- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)\n- Additional hardware instruction support for s390, also update\n qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)\n\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2510",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2510-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2510-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KGVFZGJMBR53343ITOTWO7YW2JVKGHDT/#KGVFZGJMBR53343ITOTWO7YW2JVKGHDT"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2510-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KGVFZGJMBR53343ITOTWO7YW2JVKGHDT/#KGVFZGJMBR53343ITOTWO7YW2JVKGHDT"
},
{
"category": "self",
"summary": "SUSE Bug 1079730",
"url": "https://bugzilla.suse.com/1079730"
},
{
"category": "self",
"summary": "SUSE Bug 1098403",
"url": "https://bugzilla.suse.com/1098403"
},
{
"category": "self",
"summary": "SUSE Bug 1111025",
"url": "https://bugzilla.suse.com/1111025"
},
{
"category": "self",
"summary": "SUSE Bug 1117665",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "self",
"summary": "SUSE Bug 1119991",
"url": "https://bugzilla.suse.com/1119991"
},
{
"category": "self",
"summary": "SUSE Bug 1143794",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "self",
"summary": "SUSE Bug 1144087",
"url": "https://bugzilla.suse.com/1144087"
},
{
"category": "self",
"summary": "SUSE Bug 1145379",
"url": "https://bugzilla.suse.com/1145379"
},
{
"category": "self",
"summary": "SUSE Bug 1145427",
"url": "https://bugzilla.suse.com/1145427"
},
{
"category": "self",
"summary": "SUSE Bug 1145436",
"url": "https://bugzilla.suse.com/1145436"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1152506",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-11-14T06:31:05Z",
"generator": {
"date": "2019-11-14T06:31:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2510-1",
"initial_release_date": "2019-11-14T06:31:05Z",
"revision_history": [
{
"date": "2019-11-14T06:31:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"product": {
"name": "qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"product_id": "qemu-seabios-1.12.0-lp151.7.6.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-lp151.7.6.1.noarch",
"product": {
"name": "qemu-sgabios-8-lp151.7.6.1.noarch",
"product_id": "qemu-sgabios-8-lp151.7.6.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"product": {
"name": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"product_id": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.12.0-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch"
},
"product_reference": "qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch"
},
"product_reference": "qemu-sgabios-8-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch"
},
"product_reference": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-20126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20126"
}
],
"notes": [
{
"category": "general",
"text": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20126",
"url": "https://www.suse.com/security/cve/CVE-2018-20126"
},
{
"category": "external",
"summary": "SUSE Bug 1119991 for CVE-2018-20126",
"url": "https://bugzilla.suse.com/1119991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "low"
}
],
"title": "CVE-2018-20126"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
}
]
}
wid-sec-w-2024-1984
Vulnerability from csaf_certbund
Published
2019-09-24 22:00
Modified
2024-09-02 22:00
Summary
QEMU: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1984 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1984.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1984 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1984"
},
{
"category": "external",
"summary": "NATIONAL VULNERABILITY DATABASE vom 2019-09-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14199-1 vom 2019-10-24",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914199-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2769-1 vom 2019-10-24",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192769-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2783-1 vom 2019-10-25",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192783-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14201-1 vom 2019-10-25",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914201-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2955-1 vom 2019-11-13",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2956-1 vom 2019-11-13",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192956-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2954-1 vom 2019-11-13",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192954-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4191-1 vom 2019-11-14",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4665 vom 2020-04-28",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:14396-1 vom 2020-06-12",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006934.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1538-1 vom 2020-06-17",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201538-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1514-1 vom 2020-06-17",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201514-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1526-1 vom 2020-06-17",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201526-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2288 vom 2020-07-26",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00020.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:14706-1 vom 2021-04-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008673.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
}
],
"source_lang": "en-US",
"title": "QEMU: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-09-02T22:00:00.000+00:00",
"generator": {
"date": "2024-09-03T08:16:13.935+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-1984",
"initial_release_date": "2019-09-24T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-09-24T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-10-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-10-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-11-12T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-11-13T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-04-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-06-11T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-06-17T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-07-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-04-25T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source QEMU",
"product": {
"name": "Open Source QEMU",
"product_id": "76022",
"product_identification_helper": {
"cpe": "cpe:/a:qemu:qemu:0.1"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12068",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in QEMU. Diese tritt auf, wenn in lsi_execute_script() ein Skript ausgef\u00fchrt wird. Ein Angreifer kann dieses nutzen und einen Denial of Service ausl\u00f6sen."
}
],
"product_status": {
"known_affected": [
"76022",
"2951",
"T002207",
"T000126",
"T004914"
]
},
"release_date": "2019-09-24T22:00:00.000+00:00",
"title": "CVE-2019-12068"
}
]
}
fkie_cve-2019-12068
Vulnerability from fkie_nvd
Published
2019-09-24 20:15
Modified
2024-11-21 04:22
Severity ?
Summary
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html | Third Party Advisory | |
| cve@mitre.org | https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08 | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | ||
| cve@mitre.org | https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2019-12068 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4191-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4191-2/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4665 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2019-12068 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4191-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4191-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4665 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qemu | qemu | 1\ | |
| qemu | qemu | 1\ | |
| debian | debian_linux | 8.0 | |
| qemu | qemu | 1\ | |
| debian | debian_linux | 9.0 | |
| qemu | qemu | 1\ | |
| qemu | qemu | 1\ | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:4.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "80139FFB-0C8E-4D88-B457-3460D1BDCE81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:2.1\\+dfsg-12\\+deb8u6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1550DA8-F690-4336-8A55-0A762CB4457C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:2.8\\+dfsg-6\\+deb9u8:*:*:*:*:*:*:*",
"matchCriteriaId": "F879A847-3201-4368-9727-5BD52E5BC7DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\+deb10u2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D616634-2792-430E-8979-AF2AA875890F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\~deb10u1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA49E4C-9EB1-49A2-82A6-A21A17D46A9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
},
{
"lang": "es",
"value": "En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, y 1:2.1+dfsg-12+deb8u12 (corregida), cuando se ejecuta el script en la funci\u00f3n lsi_execute_script(), el emulador del adaptador scsi de LSI avanza el \u00edndice \"s-)dsp\" para leer el pr\u00f3ximo opcode. Esto puede conllevar a un bucle infinito si el siguiente opcode est\u00e1 vac\u00edo. Mueve la salida del bucle existente despu\u00e9s de 10k iteraciones para que cubra tambi\u00e9n los opcodes no operativos."
}
],
"id": "CVE-2019-12068",
"lastModified": "2024-11-21T04:22:10.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-24T20:15:11.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"source": "cve@mitre.org",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4665"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2019-12068
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-12068",
"description": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GSD-2019-12068",
"references": [
"https://www.suse.com/security/cve/CVE-2019-12068.html",
"https://www.debian.org/security/2020/dsa-4665",
"https://ubuntu.com/security/CVE-2019-12068",
"https://linux.oracle.com/cve/CVE-2019-12068.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-12068"
],
"details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GSD-2019-12068",
"modified": "2023-12-13T01:23:43.898667Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:4.1-1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:2.1\\+dfsg-12\\+deb8u6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:2.8\\+dfsg-6\\+deb9u8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\+deb10u2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\~deb10u1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12068"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
}
},
"lastModifiedDate": "2020-07-26T14:15Z",
"publishedDate": "2019-09-24T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…