suse-su-2018:2973-2
Vulnerability from csaf_suse
Published
2018-10-18 12:49
Modified
2018-10-18 12:49
Summary
Security update for qemu

Notes

Title of the patch
Security update for qemu
Description of the patch
This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885).
Patchnames
SUSE-SLE-SERVER-12-SP2-BCL-2018-2116
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for qemu",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for qemu fixes the following security issues:\n\n- CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have\n  been exploited by sending a crafted QMP command (including guest-file-read with\n  a large count value) to the agent via the listening socket causing DoS (bsc#1098735)\n- CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented\n  datagrams (bsc#1096223)\n\nWith this release the mitigations for Spectre v4 are moved the the patches from\nupstream (CVE-2018-3639, bsc#1092885).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-2116",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2973-2.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2973-2",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182973-2/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2973-2",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004715.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1092885",
        "url": "https://bugzilla.suse.com/1092885"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096223",
        "url": "https://bugzilla.suse.com/1096223"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1098735",
        "url": "https://bugzilla.suse.com/1098735"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-11806 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-11806/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12617 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12617/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3639 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3639/"
      }
    ],
    "title": "Security update for qemu",
    "tracking": {
      "current_release_date": "2018-10-18T12:49:31Z",
      "generator": {
        "date": "2018-10-18T12:49:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2973-2",
      "initial_release_date": "2018-10-18T12:49:31Z",
      "revision_history": [
        {
          "date": "2018-10-18T12:49:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-ipxe-1.0.0-41.43.3.noarch",
                "product": {
                  "name": "qemu-ipxe-1.0.0-41.43.3.noarch",
                  "product_id": "qemu-ipxe-1.0.0-41.43.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-seabios-1.9.1-41.43.3.noarch",
                "product": {
                  "name": "qemu-seabios-1.9.1-41.43.3.noarch",
                  "product_id": "qemu-seabios-1.9.1-41.43.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-sgabios-8-41.43.3.noarch",
                "product": {
                  "name": "qemu-sgabios-8-41.43.3.noarch",
                  "product_id": "qemu-sgabios-8-41.43.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-vgabios-1.9.1-41.43.3.noarch",
                "product": {
                  "name": "qemu-vgabios-1.9.1-41.43.3.noarch",
                  "product_id": "qemu-vgabios-1.9.1-41.43.3.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-curl-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-block-curl-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-block-curl-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-rbd-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-block-rbd-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-block-rbd-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-ssh-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-block-ssh-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-block-ssh-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-guest-agent-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-guest-agent-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-guest-agent-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-kvm-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-kvm-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-lang-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-lang-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-lang-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-tools-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-tools-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-tools-2.6.2-41.43.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-x86-2.6.2-41.43.3.x86_64",
                "product": {
                  "name": "qemu-x86-2.6.2-41.43.3.x86_64",
                  "product_id": "qemu-x86-2.6.2-41.43.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-curl-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-block-curl-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-rbd-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-block-rbd-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-ssh-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-block-ssh-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-guest-agent-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-guest-agent-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ipxe-1.0.0-41.43.3.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch"
        },
        "product_reference": "qemu-ipxe-1.0.0-41.43.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-kvm-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-lang-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-lang-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-seabios-1.9.1-41.43.3.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch"
        },
        "product_reference": "qemu-seabios-1.9.1-41.43.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-sgabios-8-41.43.3.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch"
        },
        "product_reference": "qemu-sgabios-8-41.43.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-tools-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-tools-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-vgabios-1.9.1-41.43.3.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch"
        },
        "product_reference": "qemu-vgabios-1.9.1-41.43.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-x86-2.6.2-41.43.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
        },
        "product_reference": "qemu-x86-2.6.2-41.43.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-11806",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-11806"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-11806",
          "url": "https://www.suse.com/security/cve/CVE-2018-11806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096223 for CVE-2018-11806",
          "url": "https://bugzilla.suse.com/1096223"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096224 for CVE-2018-11806",
          "url": "https://bugzilla.suse.com/1096224"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-11806",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:49:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-11806"
    },
    {
      "cve": "CVE-2018-12617",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12617"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12617",
          "url": "https://www.suse.com/security/cve/CVE-2018-12617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1098735 for CVE-2018-12617",
          "url": "https://bugzilla.suse.com/1098735"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1098744 for CVE-2018-12617",
          "url": "https://bugzilla.suse.com/1098744"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:49:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12617"
    },
    {
      "cve": "CVE-2018-3639",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3639"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3639",
          "url": "https://www.suse.com/security/cve/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085235 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1085235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085308 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1085308"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087078 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1087078"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092631 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1092631"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092885 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1092885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1094912 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1094912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1098813 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1098813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100394 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1100394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102640 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1102640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105412 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1105412"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111963 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1111963"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172781 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1172781"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172782 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1172782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172783 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1172783"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173489 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1173489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.43.3.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.43.3.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.43.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:49:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-3639"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.