Security update for qemu

Announcement ID:	SUSE-SU-2021:1244-1
Rating:	important
References:	bsc#1129962 bsc#1154790 bsc#1172383 bsc#1172384 bsc#1172385 bsc#1172386 bsc#1172478 bsc#1173612 bsc#1174386 bsc#1174641 bsc#1175441 bsc#1176673 bsc#1176682 bsc#1176684 bsc#1178174 bsc#1178565 bsc#1178934 bsc#1179466 bsc#1179467 bsc#1179468 bsc#1180523 bsc#1181108 bsc#1181639 bsc#1181933 bsc#1182137 bsc#1182425 bsc#1182577 bsc#1182968
Cross-References:	CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416
CVSS scores:	CVE-2020-11947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-11947 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-12829 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-12829 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-13361 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13361 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L CVE-2020-13362 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13659 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13765 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-13765 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-14364 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-15469 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15469 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-15863 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2020-15863 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-16092 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-16092 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2020-25084 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25084 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25624 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25625 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25723 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28916 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-28916 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-29129 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20181 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20221 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-20221 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-20257 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20257 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves 24 vulnerabilities and has four security fixes can now be installed.

Description:

This update for qemu fixes the following issues:

• Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
• Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)
• Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
• Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673)
• Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
• Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
• Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
• Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
• Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
• Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
• Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
• Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
• Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
• Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
• Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386
• Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)
• Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
• Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386)
• Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641)
• Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441)
• Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
• Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
• Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962)
• Fix migration failure with error message: "error while loading state section id 3(ram) (bsc#1154790)
• Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384)
• Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478)
• Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)
• Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel
• Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga@.service" error while updating the qemu-guest-agent. (bsc#1178565)
• Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1244=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1244=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1244=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1244=1

Package List:

• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • qemu-debuginfo-2.11.2-9.43.1
  • qemu-debugsource-2.11.2-9.43.1
  • qemu-2.11.2-9.43.1
  • qemu-block-ssh-2.11.2-9.43.1
  • qemu-guest-agent-2.11.2-9.43.1
  • qemu-tools-2.11.2-9.43.1
  • qemu-tools-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-2.11.2-9.43.1
  • qemu-block-rbd-2.11.2-9.43.1
  • qemu-block-ssh-debuginfo-2.11.2-9.43.1
  • qemu-block-curl-2.11.2-9.43.1
  • qemu-guest-agent-debuginfo-2.11.2-9.43.1
  • qemu-lang-2.11.2-9.43.1
  • qemu-block-curl-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-debuginfo-2.11.2-9.43.1
  • qemu-block-rbd-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64)
  • qemu-arm-2.11.2-9.43.1
  • qemu-arm-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • qemu-vgabios-1.11.0_0_g63451fc-9.43.1
  • qemu-seabios-1.11.0_0_g63451fc-9.43.1
  • qemu-sgabios-8-9.43.1
  • qemu-ipxe-1.0.0+-9.43.1
• SUSE Linux Enterprise Server ESPOS 15 (x86_64)
  • qemu-x86-2.11.2-9.43.1
  • qemu-kvm-2.11.2-9.43.1
  • qemu-x86-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • qemu-debuginfo-2.11.2-9.43.1
  • qemu-debugsource-2.11.2-9.43.1
  • qemu-2.11.2-9.43.1
  • qemu-block-ssh-2.11.2-9.43.1
  • qemu-guest-agent-2.11.2-9.43.1
  • qemu-tools-2.11.2-9.43.1
  • qemu-tools-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-2.11.2-9.43.1
  • qemu-block-rbd-2.11.2-9.43.1
  • qemu-block-ssh-debuginfo-2.11.2-9.43.1
  • qemu-block-curl-2.11.2-9.43.1
  • qemu-guest-agent-debuginfo-2.11.2-9.43.1
  • qemu-lang-2.11.2-9.43.1
  • qemu-block-curl-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-debuginfo-2.11.2-9.43.1
  • qemu-block-rbd-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64)
  • qemu-arm-2.11.2-9.43.1
  • qemu-arm-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • qemu-vgabios-1.11.0_0_g63451fc-9.43.1
  • qemu-seabios-1.11.0_0_g63451fc-9.43.1
  • qemu-sgabios-8-9.43.1
  • qemu-ipxe-1.0.0+-9.43.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (x86_64)
  • qemu-x86-2.11.2-9.43.1
  • qemu-kvm-2.11.2-9.43.1
  • qemu-x86-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • qemu-debuginfo-2.11.2-9.43.1
  • qemu-debugsource-2.11.2-9.43.1
  • qemu-2.11.2-9.43.1
  • qemu-block-ssh-2.11.2-9.43.1
  • qemu-guest-agent-2.11.2-9.43.1
  • qemu-tools-2.11.2-9.43.1
  • qemu-tools-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-2.11.2-9.43.1
  • qemu-block-rbd-2.11.2-9.43.1
  • qemu-block-ssh-debuginfo-2.11.2-9.43.1
  • qemu-block-curl-2.11.2-9.43.1
  • qemu-guest-agent-debuginfo-2.11.2-9.43.1
  • qemu-lang-2.11.2-9.43.1
  • qemu-block-curl-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-debuginfo-2.11.2-9.43.1
  • qemu-block-rbd-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64)
  • qemu-arm-2.11.2-9.43.1
  • qemu-arm-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • qemu-vgabios-1.11.0_0_g63451fc-9.43.1
  • qemu-seabios-1.11.0_0_g63451fc-9.43.1
  • qemu-sgabios-8-9.43.1
  • qemu-ipxe-1.0.0+-9.43.1
• SUSE Linux Enterprise Server 15 LTSS 15 (ppc64le)
  • qemu-ppc-debuginfo-2.11.2-9.43.1
  • qemu-ppc-2.11.2-9.43.1
• SUSE Linux Enterprise Server 15 LTSS 15 (s390x x86_64)
  • qemu-kvm-2.11.2-9.43.1
• SUSE Linux Enterprise Server 15 LTSS 15 (s390x)
  • qemu-s390-2.11.2-9.43.1
  • qemu-s390-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server 15 LTSS 15 (x86_64)
  • qemu-x86-2.11.2-9.43.1
  • qemu-x86-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • qemu-debuginfo-2.11.2-9.43.1
  • qemu-debugsource-2.11.2-9.43.1
  • qemu-2.11.2-9.43.1
  • qemu-block-ssh-2.11.2-9.43.1
  • qemu-guest-agent-2.11.2-9.43.1
  • qemu-tools-2.11.2-9.43.1
  • qemu-tools-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-2.11.2-9.43.1
  • qemu-block-rbd-2.11.2-9.43.1
  • qemu-block-ssh-debuginfo-2.11.2-9.43.1
  • qemu-block-curl-2.11.2-9.43.1
  • qemu-guest-agent-debuginfo-2.11.2-9.43.1
  • qemu-lang-2.11.2-9.43.1
  • qemu-block-curl-debuginfo-2.11.2-9.43.1
  • qemu-block-iscsi-debuginfo-2.11.2-9.43.1
  • qemu-block-rbd-debuginfo-2.11.2-9.43.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • qemu-vgabios-1.11.0_0_g63451fc-9.43.1
  • qemu-seabios-1.11.0_0_g63451fc-9.43.1
  • qemu-sgabios-8-9.43.1
  • qemu-ipxe-1.0.0+-9.43.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le)
  • qemu-ppc-debuginfo-2.11.2-9.43.1
  • qemu-ppc-2.11.2-9.43.1
• SUSE Linux Enterprise Server for SAP Applications 15 (x86_64)
  • qemu-x86-2.11.2-9.43.1
  • qemu-kvm-2.11.2-9.43.1
  • qemu-x86-debuginfo-2.11.2-9.43.1

References:

• https://www.suse.com/security/cve/CVE-2020-11947.html
• https://www.suse.com/security/cve/CVE-2020-12829.html
• https://www.suse.com/security/cve/CVE-2020-13361.html
• https://www.suse.com/security/cve/CVE-2020-13362.html
• https://www.suse.com/security/cve/CVE-2020-13659.html
• https://www.suse.com/security/cve/CVE-2020-13765.html
• https://www.suse.com/security/cve/CVE-2020-14364.html