Security update for qemu

Announcement ID:	SUSE-SU-2021:1942-1
Rating:	important
References:	bsc#1149813 bsc#1163019 bsc#1175144 bsc#1175534 bsc#1176681 bsc#1178683 bsc#1178935 bsc#1179477 bsc#1179484 bsc#1179686 bsc#1181103 bsc#1182282 bsc#1182425 bsc#1182968 bsc#1182975 bsc#1183373 bsc#1186290
Cross-References:	CVE-2019-15890 CVE-2020-14364 CVE-2020-17380 CVE-2020-25085 CVE-2020-25707 CVE-2020-25723 CVE-2020-27821 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-20263 CVE-2021-3409 CVE-2021-3416 CVE-2021-3419
CVSS scores:	CVE-2019-15890 ( SUSE ): 5.8 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-14364 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-14364 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-17380 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-17380 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-25085 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25085 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25707 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25723 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27821 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-27821 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-29129 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-8608 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H CVE-2020-8608 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-20263 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2021-20263 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2021-3409 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3416 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-3419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP3 openSUSE Leap 15.3 Server Applications Module 15-SP3 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves 14 vulnerabilities and has three security fixes can now be installed.

Description:

This update for qemu fixes the following issues:

• Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103)
• Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282)
• Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373)
• Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
• Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)
• Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
• QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)
• For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2021-1942=1
• Basesystem Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1942=1
• Server Applications Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1942=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • qemu-chardev-baum-debuginfo-5.2.0-17.1
  • qemu-block-iscsi-5.2.0-17.1
  • qemu-ui-spice-core-debuginfo-5.2.0-17.1
  • qemu-ivshmem-tools-5.2.0-17.1
  • qemu-5.2.0-17.1
  • qemu-block-gluster-debuginfo-5.2.0-17.1
  • qemu-arm-5.2.0-17.1
  • qemu-block-gluster-5.2.0-17.1
  • qemu-block-dmg-5.2.0-17.1
  • qemu-hw-display-virtio-gpu-pci-5.2.0-17.1
  • qemu-ui-gtk-5.2.0-17.1
  • qemu-x86-debuginfo-5.2.0-17.1
  • qemu-audio-spice-5.2.0-17.1
  • qemu-ui-spice-app-5.2.0-17.1
  • qemu-ksm-5.2.0-17.1
  • qemu-ui-spice-app-debuginfo-5.2.0-17.1
  • qemu-ui-opengl-5.2.0-17.1
  • qemu-linux-user-5.2.0-17.1
  • qemu-audio-spice-debuginfo-5.2.0-17.1
  • qemu-hw-display-virtio-vga-5.2.0-17.1
  • qemu-arm-debuginfo-5.2.0-17.1
  • qemu-debuginfo-5.2.0-17.1
  • qemu-tools-5.2.0-17.1
  • qemu-ui-gtk-debuginfo-5.2.0-17.1
  • qemu-lang-5.2.0-17.1
  • qemu-hw-display-virtio-vga-debuginfo-5.2.0-17.1
  • qemu-vhost-user-gpu-debuginfo-5.2.0-17.1
  • qemu-hw-display-virtio-gpu-debuginfo-5.2.0-17.1
  • qemu-chardev-spice-5.2.0-17.1
  • qemu-block-dmg-debuginfo-5.2.0-17.1
  • qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-17.1
  • qemu-guest-agent-5.2.0-17.1
  • qemu-audio-alsa-5.2.0-17.1
  • qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-17.1
  • qemu-hw-usb-redirect-debuginfo-5.2.0-17.1
  • qemu-audio-pa-5.2.0-17.1
  • qemu-ui-opengl-debuginfo-5.2.0-17.1
  • qemu-audio-pa-debuginfo-5.2.0-17.1
  • qemu-ppc-5.2.0-17.1
  • qemu-ui-spice-core-5.2.0-17.1
  • qemu-block-nfs-5.2.0-17.1
  • qemu-block-ssh-5.2.0-17.1
  • qemu-debugsource-5.2.0-17.1
  • qemu-tools-debuginfo-5.2.0-17.1
  • qemu-block-curl-5.2.0-17.1
  • qemu-hw-usb-smartcard-debuginfo-5.2.0-17.1
  • qemu-block-nfs-debuginfo-5.2.0-17.1
  • qemu-s390x-5.2.0-17.1
  • qemu-s390x-debuginfo-5.2.0-17.1
  • qemu-x86-5.2.0-17.1
  • qemu-block-iscsi-debuginfo-5.2.0-17.1
  • qemu-hw-s390x-virtio-gpu-ccw-5.2.0-17.1
  • qemu-audio-alsa-debuginfo-5.2.0-17.1
  • qemu-chardev-baum-5.2.0-17.1
  • qemu-hw-display-virtio-gpu-5.2.0-17.1
  • qemu-ivshmem-tools-debuginfo-5.2.0-17.1
  • qemu-hw-usb-smartcard-5.2.0-17.1
  • qemu-guest-agent-debuginfo-5.2.0-17.1
  • qemu-ppc-debuginfo-5.2.0-17.1
  • qemu-ui-curses-debuginfo-5.2.0-17.1
  • qemu-hw-usb-redirect-5.2.0-17.1
  • qemu-vhost-user-gpu-5.2.0-17.1
  • qemu-linux-user-debugsource-5.2.0-17.1
  • qemu-block-curl-debuginfo-5.2.0-17.1
  • qemu-ui-curses-5.2.0-17.1
  • qemu-linux-user-debuginfo-5.2.0-17.1
  • qemu-chardev-spice-debuginfo-5.2.0-17.1
  • qemu-hw-display-qxl-debuginfo-5.2.0-17.1
  • qemu-testsuite-5.2.0-17.2
  • qemu-extra-debuginfo-5.2.0-17.1
  • qemu-hw-display-qxl-5.2.0-17.1
  • qemu-extra-5.2.0-17.1
  • qemu-block-ssh-debuginfo-5.2.0-17.1
• openSUSE Leap 15.3 (noarch)
  • qemu-sgabios-8-17.1
  • qemu-microvm-5.2.0-17.1
  • qemu-seabios-1.14.0_0_g155821a-17.1
  • qemu-vgabios-1.14.0_0_g155821a-17.1
  • qemu-skiboot-5.2.0-17.1
  • qemu-ipxe-1.0.0+-17.1
• openSUSE Leap 15.3 (s390x x86_64 i586)
  • qemu-kvm-5.2.0-17.1
• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
  • qemu-block-rbd-debuginfo-5.2.0-17.1
  • qemu-block-rbd-5.2.0-17.1
• Basesystem Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • qemu-tools-debuginfo-5.2.0-17.1
  • qemu-tools-5.2.0-17.1
  • qemu-debuginfo-5.2.0-17.1
  • qemu-debugsource-5.2.0-17.1
• Server Applications Module 15-SP3 (aarch64 ppc64le x86_64)
  • qemu-ui-spice-core-5.2.0-17.1
  • qemu-hw-display-virtio-vga-debuginfo-5.2.0-17.1
  • qemu-ui-spice-core-debuginfo-5.2.0-17.1
  • qemu-chardev-spice-5.2.0-17.1
  • qemu-hw-usb-redirect-5.2.0-17.1
  • qemu-ui-gtk-5.2.0-17.1
  • qemu-audio-spice-5.2.0-17.1
  • qemu-ui-spice-app-5.2.0-17.1
  • qemu-chardev-spice-debuginfo-5.2.0-17.1
  • qemu-ui-spice-app-debuginfo-5.2.0-17.1
  • qemu-hw-display-qxl-debuginfo-5.2.0-17.1
  • qemu-ui-opengl-5.2.0-17.1
  • qemu-hw-display-qxl-5.2.0-17.1
  • qemu-audio-spice-debuginfo-5.2.0-17.1
  • qemu-hw-usb-redirect-debuginfo-5.2.0-17.1
  • qemu-hw-display-virtio-vga-5.2.0-17.1
  • qemu-ui-gtk-debuginfo-5.2.0-17.1
  • qemu-ui-opengl-debuginfo-5.2.0-17.1
• Server Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • qemu-chardev-baum-debuginfo-5.2.0-17.1
  • qemu-block-iscsi-5.2.0-17.1
  • qemu-lang-5.2.0-17.1
  • qemu-block-ssh-5.2.0-17.1
  • qemu-block-ssh-debuginfo-5.2.0-17.1
  • qemu-debugsource-5.2.0-17.1
  • qemu-guest-agent-debuginfo-5.2.0-17.1
  • qemu-5.2.0-17.1
  • qemu-ui-curses-debuginfo-5.2.0-17.1
  • qemu-block-rbd-debuginfo-5.2.0-17.1
  • qemu-guest-agent-5.2.0-17.1
  • qemu-block-curl-debuginfo-5.2.0-17.1
  • qemu-block-curl-5.2.0-17.1
  • qemu-ui-curses-5.2.0-17.1
  • qemu-ksm-5.2.0-17.1
  • qemu-debuginfo-5.2.0-17.1
  • qemu-block-iscsi-debuginfo-5.2.0-17.1
  • qemu-block-rbd-5.2.0-17.1
  • qemu-chardev-baum-5.2.0-17.1
• Server Applications Module 15-SP3 (aarch64)
  • qemu-arm-5.2.0-17.1
  • qemu-arm-debuginfo-5.2.0-17.1
• Server Applications Module 15-SP3 (noarch)
  • qemu-sgabios-8-17.1
  • qemu-seabios-1.14.0_0_g155821a-17.1
  • qemu-vgabios-1.14.0_0_g155821a-17.1
  • qemu-skiboot-5.2.0-17.1
  • qemu-ipxe-1.0.0+-17.1
• Server Applications Module 15-SP3 (ppc64le)
  • qemu-ppc-5.2.0-17.1
  • qemu-ppc-debuginfo-5.2.0-17.1
• Server Applications Module 15-SP3 (s390x x86_64)
  • qemu-hw-display-virtio-gpu-debuginfo-5.2.0-17.1
  • qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-17.1
  • qemu-hw-display-virtio-gpu-pci-5.2.0-17.1
  • qemu-kvm-5.2.0-17.1
  • qemu-hw-display-virtio-gpu-5.2.0-17.1
• Server Applications Module 15-SP3 (s390x)
  • qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-17.1
  • qemu-s390x-debuginfo-5.2.0-17.1
  • qemu-hw-s390x-virtio-gpu-ccw-5.2.0-17.1
  • qemu-s390x-5.2.0-17.1
• Server Applications Module 15-SP3 (x86_64)
  • qemu-audio-pa-debuginfo-5.2.0-17.1
  • qemu-audio-alsa-5.2.0-17.1
  • qemu-x86-debuginfo-5.2.0-17.1
  • qemu-x86-5.2.0-17.1
  • qemu-audio-pa-5.2.0-17.1
  • qemu-audio-alsa-debuginfo-5.2.0-17.1

References:

• https://www.suse.com/security/cve/CVE-2019-15890.html
• https://www.suse.com/security/cve/CVE-2020-14364.html
• https://www.suse.com/security/cve/CVE-2020-17380.html
• https://www.suse.com/security/cve/CVE-2020-25085.html
• https://www.suse.com/security/cve/CVE-2020-25707.html
• https://www.suse.com/security/cve/CVE-2020-25723.html
• https://www.suse.com/security/cve/CVE-2020-27821.html
• https://www.suse.com/security/cve/CVE-2020-29129.html
• https://www.suse.com/security/cve/CVE-2020-29130.html
• https://www.suse.com/security/cve/CVE-2020-8608.html
• https://www.suse.com/security/cve/CVE-2021-20263.html
• https://www.suse.com/security/cve/CVE-2021-3409.html
• https://www.suse.com/security/cve/CVE-2021-3416.html
• https://www.suse.com/security/cve/CVE-2021-3419.html
• https://bugzilla.suse.com/show_bug.cgi?id=1149813
• https://bugzilla.suse.com/show_bug.cgi?id=1163019
• https://bugzilla.suse.com/show_bug.cgi?id=1175144
• https://bugzilla.suse.com/show_bug.cgi?id=1175534
• https://bugzilla.suse.com/show_bug.cgi?id=1176681
• https://bugzilla.suse.com/show_bug.cgi?id=1178683
• https://bugzilla.suse.com/show_bug.cgi?id=1178935
• https://bugzilla.suse.com/show_bug.cgi?id=1179477
• https://bugzilla.suse.com/show_bug.cgi?id=1179484
• https://bugzilla.suse.com/show_bug.cgi?id=1179686
• https://bugzilla.suse.com/show_bug.cgi?id=1181103
• https://bugzilla.suse.com/show_bug.cgi?id=1182282
• https://bugzilla.suse.com/show_bug.cgi?id=1182425
• https://bugzilla.suse.com/show_bug.cgi?id=1182968
• https://bugzilla.suse.com/show_bug.cgi?id=1182975
• https://bugzilla.suse.com/show_bug.cgi?id=1183373
• https://bugzilla.suse.com/show_bug.cgi?id=1186290