Security update for qemu

Announcement ID:	SUSE-SU-2021:1242-1
Rating:	important
References:	bsc#1172383 bsc#1172385 bsc#1172386 bsc#1172478 bsc#1173612 bsc#1176673 bsc#1176682 bsc#1176684 bsc#1178049 bsc#1178174 bsc#1178934 bsc#1179466 bsc#1179467 bsc#1179468 bsc#1179686 bsc#1179725 bsc#1179726 bsc#1180523 bsc#1181108 bsc#1181639 bsc#1181933 bsc#1182137 bsc#1182425 bsc#1182577 bsc#1182968 bsc#1183979
Cross-References:	CVE-2020-11947 CVE-2020-12829 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-15469 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416
CVSS scores:	CVE-2020-11947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-11947 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-12829 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-12829 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-13362 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13362 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13659 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-13659 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-13765 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-13765 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-15469 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-15469 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2020-25084 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25084 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25624 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25624 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-25625 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25625 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-25723 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-25723 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2020-27617 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27617 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27821 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2020-27821 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-28916 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2020-28916 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-29129 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29443 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2020-29443 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L CVE-2021-20181 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20181 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20203 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20221 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-20221 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-20257 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20257 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3416 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3416 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 21 vulnerabilities and has five security fixes can now be installed.

Description:

This update for qemu fixes the following issues:

• Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385)
• Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383)
• Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934)
• Fix use-after-free in usb iehci packet handling (CVE-2020-25084, bsc#1176673)
• Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684)
• Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682)
• Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174)
• Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468)
• Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108)
• Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)
• Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612)
• Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577)
• Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968)
• Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416)
• Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467)
• Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386)
• Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979)
• Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523)
• Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
• Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
• Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
• Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. (bsc#1178049)
• Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)
• Make note that this patch previously included addresses (CVE-2020-13765 bsc#1172478)
• Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel
• Fix vfio-pci device on s390 enters error state (bsc#1179725)
• Fix PCI devices are unavailable after a subsystem reset. (bsc#1179726)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1242=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1242=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1242=1

Package List:

• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • qemu-audio-sdl-3.1.1.1-48.2
  • qemu-debugsource-3.1.1.1-48.2
  • qemu-block-rbd-debuginfo-3.1.1.1-48.2
  • qemu-ui-gtk-debuginfo-3.1.1.1-48.2
  • qemu-audio-pa-debuginfo-3.1.1.1-48.2
  • qemu-ui-curses-debuginfo-3.1.1.1-48.2
  • qemu-ui-gtk-3.1.1.1-48.2
  • qemu-guest-agent-3.1.1.1-48.2
  • qemu-tools-3.1.1.1-48.2
  • qemu-block-curl-debuginfo-3.1.1.1-48.2
  • qemu-block-curl-3.1.1.1-48.2
  • qemu-lang-3.1.1.1-48.2
  • qemu-3.1.1.1-48.2
  • qemu-block-ssh-3.1.1.1-48.2
  • qemu-audio-alsa-3.1.1.1-48.2
  • qemu-audio-alsa-debuginfo-3.1.1.1-48.2
  • qemu-audio-oss-debuginfo-3.1.1.1-48.2
  • qemu-block-iscsi-debuginfo-3.1.1.1-48.2
  • qemu-guest-agent-debuginfo-3.1.1.1-48.2
  • qemu-block-iscsi-3.1.1.1-48.2
  • qemu-audio-sdl-debuginfo-3.1.1.1-48.2
  • qemu-audio-oss-3.1.1.1-48.2
  • qemu-block-ssh-debuginfo-3.1.1.1-48.2
  • qemu-block-rbd-3.1.1.1-48.2
  • qemu-ui-sdl-3.1.1.1-48.2
  • qemu-ui-sdl-debuginfo-3.1.1.1-48.2
  • qemu-ui-curses-3.1.1.1-48.2
  • qemu-audio-pa-3.1.1.1-48.2
  • qemu-tools-debuginfo-3.1.1.1-48.2
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64)
  • qemu-arm-debuginfo-3.1.1.1-48.2
  • qemu-arm-3.1.1.1-48.2
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • qemu-vgabios-1.12.0_0_ga698c89-48.2
  • qemu-seabios-1.12.0_0_ga698c89-48.2
  • qemu-ipxe-1.0.0+-48.2
  • qemu-sgabios-8-48.2
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • qemu-x86-3.1.1.1-48.2
  • qemu-kvm-3.1.1.1-48.2
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • qemu-audio-sdl-3.1.1.1-48.2
  • qemu-debugsource-3.1.1.1-48.2
  • qemu-ui-gtk-debuginfo-3.1.1.1-48.2
  • qemu-audio-pa-debuginfo-3.1.1.1-48.2
  • qemu-ui-curses-debuginfo-3.1.1.1-48.2
  • qemu-ui-gtk-3.1.1.1-48.2
  • qemu-guest-agent-3.1.1.1-48.2
  • qemu-tools-3.1.1.1-48.2
  • qemu-block-curl-debuginfo-3.1.1.1-48.2
  • qemu-block-curl-3.1.1.1-48.2
  • qemu-lang-3.1.1.1-48.2
  • qemu-3.1.1.1-48.2
  • qemu-block-ssh-3.1.1.1-48.2
  • qemu-audio-alsa-3.1.1.1-48.2
  • qemu-audio-alsa-debuginfo-3.1.1.1-48.2
  • qemu-audio-oss-debuginfo-3.1.1.1-48.2
  • qemu-block-iscsi-debuginfo-3.1.1.1-48.2
  • qemu-guest-agent-debuginfo-3.1.1.1-48.2
  • qemu-block-iscsi-3.1.1.1-48.2
  • qemu-audio-sdl-debuginfo-3.1.1.1-48.2
  • qemu-audio-oss-3.1.1.1-48.2
  • qemu-block-ssh-debuginfo-3.1.1.1-48.2
  • qemu-ui-sdl-3.1.1.1-48.2
  • qemu-ui-sdl-debuginfo-3.1.1.1-48.2
  • qemu-ui-curses-3.1.1.1-48.2
  • qemu-audio-pa-3.1.1.1-48.2
  • qemu-tools-debuginfo-3.1.1.1-48.2
• SUSE Linux Enterprise Server 12 SP5 (aarch64)
  • qemu-arm-debuginfo-3.1.1.1-48.2
  • qemu-arm-3.1.1.1-48.2
• SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64)
  • qemu-block-rbd-debuginfo-3.1.1.1-48.2
  • qemu-block-rbd-3.1.1.1-48.2
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • qemu-vgabios-1.12.0_0_ga698c89-48.2
  • qemu-seabios-1.12.0_0_ga698c89-48.2
  • qemu-ipxe-1.0.0+-48.2
  • qemu-sgabios-8-48.2
• SUSE Linux Enterprise Server 12 SP5 (ppc64le)
  • qemu-ppc-3.1.1.1-48.2
  • qemu-ppc-debuginfo-3.1.1.1-48.2
• SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
  • qemu-kvm-3.1.1.1-48.2
• SUSE Linux Enterprise Server 12 SP5 (s390x)
  • qemu-s390-debuginfo-3.1.1.1-48.2
  • qemu-s390-3.1.1.1-48.2
• SUSE Linux Enterprise Server 12 SP5 (x86_64)
  • qemu-x86-3.1.1.1-48.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • qemu-audio-sdl-3.1.1.1-48.2
  • qemu-debugsource-3.1.1.1-48.2
  • qemu-ui-gtk-debuginfo-3.1.1.1-48.2
  • qemu-audio-pa-debuginfo-3.1.1.1-48.2
  • qemu-ui-curses-debuginfo-3.1.1.1-48.2
  • qemu-ui-gtk-3.1.1.1-48.2
  • qemu-guest-agent-3.1.1.1-48.2
  • qemu-tools-3.1.1.1-48.2
  • qemu-block-curl-debuginfo-3.1.1.1-48.2
  • qemu-block-curl-3.1.1.1-48.2
  • qemu-lang-3.1.1.1-48.2
  • qemu-3.1.1.1-48.2
  • qemu-block-ssh-3.1.1.1-48.2
  • qemu-audio-alsa-3.1.1.1-48.2
  • qemu-audio-alsa-debuginfo-3.1.1.1-48.2
  • qemu-audio-oss-debuginfo-3.1.1.1-48.2
  • qemu-block-iscsi-debuginfo-3.1.1.1-48.2
  • qemu-guest-agent-debuginfo-3.1.1.1-48.2
  • qemu-block-iscsi-3.1.1.1-48.2
  • qemu-audio-sdl-debuginfo-3.1.1.1-48.2
  • qemu-audio-oss-3.1.1.1-48.2
  • qemu-block-ssh-debuginfo-3.1.1.1-48.2
  • qemu-ui-sdl-3.1.1.1-48.2
  • qemu-ui-sdl-debuginfo-3.1.1.1-48.2
  • qemu-ui-curses-3.1.1.1-48.2
  • qemu-audio-pa-3.1.1.1-48.2
  • qemu-tools-debuginfo-3.1.1.1-48.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • qemu-vgabios-1.12.0_0_ga698c89-48.2
  • qemu-seabios-1.12.0_0_ga698c89-48.2
  • qemu-ipxe-1.0.0+-48.2
  • qemu-sgabios-8-48.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le)
  • qemu-ppc-3.1.1.1-48.2
  • qemu-ppc-debuginfo-3.1.1.1-48.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • qemu-block-rbd-debuginfo-3.1.1.1-48.2
  • qemu-x86-3.1.1.1-48.2
  • qemu-kvm-3.1.1.1-48.2
  • qemu-block-rbd-3.1.1.1-48.2

References:

• https://www.suse.com/security/cve/CVE-2020-11947.html
• https://www.suse.com/security/cve/CVE-2020-12829.html
• https://www.suse.com/security/cve/CVE-2020-13362.html
• https://www.suse.com/security/cve/CVE-2020-13659.html
• https://www.suse.com/security/cve/CVE-2020-13765.html
• https://www.suse.com/security/cve/CVE-2020-15469.html
• https://www.suse.com/security/cve/CVE-2020-25084.html
• https://www.suse.com/security/cve/CVE-2020-25624.html
• https://www.suse.com/security/cve/CVE-2020-25625.html
• https://www.suse.com/security/cve/CVE-2020-25723.html
• https://www.suse.com/security/cve/CVE-2020-27617.html
• https://www.suse.com/security/cve/CVE-2020-27821.html
• https://www.suse.com/security/cve/CVE-2020-28916.html
• https://www.suse.com/security/cve/CVE-2020-29129.html
• https://www.suse.com/security/cve/CVE-2020-29130.html
• https://www.suse.com/security/cve/CVE-2020-29443.html
• https://www.suse.com/security/cve/CVE-2021-20181.html
• https://www.suse.com/security/cve/CVE-2021-20203.html
• https://www.suse.com/security/cve/CVE-2021-20221.html
• https://www.suse.com/security/cve/CVE-2021-20257.html
• https://www.suse.com/security/cve/CVE-2021-3416.html
• https://bugzilla.suse.com/show_bug.cgi?id=1172383
• https://bugzilla.suse.com/show_bug.cgi?id=1172385
• https://bugzilla.suse.com/show_bug.cgi?id=1172386
• https://bugzilla.suse.com/show_bug.cgi?id=1172478
• https://bugzilla.suse.com/show_bug.cgi?id=1173612
• https://bugzilla.suse.com/show_bug.cgi?id=1176673
• https://bugzilla.suse.com/show_bug.cgi?id=1176682
• https://bugzilla.suse.com/show_bug.cgi?id=1176684
• https://bugzilla.suse.com/show_bug.cgi?id=1178049
• https://bugzilla.suse.com/show_bug.cgi?id=1178174