{"affected":[{"ecosystem_specific":{"binaries":[{"qemu-audio-oss":"3.1.1.1-9.30.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"qemu","purl":"pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.1.1-9.30.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)\n- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)\n- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)\n- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)\n- CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499)\n- CVE-2021-3607: Ensure correct input on ring init (bsc#1187539)\n- CVE-2021-3608: Fix the ring init error flow (bsc#1187538)\n- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)\n- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681)\n\nOther issues fixed:\n\n- QEMU BIOS fails to read stage2 loader (on s390x)(bsc#1186290)\n- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)\n\n","id":"openSUSE-SU-2021:2591-1","modified":"2021-08-02T10:56:22Z","published":"2021-08-02T10:56:22Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W3DOLLXJN6UCIAFW2F6437T6CGXJTVQO/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176681"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185591"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186290"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187364"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187365"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187366"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187367"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187499"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187529"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187538"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25085"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3582"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3592"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3593"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3594"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3595"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3607"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3608"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3611"}],"related":["CVE-2020-25085","CVE-2021-3582","CVE-2021-3592","CVE-2021-3593","CVE-2021-3594","CVE-2021-3595","CVE-2021-3607","CVE-2021-3608","CVE-2021-3611"],"summary":"Security update for qemu","upstream":["CVE-2020-25085","CVE-2021-3582","CVE-2021-3592","CVE-2021-3593","CVE-2021-3594","CVE-2021-3595","CVE-2021-3607","CVE-2021-3608","CVE-2021-3611"]}