Test ID:	1.3.6.1.4.1.25623.1.1.4.2022.3594.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2022:3594-1)
Summary:	The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2022:3594-1 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2022:3594-1 advisory. Vulnerability Insight: This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Affected Software/OS: 'qemu' package(s) on SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server for SAP Applications 15-SP2. Solution: Please install the updated package(s). CVSS Score: 6.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-17380 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html http://www.openwall.com/lists/oss-security/2021/03/09/1 Common Vulnerability Exposure (CVE) ID: CVE-2020-25085 https://bugs.launchpad.net/qemu/+bug/1892960 https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3409 GLSA-202208-27 https://security.gentoo.org/glsa/202208-27 [debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update https://bugzilla.redhat.com/show_bug.cgi?id=1928146 https://security.netapp.com/advisory/ntap-20210507-0001/ https://www.openwall.com/lists/oss-security/2021/03/09/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-4206 Debian Security Information: DSA-5133 (Google Search) https://www.debian.org/security/2022/dsa-5133 https://bugzilla.redhat.com/show_bug.cgi?id=2036998 https://starlabs.sg/advisories/21-4206/ Common Vulnerability Exposure (CVE) ID: CVE-2021-4207 https://bugzilla.redhat.com/show_bug.cgi?id=2036966 https://starlabs.sg/advisories/21-4207/ Common Vulnerability Exposure (CVE) ID: CVE-2022-0216 FEDORA-2022-4387579e67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/ https://access.redhat.com/security/cve/CVE-2022-0216 https://bugzilla.redhat.com/show_bug.cgi?id=2036953 https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4 https://gitlab.com/qemu-project/qemu/-/issues/972 https://starlabs.sg/advisories/22/22-0216/ Common Vulnerability Exposure (CVE) ID: CVE-2022-35414 https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148 https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482 https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c https://gitlab.com/qemu-project/qemu/-/issues/1065 https://sick.codes/sick-2022-113 https://www.mail-archive.com/qemu-devel@nongnu.org/msg895266.html https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.