rpm package

opensuse/qemu-testsuite&distro=openSUSE Leap 15.1

pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.1

Vulnerabilities (4)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-14378	—	< 3.1.1-lp151.7.3.3	3.1.1-lp151.7.3.3	Jul 29, 2019	ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVE-2019-13164	—	< 3.1.1-lp151.7.3.3	3.1.1-lp151.7.3.3	Jul 3, 2019	qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
CVE-2019-12155	—	< 3.1.1-lp151.7.3.3	3.1.1-lp151.7.3.3	May 24, 2019	interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVE-2019-5008	—	< 3.1.1-lp151.7.3.3	3.1.1-lp151.7.3.3	Apr 19, 2019	hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

CVE-2019-14378Jul 29, 2019
affected < 3.1.1-lp151.7.3.3fixed 3.1.1-lp151.7.3.3
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVE-2019-13164Jul 3, 2019
affected < 3.1.1-lp151.7.3.3fixed 3.1.1-lp151.7.3.3
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
CVE-2019-12155May 24, 2019
affected < 3.1.1-lp151.7.3.3fixed 3.1.1-lp151.7.3.3
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVE-2019-5008Apr 19, 2019
affected < 3.1.1-lp151.7.3.3fixed 3.1.1-lp151.7.3.3
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.