SUSE-SU-2020:14396-1: moderate: Security update for kvm

sle-security-updates at sle-security-updates at
Thu Jun 11 13:12:19 MDT 2020

   SUSE Security Update: Security update for kvm

Announcement ID:    SUSE-SU-2020:14396-1
Rating:             moderate
References:         #1123156 #1146873 #1149811 #1161066 #1163018 
Cross-References:   CVE-2019-12068 CVE-2019-15890 CVE-2019-6778
                    CVE-2020-1983 CVE-2020-7039 CVE-2020-8608
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-LTSS

   An update that fixes 6 vulnerabilities is now available.


   This update for kvm fixes the following issues:

   Security issues fixed:

   - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller
     emulation (bsc#1146873).
   - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp
   - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018).
   - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066).
   - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp
   - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-LTSS:

      zypper in -t patch slessp4-kvm-14396=1

Package List:

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64):



More information about the sle-security-updates mailing list