Vulnerability-Lookup

URL	Tags
https://gitlab.freedesktop.org/slirp/libslirp/com…	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2020/…	x_refsource_MISC
https://gitlab.freedesktop.org/slirp/libslirp/-/t…	x_refsource_MISC
https://usn.ubuntu.com/4283-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202003-66	vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://www.debian.org/security/2020/dsa-4733	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-2020100…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

alsa-2020:1379

Vulnerability from osv_almalinux

Published

2020-04-07 09:15

Modified

2020-04-07 09:15

Summary

Important: container-tools:rhel8 security and bug fix update

Details

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

useradd and groupadd fail under rootless Buildah and podman [stream-container-tools-rhel8-rhel-8.1.1] (BZ#1803495)
Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1804188)
Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/podman] (BZ#1804194)
fuse-overlayfs segfault [stream-container-tools-rhel8-rhel-8.1.1/fuse-overlayfs] (BZ#1805016)
buildah COPY command is slow when .dockerignore file is not present [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1806119)

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-1379.html	ADVISORY
	https://vulners.com/cve/CVE-2020-8608	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "cockpit-podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11-1.module_el8.5.0+108+00865455"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "cockpit-podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11-1.module_el8.5.0+2635+e4386a39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "containernetworking-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.3-4.module_el8.5.0+2635+e4386a39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "containernetworking-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.3-4.module_el8.5.0+108+00865455"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python-podman-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python-podman-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0-0.2.gitd0a45fe.module_el8.5.0+108+00865455"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "slirp4netns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.2-3.git21fdece.module_el8.5.0+2635+e4386a39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "slirp4netns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.2-3.git21fdece.module_el8.5.0+108+00865455"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "udica"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1-2.module_el8.5.0+108+00865455"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "udica"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1-2.module_el8.5.0+2635+e4386a39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es):\n\n* QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* useradd and groupadd fail under rootless Buildah and podman [stream-container-tools-rhel8-rhel-8.1.1] (BZ#1803495)\n\n* Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1804188)\n\n* Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/podman] (BZ#1804194)\n\n* fuse-overlayfs segfault [stream-container-tools-rhel8-rhel-8.1.1/fuse-overlayfs] (BZ#1805016)\n\n* buildah COPY command is slow when .dockerignore file is not present [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1806119)",
  "id": "ALSA-2020:1379",
  "modified": "2020-04-07T09:15:25Z",
  "published": "2020-04-07T09:15:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-1379.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-8608"
    }
  ],
  "related": [
    "CVE-2020-8608"
  ],
  "summary": "Important: container-tools:rhel8 security and bug fix update"
}

alsa-2020:2774

Vulnerability from osv_almalinux

Published

2020-06-30 13:38

Modified

2021-12-23 15:15

Summary

Important: virt:rhel security update

Details

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)
QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-2774.html	ADVISORY
	https://vulners.com/cve/CVE-2019-20382	REPORT
	https://vulners.com/cve/CVE-2020-8608	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.3.0+2048+e7a0a3ea"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.3.0+2048+e7a0a3ea"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.3.0+2048+e7a0a3ea"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libiscsi-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.0-8.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.3.0+2048+e7a0a3ea"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.3.0+2048+e7a0a3ea"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netcf-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.8-12.module_el8.3.0+2048+e7a0a3ea"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.3.0+2048+e7a0a3ea"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.5.0+2608+72063365"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "sgabios-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:0.20170427git-3.module_el8.6.0+2880+7d9e3703"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.\n\nSecurity Fix(es):\n\n* QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)\n\n* QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2020:2774",
  "modified": "2021-12-23T15:15:25Z",
  "published": "2020-06-30T13:38:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-2774.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-20382"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-8608"
    }
  ],
  "related": [
    "CVE-2020-8608",
    "CVE-2019-20382"
  ],
  "summary": "Important: virt:rhel security update"
}

BDU:2020-04502

Vulnerability from fstec - Published: 06.02.2020

Title

Уязвимость компонента tcp_subr.c библиотеки TCP-IP эмулятора Libslirp, связанная с недостатком механизма проверки размера копируемых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании]

Description

Уязвимость компонента tcp_subr.c библиотеки TCP-IP эмулятора Libslirp связана с недостатком механизма проверки размера копируемых данных. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Libslirp, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), до 4.1.0 (Libslirp), - (Альт 8 СП), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для libslirp: Обновление программного обеспечения до 4.3.1-1 или более поздней версии Для Debian GNU/Linux: Обновление программного обеспечения (пакета libslirp) до 4.3.1-1 или более поздней версии Для Ubuntu: https://ubuntu.com/security/notices/USN-4283-1 Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html И использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 Для ОСОН ОСнова Оnyx:Обновление программного обеспечения libslirp до версии 4.6.1-1 Для ОС ОН «Стрелец»: Обновление программного обеспечения qemu до версии 1:2.8+dfsg.repack-6+deb9u16.osnova1 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0 https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://nvd.nist.gov/vuln/detail/CVE-2020-8608 https://security-tracker.debian.org/tracker/CVE-2020-8608 https://ubuntu.com/security/notices/USN-4283-1 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.openwall.com/lists/oss-security/2020/02/06/2 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-120

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), \u0434\u043e 4.1.0 (Libslirp), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f libslirp:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 4.3.1-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian GNU/Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libslirp) \u0434\u043e 4.3.1-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4283-1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html\n\u0418 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libslirp \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.6.1-1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qemu \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:2.8+dfsg.repack-6+deb9u16.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.10.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04502",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8608",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Libslirp, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 19.10 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.5  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 tcp_subr.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 TCP-IP \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 Libslirp, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438]",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 tcp_subr.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 TCP-IP \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 Libslirp \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0\nhttps://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843\nhttps://lists.debian.org/debian-lts-announce/2020/03/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2020/03/msg00017.html\nhttps://lists.debian.org/debian-lts-announce/2020/07/msg00020.html\nhttps://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8608\nhttps://security-tracker.debian.org/tracker/CVE-2020-8608\nhttps://ubuntu.com/security/notices/USN-4283-1\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.openwall.com/lists/oss-security/2020/02/06/2\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}

CERTFR-2024-AVI-0997

Vulnerability from certfr_avis - Published: 2024-11-18 - Updated: 2024-11-18

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 ESM
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 24.10
Ubuntu	Ubuntu	Ubuntu 14.04 ESM
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

CNVD-2020-04540

Vulnerability from cnvd - Published: 2020-02-11

Title

libslirp代码执行漏洞

Description

libslirp是一款供虚拟机、容器或各种工具使用的用户模式网络库。 libslirp存在代码执行漏洞，攻击者可通过发送特制数据包利用该漏洞执行任意代码。

Severity

高

Patch Name

libslirp代码执行漏洞的补丁

Patch Description

libslirp是一款供虚拟机、容器或各种工具使用的用户模式网络库。 libslirp存在代码执行漏洞，攻击者可通过发送特制数据包利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://seclists.org/oss-sec/2020/q1/64

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/175868

Impacted products

Name
QEMU QEMU

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8608"
    }
  },
  "description": "libslirp\u662f\u4e00\u6b3e\u4f9b\u865a\u62df\u673a\u3001\u5bb9\u5668\u6216\u5404\u79cd\u5de5\u5177\u4f7f\u7528\u7684\u7528\u6237\u6a21\u5f0f\u7f51\u7edc\u5e93\u3002\n\nlibslirp\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://seclists.org/oss-sec/2020/q1/64",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04540",
  "openTime": "2020-02-11",
  "patchDescription": "libslirp\u662f\u4e00\u6b3e\u4f9b\u865a\u62df\u673a\u3001\u5bb9\u5668\u6216\u5404\u79cd\u5de5\u5177\u4f7f\u7528\u7684\u7528\u6237\u6a21\u5f0f\u7f51\u7edc\u5e93\u3002\r\n\r\nlibslirp\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "libslirp\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "QEMU QEMU"
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175868",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-07",
  "title": "libslirp\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2020-8608

Vulnerability from fkie_nvd - Published: 2020-02-06 17:15 - Updated: 2024-11-21 05:39

Severity

5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html	Mailing List, Third Party Advisory
cve@mitre.org	https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0	Release Notes, Third Party Advisory
cve@mitre.org	https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843	Patch, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html	Mailing List, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202003-66	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20201001-0002/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4283-1/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4733	Third Party Advisory
cve@mitre.org	https://www.openwall.com/lists/oss-security/2020/02/06/2	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-66	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201001-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4283-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4733	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2020/02/06/2	Mailing List, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
libslirp_project	libslirp	4.1.0
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
opensuse	leap	15.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libslirp_project:libslirp:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3679E165-A6B7-41B5-AC02-F38A00DAFD78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code."
    },
    {
      "lang": "es",
      "value": "En libslirp versi\u00f3n 4.1.0, como es usado en QEMU versi\u00f3n 4.2.0, el archivo tcp_subr.c utiliza inapropiadamente los valores de retorno de snprintf, lo que conlleva a un desbordamiento del b\u00fafer en el c\u00f3digo posterior."
    }
  ],
  "id": "CVE-2020-8608",
  "lastModified": "2024-11-21T05:39:07.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-06T17:15:14.723",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-66"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201001-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4283-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4733"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2020/02/06/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-66"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201001-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4283-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2020/02/06/2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-495H-WW9W-VG4P

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08

Details

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-06T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
  "id": "GHSA-495h-ww9w-vg4p",
  "modified": "2022-05-24T17:08:11Z",
  "published": "2022-05-24T17:08:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8608"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-66"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201001-0002"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4283-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4733"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/02/06/2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-8608

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

Aliases

CVE-2020-8608

Aliases

CVE-2020-8608

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8608",
    "description": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
    "id": "GSD-2020-8608",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-8608.html",
      "https://www.debian.org/security/2020/dsa-4733",
      "https://access.redhat.com/errata/RHSA-2020:3040",
      "https://access.redhat.com/errata/RHSA-2020:2844",
      "https://access.redhat.com/errata/RHSA-2020:2774",
      "https://access.redhat.com/errata/RHSA-2020:2773",
      "https://access.redhat.com/errata/RHSA-2020:2730",
      "https://access.redhat.com/errata/RHSA-2020:2342",
      "https://access.redhat.com/errata/RHSA-2020:1403",
      "https://access.redhat.com/errata/RHSA-2020:1379",
      "https://access.redhat.com/errata/RHSA-2020:1352",
      "https://access.redhat.com/errata/RHSA-2020:1351",
      "https://access.redhat.com/errata/RHSA-2020:1300",
      "https://access.redhat.com/errata/RHSA-2020:1292",
      "https://access.redhat.com/errata/RHSA-2020:1261",
      "https://access.redhat.com/errata/RHSA-2020:1209",
      "https://access.redhat.com/errata/RHSA-2020:1208",
      "https://access.redhat.com/errata/RHSA-2020:0889",
      "https://access.redhat.com/errata/RHBA-2020:0527",
      "https://ubuntu.com/security/CVE-2020-8608",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-8608.html",
      "https://linux.oracle.com/cve/CVE-2020-8608.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8608"
      ],
      "details": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
      "id": "GSD-2020-8608",
      "modified": "2023-12-13T01:21:54.307203Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-8608",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843",
            "refsource": "MISC",
            "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2020/02/06/2",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2020/02/06/2"
          },
          {
            "name": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0",
            "refsource": "MISC",
            "url": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0"
          },
          {
            "name": "USN-4283-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4283-1/"
          },
          {
            "name": "[debian-lts-announce] 20200313 [SECURITY] [DLA 2142-1] slirp security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html"
          },
          {
            "name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2144-1] qemu security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
          },
          {
            "name": "GLSA-202003-66",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202003-66"
          },
          {
            "name": "openSUSE-SU-2020:0468",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
          },
          {
            "name": "DSA-4733",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4733"
          },
          {
            "name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20201001-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20201001-0002/"
          },
          {
            "name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libslirp_project:libslirp:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8608"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0"
            },
            {
              "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/02/06/2",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2020/02/06/2"
            },
            {
              "name": "USN-4283-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4283-1/"
            },
            {
              "name": "[debian-lts-announce] 20200313 [SECURITY] [DLA 2142-1] slirp security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2144-1] qemu security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
            },
            {
              "name": "GLSA-202003-66",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202003-66"
            },
            {
              "name": "openSUSE-SU-2020:0468",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
            },
            {
              "name": "DSA-4733",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4733"
            },
            {
              "name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201001-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20201001-0002/"
            },
            {
              "name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2021-02-14T03:50Z",
      "publishedDate": "2020-02-06T17:15Z"
    }
  }
}

OPENSUSE-SU-2020:0468-1

Vulnerability from csaf_opensuse - Published: 2020-04-06 22:21 - Updated: 2020-04-06 22:21

Summary

Security update for qemu

Severity

Important

Notes

Title of the patch: Security update for qemu

Description of the patch: This update for qemu fixes the following issues: - CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1161066). - CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation (bsc#1166379). - CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine which could have allowed a remote denial of service or arbitrary code with privileges of the QEMU process on the host (bsc#1166240). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating the identification protocol and copying message data to a socket buffer (bsc#1123156). - CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1163018). - CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to exhaustion of the host memory leading to a potential Denial of service (bsc#1165776). - Fixed a live migration error (bsc#1154790). - Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729). This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patchnames: openSUSE-2020-468

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2019-15034

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-20382

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-6778

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-1711

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-7039

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-8608

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64	—	Vendor Fix

Threats

Impact important

References

33 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1123156	self
https://bugzilla.suse.com/1154790	self
https://bugzilla.suse.com/1161066	self
https://bugzilla.suse.com/1162729	self
https://bugzilla.suse.com/1163018	self
https://bugzilla.suse.com/1165776	self
https://bugzilla.suse.com/1166240	self
https://bugzilla.suse.com/1166379	self
https://www.suse.com/security/cve/CVE-2019-15034/	self
https://www.suse.com/security/cve/CVE-2019-20382/	self
https://www.suse.com/security/cve/CVE-2019-6778/	self
https://www.suse.com/security/cve/CVE-2020-1711/	self
https://www.suse.com/security/cve/CVE-2020-7039/	self
https://www.suse.com/security/cve/CVE-2020-8608/	self
https://www.suse.com/security/cve/CVE-2019-15034	external
https://bugzilla.suse.com/1166379	external
https://www.suse.com/security/cve/CVE-2019-20382	external
https://bugzilla.suse.com/1165776	external
https://www.suse.com/security/cve/CVE-2019-6778	external
https://bugzilla.suse.com/1123156	external
https://bugzilla.suse.com/1123157	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2020-1711	external
https://bugzilla.suse.com/1166240	external
https://www.suse.com/security/cve/CVE-2020-7039	external
https://bugzilla.suse.com/1161066	external
https://www.suse.com/security/cve/CVE-2020-8608	external
https://bugzilla.suse.com/1163018	external
https://bugzilla.suse.com/1163019	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for qemu",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for qemu fixes the following issues:\n\n- CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and\n  other protocols (bsc#1161066).\n- CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI \n  config space allocation (bsc#1166379).\n- CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine\n  which could have allowed a remote denial of service or arbitrary code with privileges \n  of the QEMU process on the host (bsc#1166240).\n- CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating \n  the identification protocol and copying message data to a socket buffer (bsc#1123156).\n- CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and\n  other protocols (bsc#1163018).\n- CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to \n  exhaustion of the host memory leading to a potential Denial of service (bsc#1165776).\n- Fixed a live migration error (bsc#1154790).\n- Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-468",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0468-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0468-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S5VG234WOT345KSVGE32CW6SK7I55AZP/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0468-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S5VG234WOT345KSVGE32CW6SK7I55AZP/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1123156",
        "url": "https://bugzilla.suse.com/1123156"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154790",
        "url": "https://bugzilla.suse.com/1154790"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1161066",
        "url": "https://bugzilla.suse.com/1161066"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1162729",
        "url": "https://bugzilla.suse.com/1162729"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1163018",
        "url": "https://bugzilla.suse.com/1163018"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1165776",
        "url": "https://bugzilla.suse.com/1165776"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1166240",
        "url": "https://bugzilla.suse.com/1166240"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1166379",
        "url": "https://bugzilla.suse.com/1166379"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15034 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-20382 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-20382/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-6778 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-6778/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-1711 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-1711/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-7039 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-7039/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8608 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8608/"
      }
    ],
    "title": "Security update for qemu",
    "tracking": {
      "current_release_date": "2020-04-06T22:21:00Z",
      "generator": {
        "date": "2020-04-06T22:21:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0468-1",
      "initial_release_date": "2020-04-06T22:21:00Z",
      "revision_history": [
        {
          "date": "2020-04-06T22:21:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
                "product": {
                  "name": "qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
                  "product_id": "qemu-ipxe-1.0.0+-lp151.7.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-seabios-1.12.0-lp151.7.12.1.noarch",
                "product": {
                  "name": "qemu-seabios-1.12.0-lp151.7.12.1.noarch",
                  "product_id": "qemu-seabios-1.12.0-lp151.7.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-sgabios-8-lp151.7.12.1.noarch",
                "product": {
                  "name": "qemu-sgabios-8-lp151.7.12.1.noarch",
                  "product_id": "qemu-sgabios-8-lp151.7.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
                "product": {
                  "name": "qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
                  "product_id": "qemu-vgabios-1.12.0-lp151.7.12.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-arm-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-extra-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-lang-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-s390-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-tools-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-x86-3.1.1.1-lp151.7.12.1.x86_64",
                "product": {
                  "name": "qemu-x86-3.1.1.1-lp151.7.12.1.x86_64",
                  "product_id": "qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-arm-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-extra-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ipxe-1.0.0+-lp151.7.12.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch"
        },
        "product_reference": "qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-lang-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-s390-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-seabios-1.12.0-lp151.7.12.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch"
        },
        "product_reference": "qemu-seabios-1.12.0-lp151.7.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-sgabios-8-lp151.7.12.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch"
        },
        "product_reference": "qemu-sgabios-8-lp151.7.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-tools-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-vgabios-1.12.0-lp151.7.12.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch"
        },
        "product_reference": "qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-x86-3.1.1.1-lp151.7.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
        },
        "product_reference": "qemu-x86-3.1.1.1-lp151.7.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-15034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15034",
          "url": "https://www.suse.com/security/cve/CVE-2019-15034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1166379 for CVE-2019-15034",
          "url": "https://bugzilla.suse.com/1166379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-06T22:21:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-15034"
    },
    {
      "cve": "CVE-2019-20382",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-20382"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-20382",
          "url": "https://www.suse.com/security/cve/CVE-2019-20382"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1165776 for CVE-2019-20382",
          "url": "https://bugzilla.suse.com/1165776"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-06T22:21:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-20382"
    },
    {
      "cve": "CVE-2019-6778",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-6778"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-6778",
          "url": "https://www.suse.com/security/cve/CVE-2019-6778"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123156 for CVE-2019-6778",
          "url": "https://bugzilla.suse.com/1123156"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123157 for CVE-2019-6778",
          "url": "https://bugzilla.suse.com/1123157"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-6778",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-06T22:21:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-6778"
    },
    {
      "cve": "CVE-2020-1711",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-1711"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-1711",
          "url": "https://www.suse.com/security/cve/CVE-2020-1711"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1166240 for CVE-2020-1711",
          "url": "https://bugzilla.suse.com/1166240"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-06T22:21:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-1711"
    },
    {
      "cve": "CVE-2020-7039",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-7039"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-7039",
          "url": "https://www.suse.com/security/cve/CVE-2020-7039"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1161066 for CVE-2020-7039",
          "url": "https://bugzilla.suse.com/1161066"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-06T22:21:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-7039"
    },
    {
      "cve": "CVE-2020-8608",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8608"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
          "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
          "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8608",
          "url": "https://www.suse.com/security/cve/CVE-2020-8608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1163018 for CVE-2020-8608",
          "url": "https://bugzilla.suse.com/1163018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1163019 for CVE-2020-8608",
          "url": "https://bugzilla.suse.com/1163019"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.12.1.x86_64",
            "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.12.1.noarch",
            "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-06T22:21:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8608"
    }
  ]
}

OPENSUSE-SU-2021:1043-1

Vulnerability from csaf_opensuse - Published: 2021-07-13 22:06 - Updated: 2021-07-13 22:06

Summary

Security update for qemu

Severity

Moderate

Notes

Title of the patch: Security update for qemu

Description of the patch: This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981) - CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010) - CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990) - CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681) - CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) Non-security issues fixed: - Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) - QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290) - Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785): - Fix testsuite error (bsc#1184574) - Fix qemu crash with iothread when block commit after snapshot (bsc#1187013) - Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) - Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574) This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames: openSUSE-2021-1043

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2019-15890

5.8 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-10756

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-14364

5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25085

5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25707

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25723

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2020-29129

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-29130

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-8608

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-20257

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2021-3419

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-3544

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-3545

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-3546

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 33 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64	—	Vendor Fix

Threats

Impact moderate

References

82 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1149813	self
https://bugzilla.suse.com/1163019	self
https://bugzilla.suse.com/1172380	self
https://bugzilla.suse.com/1175534	self
https://bugzilla.suse.com/1176681	self
https://bugzilla.suse.com/1178683	self
https://bugzilla.suse.com/1178935	self
https://bugzilla.suse.com/1179477	self
https://bugzilla.suse.com/1179484	self
https://bugzilla.suse.com/1182846	self
https://bugzilla.suse.com/1182975	self
https://bugzilla.suse.com/1183979	self
https://bugzilla.suse.com/1184574	self
https://bugzilla.suse.com/1185591	self
https://bugzilla.suse.com/1185981	self
https://bugzilla.suse.com/1185990	self
https://bugzilla.suse.com/1186010	self
https://bugzilla.suse.com/1186290	self
https://bugzilla.suse.com/1187013	self
https://www.suse.com/security/cve/CVE-2019-15890/	self
https://www.suse.com/security/cve/CVE-2020-10756/	self
https://www.suse.com/security/cve/CVE-2020-14364/	self
https://www.suse.com/security/cve/CVE-2020-25085/	self
https://www.suse.com/security/cve/CVE-2020-25707/	self
https://www.suse.com/security/cve/CVE-2020-25723/	self
https://www.suse.com/security/cve/CVE-2020-29129/	self
https://www.suse.com/security/cve/CVE-2020-29130/	self
https://www.suse.com/security/cve/CVE-2020-8608/	self
https://www.suse.com/security/cve/CVE-2021-20257/	self
https://www.suse.com/security/cve/CVE-2021-3419/	self
https://www.suse.com/security/cve/CVE-2021-3544/	self
https://www.suse.com/security/cve/CVE-2021-3545/	self
https://www.suse.com/security/cve/CVE-2021-3546/	self
https://www.suse.com/security/cve/CVE-2019-15890	external
https://bugzilla.suse.com/1149811	external
https://bugzilla.suse.com/1149813	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2020-10756	external
https://bugzilla.suse.com/1172380	external
https://bugzilla.suse.com/1184743	external
https://www.suse.com/security/cve/CVE-2020-14364	external
https://bugzilla.suse.com/1175441	external
https://bugzilla.suse.com/1175534	external
https://bugzilla.suse.com/1176494	external
https://bugzilla.suse.com/1177130	external
https://www.suse.com/security/cve/CVE-2020-25085	external
https://bugzilla.suse.com/1176681	external
https://bugzilla.suse.com/1182282	external
https://www.suse.com/security/cve/CVE-2020-25707	external
https://bugzilla.suse.com/1178683	external
https://bugzilla.suse.com/1179468	external
https://www.suse.com/security/cve/CVE-2020-25723	external
https://bugzilla.suse.com/1178934	external
https://bugzilla.suse.com/1178935	external
https://www.suse.com/security/cve/CVE-2020-29129	external
https://bugzilla.suse.com/1179466	external
https://bugzilla.suse.com/1179467	external
https://bugzilla.suse.com/1179477	external
https://bugzilla.suse.com/1179484	external
https://www.suse.com/security/cve/CVE-2020-29130	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1179467	external
https://bugzilla.suse.com/1179477	external
https://www.suse.com/security/cve/CVE-2020-8608	external
https://bugzilla.suse.com/1163018	external
https://bugzilla.suse.com/1163019	external
https://www.suse.com/security/cve/CVE-2021-20257	external
https://bugzilla.suse.com/1182577	external
https://bugzilla.suse.com/1182846	external
https://www.suse.com/security/cve/CVE-2021-3419	external
https://bugzilla.suse.com/1182968	external
https://bugzilla.suse.com/1182975	external
https://www.suse.com/security/cve/CVE-2021-3544	external
https://bugzilla.suse.com/1186010	external
https://www.suse.com/security/cve/CVE-2021-3545	external
https://bugzilla.suse.com/1185990	external
https://www.suse.com/security/cve/CVE-2021-3546	external
https://bugzilla.suse.com/1185981	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for qemu",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981)\n- CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010)\n- CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990)\n- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681)\n- CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380)\n- For the record, these issues are fixed in this package already.\n  Most are alternate references to previously mentioned issues:\n  (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,\n  CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,\n  CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,\n  CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,\n  CVE-2021-3419, bsc#1182975)\n\nNon-security issues fixed:\n\n- Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979)\n- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)\n- Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785):\n- Fix testsuite error (bsc#1184574)\n- Fix qemu crash with iothread when block commit after snapshot (bsc#1187013)\n- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)\n- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-1043",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1043-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:1043-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVDDMT7IUGYOEFTYO3UWD73PJMJL4FSY/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:1043-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVDDMT7IUGYOEFTYO3UWD73PJMJL4FSY/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149813",
        "url": "https://bugzilla.suse.com/1149813"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1163019",
        "url": "https://bugzilla.suse.com/1163019"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172380",
        "url": "https://bugzilla.suse.com/1172380"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175534",
        "url": "https://bugzilla.suse.com/1175534"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176681",
        "url": "https://bugzilla.suse.com/1176681"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178683",
        "url": "https://bugzilla.suse.com/1178683"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178935",
        "url": "https://bugzilla.suse.com/1178935"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179477",
        "url": "https://bugzilla.suse.com/1179477"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179484",
        "url": "https://bugzilla.suse.com/1179484"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182846",
        "url": "https://bugzilla.suse.com/1182846"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182975",
        "url": "https://bugzilla.suse.com/1182975"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183979",
        "url": "https://bugzilla.suse.com/1183979"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184574",
        "url": "https://bugzilla.suse.com/1184574"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185591",
        "url": "https://bugzilla.suse.com/1185591"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185981",
        "url": "https://bugzilla.suse.com/1185981"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185990",
        "url": "https://bugzilla.suse.com/1185990"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186010",
        "url": "https://bugzilla.suse.com/1186010"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186290",
        "url": "https://bugzilla.suse.com/1186290"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1187013",
        "url": "https://bugzilla.suse.com/1187013"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15890 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-10756 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-10756/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14364 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14364/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25085 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25085/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25707 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25707/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25723 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25723/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29130 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8608 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8608/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20257 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20257/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3419 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3419/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3544 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3544/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3545 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3545/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3546 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3546/"
      }
    ],
    "title": "Security update for qemu",
    "tracking": {
      "current_release_date": "2021-07-13T22:06:05Z",
      "generator": {
        "date": "2021-07-13T22:06:05Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:1043-1",
      "initial_release_date": "2021-07-13T22:06:05Z",
      "revision_history": [
        {
          "date": "2021-07-13T22:06:05Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
                "product": {
                  "name": "qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
                  "product_id": "qemu-ipxe-1.0.0+-lp152.9.16.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-microvm-4.2.1-lp152.9.16.2.noarch",
                "product": {
                  "name": "qemu-microvm-4.2.1-lp152.9.16.2.noarch",
                  "product_id": "qemu-microvm-4.2.1-lp152.9.16.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
                "product": {
                  "name": "qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
                  "product_id": "qemu-seabios-1.12.1+-lp152.9.16.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-sgabios-8-lp152.9.16.2.noarch",
                "product": {
                  "name": "qemu-sgabios-8-lp152.9.16.2.noarch",
                  "product_id": "qemu-sgabios-8-lp152.9.16.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
                "product": {
                  "name": "qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
                  "product_id": "qemu-vgabios-1.12.1+-lp152.9.16.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-arm-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-arm-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-arm-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-block-curl-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-extra-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-extra-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-extra-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-ksm-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-kvm-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-lang-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-lang-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-lang-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
                "product": {
                  "name": "qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
                  "product_id": "qemu-linux-user-4.2.1-lp152.9.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-ppc-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-s390-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-s390-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-s390-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
                "product": {
                  "name": "qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
                  "product_id": "qemu-testsuite-4.2.1-lp152.9.16.7.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-tools-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-tools-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-tools-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-x86-4.2.1-lp152.9.16.2.x86_64",
                "product": {
                  "name": "qemu-x86-4.2.1-lp152.9.16.2.x86_64",
                  "product_id": "qemu-x86-4.2.1-lp152.9.16.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-arm-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-arm-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-curl-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-extra-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-extra-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ipxe-1.0.0+-lp152.9.16.2.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch"
        },
        "product_reference": "qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ksm-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-lang-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-lang-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-linux-user-4.2.1-lp152.9.16.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64"
        },
        "product_reference": "qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-microvm-4.2.1-lp152.9.16.2.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch"
        },
        "product_reference": "qemu-microvm-4.2.1-lp152.9.16.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ppc-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-s390-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-s390-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-seabios-1.12.1+-lp152.9.16.2.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch"
        },
        "product_reference": "qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-sgabios-8-lp152.9.16.2.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch"
        },
        "product_reference": "qemu-sgabios-8-lp152.9.16.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-testsuite-4.2.1-lp152.9.16.7.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64"
        },
        "product_reference": "qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-tools-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-tools-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-vgabios-1.12.1+-lp152.9.16.2.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch"
        },
        "product_reference": "qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-x86-4.2.1-lp152.9.16.2.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        },
        "product_reference": "qemu-x86-4.2.1-lp152.9.16.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-15890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15890",
          "url": "https://www.suse.com/security/cve/CVE-2019-15890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149811 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1149811"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149813 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1149813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15890"
    },
    {
      "cve": "CVE-2020-10756",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-10756"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-10756",
          "url": "https://www.suse.com/security/cve/CVE-2020-10756"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172380 for CVE-2020-10756",
          "url": "https://bugzilla.suse.com/1172380"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184743 for CVE-2020-10756",
          "url": "https://bugzilla.suse.com/1184743"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-10756"
    },
    {
      "cve": "CVE-2020-14364",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14364"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice \u0027setup_len\u0027 exceeds its \u0027data_buf[4096]\u0027 in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14364",
          "url": "https://www.suse.com/security/cve/CVE-2020-14364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175441 for CVE-2020-14364",
          "url": "https://bugzilla.suse.com/1175441"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175534 for CVE-2020-14364",
          "url": "https://bugzilla.suse.com/1175534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176494 for CVE-2020-14364",
          "url": "https://bugzilla.suse.com/1176494"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177130 for CVE-2020-14364",
          "url": "https://bugzilla.suse.com/1177130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-14364"
    },
    {
      "cve": "CVE-2020-25085",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25085"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25085",
          "url": "https://www.suse.com/security/cve/CVE-2020-25085"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176681 for CVE-2020-25085",
          "url": "https://bugzilla.suse.com/1176681"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182282 for CVE-2020-25085",
          "url": "https://bugzilla.suse.com/1182282"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25085"
    },
    {
      "cve": "CVE-2020-25707",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25707"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-2891",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25707",
          "url": "https://www.suse.com/security/cve/CVE-2020-25707"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178683 for CVE-2020-25707",
          "url": "https://bugzilla.suse.com/1178683"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179468 for CVE-2020-25707",
          "url": "https://bugzilla.suse.com/1179468"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25707"
    },
    {
      "cve": "CVE-2020-25723",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25723"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25723",
          "url": "https://www.suse.com/security/cve/CVE-2020-25723"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178934 for CVE-2020-25723",
          "url": "https://bugzilla.suse.com/1178934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178935 for CVE-2020-25723",
          "url": "https://bugzilla.suse.com/1178935"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-25723"
    },
    {
      "cve": "CVE-2020-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29129",
          "url": "https://www.suse.com/security/cve/CVE-2020-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179466 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179467 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179467"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179477 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179477"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179484 for CVE-2020-29129",
          "url": "https://bugzilla.suse.com/1179484"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-29129"
    },
    {
      "cve": "CVE-2020-29130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29130",
          "url": "https://www.suse.com/security/cve/CVE-2020-29130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2020-29130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179467 for CVE-2020-29130",
          "url": "https://bugzilla.suse.com/1179467"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179477 for CVE-2020-29130",
          "url": "https://bugzilla.suse.com/1179477"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-29130"
    },
    {
      "cve": "CVE-2020-8608",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8608"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8608",
          "url": "https://www.suse.com/security/cve/CVE-2020-8608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1163018 for CVE-2020-8608",
          "url": "https://bugzilla.suse.com/1163018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1163019 for CVE-2020-8608",
          "url": "https://bugzilla.suse.com/1163019"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8608"
    },
    {
      "cve": "CVE-2021-20257",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20257"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20257",
          "url": "https://www.suse.com/security/cve/CVE-2021-20257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182577 for CVE-2021-20257",
          "url": "https://bugzilla.suse.com/1182577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182846 for CVE-2021-20257",
          "url": "https://bugzilla.suse.com/1182846"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-20257"
    },
    {
      "cve": "CVE-2021-3419",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3419"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3419",
          "url": "https://www.suse.com/security/cve/CVE-2021-3419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182968 for CVE-2021-3419",
          "url": "https://bugzilla.suse.com/1182968"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182975 for CVE-2021-3419",
          "url": "https://bugzilla.suse.com/1182975"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3419"
    },
    {
      "cve": "CVE-2021-3544",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3544"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3544",
          "url": "https://www.suse.com/security/cve/CVE-2021-3544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186010 for CVE-2021-3544",
          "url": "https://bugzilla.suse.com/1186010"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3544"
    },
    {
      "cve": "CVE-2021-3545",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3545"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3545",
          "url": "https://www.suse.com/security/cve/CVE-2021-3545"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185990 for CVE-2021-3545",
          "url": "https://bugzilla.suse.com/1185990"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3545"
    },
    {
      "cve": "CVE-2021-3546",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3546"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the \u0027VIRTIO_GPU_CMD_GET_CAPSET\u0027 command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
          "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
          "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
          "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
          "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3546",
          "url": "https://www.suse.com/security/cve/CVE-2021-3546"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185981 for CVE-2021-3546",
          "url": "https://bugzilla.suse.com/1185981"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:qemu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-arm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-alsa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-pa-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-audio-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-curl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-dmg-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-gluster-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-iscsi-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-nfs-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-rbd-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-block-ssh-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-extra-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-guest-agent-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ipxe-1.0.0+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ksm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-kvm-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-lang-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-linux-user-4.2.1-lp152.9.16.1.x86_64",
            "openSUSE Leap 15.2:qemu-microvm-4.2.1-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-ppc-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-s390-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-seabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-sgabios-8-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-testsuite-4.2.1-lp152.9.16.7.x86_64",
            "openSUSE Leap 15.2:qemu-tools-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-curses-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-gtk-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-sdl-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-ui-spice-app-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-vgabios-1.12.1+-lp152.9.16.2.noarch",
            "openSUSE Leap 15.2:qemu-vhost-user-gpu-4.2.1-lp152.9.16.2.x86_64",
            "openSUSE Leap 15.2:qemu-x86-4.2.1-lp152.9.16.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-13T22:06:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3546"
    }
  ]
}

CVE-2020-8608 (GCVE-0-2020-8608)

Tags

Sightings

Nomenclature

Action not permitted

CVE-2020-8608 (GCVE-0-2020-8608)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solutions

Tags

Sightings

Nomenclature