{"affected":[{"ecosystem_specific":{"binaries":[{"kvm":"1.4.2-60.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"kvm","purl":"pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.2-60.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kvm":"1.4.2-60.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"kvm","purl":"pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.2-60.21.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for kvm fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).\n- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).\n- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).\n\nNon-security issue fixed:\n\n- Fixed LAPIC TSC deadline timer save/restore (bsc#1109544)\n","id":"SUSE-SU-2019:13962-1","modified":"2019-02-15T10:43:11Z","published":"2019-02-15T10:43:11Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-201913962-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109544"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116717"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117275"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19489"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-6778"}],"related":["CVE-2018-19364","CVE-2018-19489","CVE-2019-6778"],"summary":"Security update for kvm","upstream":["CVE-2018-19364","CVE-2018-19489","CVE-2019-6778"]}