{"affected":[{"ecosystem_specific":{"binaries":[{"qemu-tools":"4.2.1-11.25.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP2","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.1-11.25.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"4.2.1-11.25.2","qemu-arm":"4.2.1-11.25.2","qemu-audio-alsa":"4.2.1-11.25.2","qemu-audio-pa":"4.2.1-11.25.2","qemu-block-curl":"4.2.1-11.25.2","qemu-block-iscsi":"4.2.1-11.25.2","qemu-block-rbd":"4.2.1-11.25.2","qemu-block-ssh":"4.2.1-11.25.2","qemu-guest-agent":"4.2.1-11.25.2","qemu-ipxe":"1.0.0+-11.25.2","qemu-kvm":"4.2.1-11.25.2","qemu-lang":"4.2.1-11.25.2","qemu-microvm":"4.2.1-11.25.2","qemu-ppc":"4.2.1-11.25.2","qemu-s390":"4.2.1-11.25.2","qemu-seabios":"1.12.1+-11.25.2","qemu-sgabios":"8-11.25.2","qemu-ui-curses":"4.2.1-11.25.2","qemu-ui-gtk":"4.2.1-11.25.2","qemu-ui-spice-app":"4.2.1-11.25.2","qemu-vgabios":"1.12.1+-11.25.2","qemu-x86":"4.2.1-11.25.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP2","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.1-11.25.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"4.2.1-11.25.2","qemu-arm":"4.2.1-11.25.2","qemu-ipxe":"1.0.0+-11.25.2","qemu-seabios":"1.12.1+-11.25.2","qemu-sgabios":"8-11.25.2","qemu-tools":"4.2.1-11.25.2","qemu-vgabios":"1.12.1+-11.25.2","qemu-x86":"4.2.1-11.25.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.0","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.1-11.25.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)\n- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)\n- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)\n- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)\n- CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499)\n- CVE-2021-3607: Ensure correct input on ring init (bsc#1187539)\n- CVE-2021-3608: Fix the ring init error flow (bsc#1187538)\n- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)\n","id":"SUSE-SU-2021:2474-1","modified":"2021-07-27T09:41:18Z","published":"2021-07-27T09:41:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20212474-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187364"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187365"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187366"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187367"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187499"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187529"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187538"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3582"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3592"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3593"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3594"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3595"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3607"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3608"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3611"}],"related":["CVE-2021-3582","CVE-2021-3592","CVE-2021-3593","CVE-2021-3594","CVE-2021-3595","CVE-2021-3607","CVE-2021-3608","CVE-2021-3611"],"summary":"Security update for qemu","upstream":["CVE-2021-3582","CVE-2021-3592","CVE-2021-3593","CVE-2021-3594","CVE-2021-3595","CVE-2021-3607","CVE-2021-3608","CVE-2021-3611"]}