{"affected":[{"ecosystem_specific":{"binaries":[{"qemu-tools":"5.2.0-106.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP3","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.0-106.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"5.2.0-106.4","qemu-arm":"5.2.0-106.4","qemu-audio-alsa":"5.2.0-106.4","qemu-audio-pa":"5.2.0-106.4","qemu-audio-spice":"5.2.0-106.4","qemu-block-curl":"5.2.0-106.4","qemu-block-iscsi":"5.2.0-106.4","qemu-block-rbd":"5.2.0-106.4","qemu-block-ssh":"5.2.0-106.4","qemu-chardev-baum":"5.2.0-106.4","qemu-chardev-spice":"5.2.0-106.4","qemu-guest-agent":"5.2.0-106.4","qemu-hw-display-qxl":"5.2.0-106.4","qemu-hw-display-virtio-gpu":"5.2.0-106.4","qemu-hw-display-virtio-gpu-pci":"5.2.0-106.4","qemu-hw-display-virtio-vga":"5.2.0-106.4","qemu-hw-s390x-virtio-gpu-ccw":"5.2.0-106.4","qemu-hw-usb-redirect":"5.2.0-106.4","qemu-ipxe":"1.0.0+-106.4","qemu-ksm":"5.2.0-106.4","qemu-kvm":"5.2.0-106.4","qemu-lang":"5.2.0-106.4","qemu-ppc":"5.2.0-106.4","qemu-s390x":"5.2.0-106.4","qemu-seabios":"1.14.0_0_g155821a-106.4","qemu-sgabios":"8-106.4","qemu-skiboot":"5.2.0-106.4","qemu-ui-curses":"5.2.0-106.4","qemu-ui-gtk":"5.2.0-106.4","qemu-ui-opengl":"5.2.0-106.4","qemu-ui-spice-app":"5.2.0-106.4","qemu-ui-spice-core":"5.2.0-106.4","qemu-vgabios":"1.14.0_0_g155821a-106.4","qemu-x86":"5.2.0-106.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP3","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.0-106.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"5.2.0-106.4","qemu-arm":"5.2.0-106.4","qemu-ipxe":"1.0.0+-106.4","qemu-s390x":"5.2.0-106.4","qemu-seabios":"1.14.0_0_g155821a-106.4","qemu-sgabios":"8-106.4","qemu-tools":"5.2.0-106.4","qemu-vgabios":"1.14.0_0_g155821a-106.4","qemu-x86":"5.2.0-106.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.1","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.0-106.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for qemu fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)\n- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)\n\nNon-security issues fixed:\n\n- Add transfer length item in block limits page of scsi vpd (bsc#1190425)\n- Fix qemu crash while deleting xen-block (bsc#1189234)\n","id":"SUSE-SU-2021:3605-1","modified":"2021-11-03T13:59:50Z","published":"2021-11-03T13:59:50Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20213605-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189234"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189702"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189938"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3713"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3748"}],"related":["CVE-2021-3713","CVE-2021-3748"],"summary":"Security update for qemu","upstream":["CVE-2021-3713","CVE-2021-3748"]}