Kernel, Ucode-Intel, Xen, Qemu Updates for openSUSE

SUSE 5016 Published 2019-05-21 06:33 by Philipp Esselbach

News

The following updates has been released for openSUSE:

openSUSE-SU-2019:1407-1: important: Security update for the Linux Kernel
openSUSE-SU-2019:1408-1: important: Security update for ucode-intel
openSUSE-SU-2019:1419-1: important: Security update for xen
openSUSE-SU-2019:1420-1: important: Security update for qemu

openSUSE-SU-2019:1407-1: important: Security update for the Linux Kernel

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1407-1
Rating: important
References: #1012382 #1020645 #1020989 #1031492 #1047487
#1051510 #1053043 #1062056 #1063638 #1064388
#1066223 #1070872 #1085539 #1087092 #1094244
#1096480 #1096728 #1097104 #1100132 #1103186
#1105348 #1106110 #1106913 #1106929 #1108293
#1110785 #1110946 #1111331 #1112063 #1112178
#1113399 #1114542 #1114638 #1114648 #1114893
#1116803 #1118338 #1118506 #1119086 #1119974
#1120902 #1122776 #1122822 #1125580 #1126040
#1126356 #1127445 #1129138 #1129278 #1129326
#1129770 #1130130 #1130343 #1130344 #1130345
#1130346 #1130347 #1130356 #1130425 #1130567
#1130737 #1130972 #1131107 #1131416 #1131427
#1131488 #1131587 #1131659 #1131857 #1131900
#1131934 #1131935 #1131980 #1132212 #1132227
#1132534 #1132589 #1132618 #1132619 #1132634
#1132635 #1132636 #1132637 #1132638 #1132727
#1132828 #1133188 #1133308 #1133584 #1134160
#1134162 #1134537 #1134564 #1134565 #1134566
#1134651 #1134760 #1134848 #1135013 #1135014
#1135015 #1135100 #843419 #994770
Cross-References: CVE-2018-1000204 CVE-2018-10853 CVE-2018-12126
CVE-2018-12127 CVE-2018-12130 CVE-2018-15594
CVE-2018-17972 CVE-2018-5814 CVE-2019-11091
CVE-2019-11486 CVE-2019-11815 CVE-2019-11884
CVE-2019-3882 CVE-2019-9503
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 14 vulnerabilities and has 90 fixes
is now available.

Description:

The openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive various
security and bugfixes.

Four new speculative execution information leak issues have been
identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
(MDSUM)

This kernel update contains software mitigations for these issues, which
also utilize CPU microcode updates shipped in parallel.

For more information on this set of information leaks, check out
https://www.suse.com/support/kb/doc/?id=7023736

The following security bugs were fixed:

- CVE-2018-5814: Multiple race condition errors when handling probe,
disconnect, and rebind operations can be exploited to trigger a
use-after-free condition or a NULL pointer dereference by sending
multiple USB over IP packets (bnc#1096480).
- CVE-2018-10853: A flaw was found in the way Linux kernel KVM hypervisor
emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check
current privilege(CPL) level while emulating unprivileged instructions.
An unprivileged guest user/process could use this flaw to potentially
escalate privileges inside guest (bnc#1097104).
- CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux kernel
mishandled certain indirect calls, which made it easier for attackers to
conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348
1119974).
- CVE-2018-17972: An issue was discovered in the proc_pid_stack function
in fs/proc/base.c that did not ensure that only root may inspect the
kernel stack of an arbitrary task, allowing a local attacker to exploit
racy stack unwinding and leak kernel task stack contents (bnc#1110785).
- CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
SG_IO ioctl (bsc#1096728)
- CVE-2019-11486: The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has
been disabled.
- CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
net/rds/tcp.c, a race condition leading to a use-after-free was fixed,
related to net namespace cleanup (bnc#1134537).
- CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c allowed a local user to obtain potentially
sensitive information from kernel stack memory via a HIDPCONNADD
command, because a name field may not end with a '\0' character
(bnc#1134848).
- CVE-2019-3882: A flaw was found vfio interface implementation that
permits violation of the user's locked memory limit. If a device is
bound to a vfio driver, such as vfio-pci, and the local attacker is
administratively granted ownership of the device, it may cause a system
memory exhaustion and thus a denial of service (DoS). (bnc#1131416
bnc#1131427).
- CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been
fixed (bnc#1132828).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1407=1

Package List:

- openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.179-99.1
kernel-docs-4.4.179-99.1
kernel-docs-html-4.4.179-99.1
kernel-docs-pdf-4.4.179-99.1
kernel-macros-4.4.179-99.1
kernel-source-4.4.179-99.1
kernel-source-vanilla-4.4.179-99.1

- openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.179-99.1
kernel-debug-base-4.4.179-99.1
kernel-debug-base-debuginfo-4.4.179-99.1
kernel-debug-debuginfo-4.4.179-99.1
kernel-debug-debugsource-4.4.179-99.1
kernel-debug-devel-4.4.179-99.1
kernel-debug-devel-debuginfo-4.4.179-99.1
kernel-default-4.4.179-99.1
kernel-default-base-4.4.179-99.1
kernel-default-base-debuginfo-4.4.179-99.1
kernel-default-debuginfo-4.4.179-99.1
kernel-default-debugsource-4.4.179-99.1
kernel-default-devel-4.4.179-99.1
kernel-obs-build-4.4.179-99.1
kernel-obs-build-debugsource-4.4.179-99.1
kernel-obs-qa-4.4.179-99.1
kernel-syms-4.4.179-99.1
kernel-vanilla-4.4.179-99.1
kernel-vanilla-base-4.4.179-99.1
kernel-vanilla-base-debuginfo-4.4.179-99.1
kernel-vanilla-debuginfo-4.4.179-99.1
kernel-vanilla-debugsource-4.4.179-99.1
kernel-vanilla-devel-4.4.179-99.1

References:

https://www.suse.com/security/cve/CVE-2018-1000204.html
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-12126.html
https://www.suse.com/security/cve/CVE-2018-12127.html
https://www.suse.com/security/cve/CVE-2018-12130.html
https://www.suse.com/security/cve/CVE-2018-15594.html
https://www.suse.com/security/cve/CVE-2018-17972.html
https://www.suse.com/security/cve/CVE-2018-5814.html
https://www.suse.com/security/cve/CVE-2019-11091.html
https://www.suse.com/security/cve/CVE-2019-11486.html
https://www.suse.com/security/cve/CVE-2019-11815.html
https://www.suse.com/security/cve/CVE-2019-11884.html
https://www.suse.com/security/cve/CVE-2019-3882.html
https://www.suse.com/security/cve/CVE-2019-9503.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1020989
https://bugzilla.suse.com/1031492
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1062056
https://bugzilla.suse.com/1063638
https://bugzilla.suse.com/1064388
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1070872
https://bugzilla.suse.com/1085539
https://bugzilla.suse.com/1087092
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1096480
https://bugzilla.suse.com/1096728
https://bugzilla.suse.com/1097104
https://bugzilla.suse.com/1100132
https://bugzilla.suse.com/1103186
https://bugzilla.suse.com/1105348
https://bugzilla.suse.com/1106110
https://bugzilla.suse.com/1106913
https://bugzilla.suse.com/1106929
https://bugzilla.suse.com/1108293
https://bugzilla.suse.com/1110785
https://bugzilla.suse.com/1110946
https://bugzilla.suse.com/1111331
https://bugzilla.suse.com/1112063
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1113399
https://bugzilla.suse.com/1114542
https://bugzilla.suse.com/1114638
https://bugzilla.suse.com/1114648
https://bugzilla.suse.com/1114893
https://bugzilla.suse.com/1116803
https://bugzilla.suse.com/1118338
https://bugzilla.suse.com/1118506
https://bugzilla.suse.com/1119086
https://bugzilla.suse.com/1119974
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1122776
https://bugzilla.suse.com/1122822
https://bugzilla.suse.com/1125580
https://bugzilla.suse.com/1126040
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1127445
https://bugzilla.suse.com/1129138
https://bugzilla.suse.com/1129278
https://bugzilla.suse.com/1129326
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1130130
https://bugzilla.suse.com/1130343
https://bugzilla.suse.com/1130344
https://bugzilla.suse.com/1130345
https://bugzilla.suse.com/1130346
https://bugzilla.suse.com/1130347
https://bugzilla.suse.com/1130356
https://bugzilla.suse.com/1130425
https://bugzilla.suse.com/1130567
https://bugzilla.suse.com/1130737
https://bugzilla.suse.com/1130972
https://bugzilla.suse.com/1131107
https://bugzilla.suse.com/1131416
https://bugzilla.suse.com/1131427
https://bugzilla.suse.com/1131488
https://bugzilla.suse.com/1131587
https://bugzilla.suse.com/1131659
https://bugzilla.suse.com/1131857
https://bugzilla.suse.com/1131900
https://bugzilla.suse.com/1131934
https://bugzilla.suse.com/1131935
https://bugzilla.suse.com/1131980
https://bugzilla.suse.com/1132212
https://bugzilla.suse.com/1132227
https://bugzilla.suse.com/1132534
https://bugzilla.suse.com/1132589
https://bugzilla.suse.com/1132618
https://bugzilla.suse.com/1132619
https://bugzilla.suse.com/1132634
https://bugzilla.suse.com/1132635
https://bugzilla.suse.com/1132636
https://bugzilla.suse.com/1132637
https://bugzilla.suse.com/1132638
https://bugzilla.suse.com/1132727
https://bugzilla.suse.com/1132828
https://bugzilla.suse.com/1133188
https://bugzilla.suse.com/1133308
https://bugzilla.suse.com/1133584
https://bugzilla.suse.com/1134160
https://bugzilla.suse.com/1134162
https://bugzilla.suse.com/1134537
https://bugzilla.suse.com/1134564
https://bugzilla.suse.com/1134565
https://bugzilla.suse.com/1134566
https://bugzilla.suse.com/1134651
https://bugzilla.suse.com/1134760
https://bugzilla.suse.com/1134848
https://bugzilla.suse.com/1135013
https://bugzilla.suse.com/1135014
https://bugzilla.suse.com/1135015
https://bugzilla.suse.com/1135100
https://bugzilla.suse.com/843419
https://bugzilla.suse.com/994770

--

openSUSE-SU-2019:1408-1: important: Security update for ucode-intel

openSUSE Security Update: Security update for ucode-intel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1408-1
Rating: important
References: #1104479 #1111331 #1129231
Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
CVE-2019-11091
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for ucode-intel fixes the following issues:

This update contains the Intel QSR 2019.1 Microcode release (boo#1111331
CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091)

Release notes:

- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2
- ---- updated platforms ------------------------------------
- SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2
- IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3
- HSW C0 6-3c-3/32 00000025->00000027 Core Gen4
- BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5
- IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series;
Xeon E5 v2
- IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2
- HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series;
Xeon E5 v3
- HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3
- HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4
- HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4
- BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5
- SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6
- SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable
- SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx
- BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40
- BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon
D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
- BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon
D-1557/59/67/71/77/81/87
- BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon
D-1513N/23/33/43/53
- APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx,
Celeron N/J3xxx, Atom x5/7-E39xx
- SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5
- DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C
Series
- GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver
N/J5xxx, Celeron N/J4xxx
- AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile
- KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile
- WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile
- KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop,
Mobile, Xeon E
- CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8
- CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9
- CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile

It also contains the update to 20190312 release (boo#1129231):

- Processor Identifier Version Products
- Model Stepping F-MO-S/PI Old->New
- ---- new platforms ----------------------------------------
- AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile
- WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile
- WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile
- CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop
- CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile
- ---- updated platforms ------------------------------------
- HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series;
Xeon E5 v3
- HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3
- SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable
- SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx
- BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40
- BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon
D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
- BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon
D-1557/59/67/71/77/81/87
- BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon
D-1513N/23/33/43/53
- APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx,
Celeron N/J3xxx, Atom x5/7-E39xx
- APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx
- GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver
N/J5xxx, Celeron N/J4xxx
- KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile
- CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile
- KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6
- CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop,
Mobile, Xeon E
- CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8

And it also contains the update to 20180807a, no change except licensing.
(boo#1104479).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1408=1

Package List:

- openSUSE Leap 42.3 (i586 x86_64):

ucode-intel-20190514-32.1
ucode-intel-blob-20190514-32.1
ucode-intel-debuginfo-20190514-32.1
ucode-intel-debugsource-20190514-32.1

References:

https://www.suse.com/security/cve/CVE-2018-12126.html
https://www.suse.com/security/cve/CVE-2018-12127.html
https://www.suse.com/security/cve/CVE-2018-12130.html
https://www.suse.com/security/cve/CVE-2019-11091.html
https://bugzilla.suse.com/1104479
https://bugzilla.suse.com/1111331
https://bugzilla.suse.com/1129231

--

openSUSE-SU-2019:1419-1: important: Security update for xen

openSUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1419-1
Rating: important
References: #1027519 #1111331 #1120095 #1130680
Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
CVE-2018-20815 CVE-2019-11091
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for xen fixes the following issues:

Four new speculative execution information leak issues have been
identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
(MDSUM)

These updates contain the XEN Hypervisor adjustments, that additionaly
also use CPU Microcode updates.

The mitigation can be controlled via the "mds" commandline option, see the
documentation.

For more information on this set of vulnerabilities, check out
https://www.suse.com/support/kb/doc/?id=7023736

Security issue fixed:

- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree
blob (bsc#1130680)

Other fixes:

- Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.

The included README has details about the impact of this change
(bsc#1120095)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1419=1

Package List:

- openSUSE Leap 42.3 (i586 x86_64):

xen-debugsource-4.9.4_04-40.1
xen-devel-4.9.4_04-40.1
xen-libs-4.9.4_04-40.1
xen-libs-debuginfo-4.9.4_04-40.1
xen-tools-domU-4.9.4_04-40.1
xen-tools-domU-debuginfo-4.9.4_04-40.1

- openSUSE Leap 42.3 (x86_64):

xen-4.9.4_04-40.1
xen-doc-html-4.9.4_04-40.1
xen-libs-32bit-4.9.4_04-40.1
xen-libs-debuginfo-32bit-4.9.4_04-40.1
xen-tools-4.9.4_04-40.1
xen-tools-debuginfo-4.9.4_04-40.1

References:

https://www.suse.com/security/cve/CVE-2018-12126.html
https://www.suse.com/security/cve/CVE-2018-12127.html
https://www.suse.com/security/cve/CVE-2018-12130.html
https://www.suse.com/security/cve/CVE-2018-20815.html
https://www.suse.com/security/cve/CVE-2019-11091.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1111331
https://bugzilla.suse.com/1120095
https://bugzilla.suse.com/1130680

--

openSUSE-SU-2019:1420-1: important: Security update for qemu

openSUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1420-1
Rating: important
References: #1111331
Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
CVE-2019-11091
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for qemu fixes the following issues:

- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86
cpu feature "md-clear" (bsc#1111331)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1420=1

Package List:

- openSUSE Leap 42.3 (i586 x86_64):

qemu-linux-user-2.9.1-62.1
qemu-linux-user-debuginfo-2.9.1-62.1
qemu-linux-user-debugsource-2.9.1-62.1

- openSUSE Leap 42.3 (x86_64):

qemu-2.9.1-62.1
qemu-arm-2.9.1-62.1
qemu-arm-debuginfo-2.9.1-62.1
qemu-block-curl-2.9.1-62.1
qemu-block-curl-debuginfo-2.9.1-62.1
qemu-block-dmg-2.9.1-62.1
qemu-block-dmg-debuginfo-2.9.1-62.1
qemu-block-iscsi-2.9.1-62.1
qemu-block-iscsi-debuginfo-2.9.1-62.1
qemu-block-rbd-2.9.1-62.1
qemu-block-rbd-debuginfo-2.9.1-62.1
qemu-block-ssh-2.9.1-62.1
qemu-block-ssh-debuginfo-2.9.1-62.1
qemu-debugsource-2.9.1-62.1
qemu-extra-2.9.1-62.1
qemu-extra-debuginfo-2.9.1-62.1
qemu-guest-agent-2.9.1-62.1
qemu-guest-agent-debuginfo-2.9.1-62.1
qemu-ksm-2.9.1-62.1
qemu-kvm-2.9.1-62.1
qemu-lang-2.9.1-62.1
qemu-ppc-2.9.1-62.1
qemu-ppc-debuginfo-2.9.1-62.1
qemu-s390-2.9.1-62.1
qemu-s390-debuginfo-2.9.1-62.1
qemu-testsuite-2.9.1-62.1
qemu-tools-2.9.1-62.1
qemu-tools-debuginfo-2.9.1-62.1
qemu-x86-2.9.1-62.1
qemu-x86-debuginfo-2.9.1-62.1

- openSUSE Leap 42.3 (noarch):

qemu-ipxe-1.0.0+-62.1
qemu-seabios-1.10.2-62.1
qemu-sgabios-8-62.1
qemu-vgabios-1.10.2-62.1

References:

https://www.suse.com/security/cve/CVE-2018-12126.html
https://www.suse.com/security/cve/CVE-2018-12127.html
https://www.suse.com/security/cve/CVE-2018-12130.html
https://www.suse.com/security/cve/CVE-2019-11091.html
https://bugzilla.suse.com/1111331

--

TerraMaster D2 Thunderbolt 3 2-Bay DAS Review and more

Drupal7 and Jruby Updates for Debian 8 LTS

Kernel, Ucode-Intel, Xen, Qemu Updates for openSUSE

openSUSE-SU-2019:1407-1: important: Security update for the Linux Kernel

openSUSE-SU-2019:1408-1: important: Security update for ucode-intel

openSUSE-SU-2019:1419-1: important: Security update for xen

openSUSE-SU-2019:1420-1: important: Security update for qemu

Windows

Linux

macOS

Community