Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] openSUSE-SU-2016:1750-1: important: Security update for qemu

Recommended Posts

openSUSE Security Update: Security update for qemu

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:1750-1

Rating: important

References: #886378 #940929 #958491 #958917 #959005 #959386

#960334 #960708 #960725 #960835 #961332 #961333

#961358 #961556 #961691 #962320 #963782 #964411

#964413 #967969 #969121 #969122 #969350 #970036

#970037 #975128 #975136 #975700 #976109 #978158

#978160 #980711 #980723 #981266

Cross-References: CVE-2015-5745 CVE-2015-7549 CVE-2015-8504

CVE-2015-8558 CVE-2015-8567 CVE-2015-8568

CVE-2015-8613 CVE-2015-8619 CVE-2015-8743

CVE-2015-8744 CVE-2015-8745 CVE-2015-8817

CVE-2015-8818 CVE-2016-1568 CVE-2016-1714

CVE-2016-1922 CVE-2016-1981 CVE-2016-2197

CVE-2016-2198 CVE-2016-2538 CVE-2016-2841

CVE-2016-2857 CVE-2016-2858 CVE-2016-3710

CVE-2016-3712 CVE-2016-4001 CVE-2016-4002

CVE-2016-4020 CVE-2016-4037 CVE-2016-4439

CVE-2016-4441 CVE-2016-4952

Affected Products:

openSUSE Leap 42.1

______________________________________________________________________________

 

An update that solves 32 vulnerabilities and has two fixes

is now available.

 

Description:

 

qemu was updated to fix 29 security issues.

 

These security issues were fixed:

- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)

- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)

- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)

- CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)

- CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)

- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for

guest escape (bsc#978158)

- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit

(bsc#978160)

- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)

- CVE-2016-2538: Fixed potential OOB access in USB net device emulation

(bsc#967969)

- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)

- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number

generator (bsc#970036)

- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)

- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic

(bsc#975128)

- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller

(bsc#975136)

- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access

(bsc#975700)

- CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB

engine (bsc#964411)

- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).

- CVE-2015-7549: PCI null pointer dereferences (bsc#958917).

- CVE-2015-8504: VNC floating point exception (bsc#958491).

- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS

(bsc#959005).

- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak

host memory (bsc#959386).

- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak

host memory (bsc#959386).

- CVE-2015-8613: Wrong sized memset in megasas command handler

(bsc#961358).

- CVE-2015-8619: Potential DoS for long HMP sendkey command argument

(bsc#960334).

- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions

(bsc#960725).

- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash

via assert(2) call (bsc#960835).

- CVE-2015-8745: Reading IMR registers could have lead to a crash via

assert(2) call (bsc#960708).

- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).

- CVE-2016-1714: Potential OOB memory access in processing firmware

configuration (bsc#961691).

- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command

(bsc#962320).

- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation

by malicious privileged user within guest (bsc#963782).

- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by

writing to read-only EHCI capabilities registers (bsc#964413).

 

This non-security issue was fixed

- bsc#886378: qemu truncates vhd images in virt-rescue

 

This update was imported from the SUSE:SLE-12-SP1:Update update project.

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE Leap 42.1:

 

zypper in -t patch openSUSE-2016-839=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE Leap 42.1 (i586 x86_64):

 

qemu-2.3.1-15.1

qemu-arm-2.3.1-15.1

qemu-arm-debuginfo-2.3.1-15.1

qemu-block-curl-2.3.1-15.1

qemu-block-curl-debuginfo-2.3.1-15.1

qemu-debugsource-2.3.1-15.1

qemu-extra-2.3.1-15.1

qemu-extra-debuginfo-2.3.1-15.1

qemu-guest-agent-2.3.1-15.1

qemu-guest-agent-debuginfo-2.3.1-15.1

qemu-kvm-2.3.1-15.1

qemu-lang-2.3.1-15.1

qemu-linux-user-2.3.1-15.1

qemu-linux-user-debuginfo-2.3.1-15.1

qemu-linux-user-debugsource-2.3.1-15.1

qemu-ppc-2.3.1-15.1

qemu-ppc-debuginfo-2.3.1-15.1

qemu-s390-2.3.1-15.1

qemu-s390-debuginfo-2.3.1-15.1

qemu-tools-2.3.1-15.1

qemu-tools-debuginfo-2.3.1-15.1

qemu-x86-2.3.1-15.1

qemu-x86-debuginfo-2.3.1-15.1

 

- openSUSE Leap 42.1 (noarch):

 

qemu-ipxe-1.0.0-15.1

qemu-seabios-1.8.1-15.1

qemu-sgabios-8-15.1

qemu-vgabios-1.8.1-15.1

 

- openSUSE Leap 42.1 (x86_64):

 

qemu-block-rbd-2.3.1-15.1

qemu-block-rbd-debuginfo-2.3.1-15.1

qemu-testsuite-2.3.1-15.2

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-5745.html

https://www.suse.com/security/cve/CVE-2015-7549.html

https://www.suse.com/security/cve/CVE-2015-8504.html

https://www.suse.com/security/cve/CVE-2015-8558.html

https://www.suse.com/security/cve/CVE-2015-8567.html

https://www.suse.com/security/cve/CVE-2015-8568.html

https://www.suse.com/security/cve/CVE-2015-8613.html

https://www.suse.com/security/cve/CVE-2015-8619.html

https://www.suse.com/security/cve/CVE-2015-8743.html

https://www.suse.com/security/cve/CVE-2015-8744.html

https://www.suse.com/security/cve/CVE-2015-8745.html

https://www.suse.com/security/cve/CVE-2015-8817.html

https://www.suse.com/security/cve/CVE-2015-8818.html

https://www.suse.com/security/cve/CVE-2016-1568.html

https://www.suse.com/security/cve/CVE-2016-1714.html

https://www.suse.com/security/cve/CVE-2016-1922.html

https://www.suse.com/security/cve/CVE-2016-1981.html

https://www.suse.com/security/cve/CVE-2016-2197.html

https://www.suse.com/security/cve/CVE-2016-2198.html

https://www.suse.com/security/cve/CVE-2016-2538.html

https://www.suse.com/security/cve/CVE-2016-2841.html

https://www.suse.com/security/cve/CVE-2016-2857.html

https://www.suse.com/security/cve/CVE-2016-2858.html

https://www.suse.com/security/cve/CVE-2016-3710.html

https://www.suse.com/security/cve/CVE-2016-3712.html

https://www.suse.com/security/cve/CVE-2016-4001.html

https://www.suse.com/security/cve/CVE-2016-4002.html

https://www.suse.com/security/cve/CVE-2016-4020.html

https://www.suse.com/security/cve/CVE-2016-4037.html

https://www.suse.com/security/cve/CVE-2016-4439.html

https://www.suse.com/security/cve/CVE-2016-4441.html

https://www.suse.com/security/cve/CVE-2016-4952.html

https://bugzilla.suse.com/886378

https://bugzilla.suse.com/940929

https://bugzilla.suse.com/958491

https://bugzilla.suse.com/958917

https://bugzilla.suse.com/959005

https://bugzilla.suse.com/959386

https://bugzilla.suse.com/960334

https://bugzilla.suse.com/960708

https://bugzilla.suse.com/960725

https://bugzilla.suse.com/960835

https://bugzilla.suse.com/961332

https://bugzilla.suse.com/961333

https://bugzilla.suse.com/961358

https://bugzilla.suse.com/961556

https://bugzilla.suse.com/961691

https://bugzilla.suse.com/962320

https://bugzilla.suse.com/963782

https://bugzilla.suse.com/964411

https://bugzilla.suse.com/964413

https://bugzilla.suse.com/967969

https://bugzilla.suse.com/969121

https://bugzilla.suse.com/969122

https://bugzilla.suse.com/969350

https://bugzilla.suse.com/970036

https://bugzilla.suse.com/970037

https://bugzilla.suse.com/975128

https://bugzilla.suse.com/975136

https://bugzilla.suse.com/975700

https://bugzilla.suse.com/976109

https://bugzilla.suse.com/978158

https://bugzilla.suse.com/978160

https://bugzilla.suse.com/980711

https://bugzilla.suse.com/980723

https://bugzilla.suse.com/981266

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×