openSUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1750-1
Rating:             important
References:         #886378 #940929 #958491 #958917 #959005 #959386 
                    #960334 #960708 #960725 #960835 #961332 #961333 
                    #961358 #961556 #961691 #962320 #963782 #964411 
                    #964413 #967969 #969121 #969122 #969350 #970036 
                    #970037 #975128 #975136 #975700 #976109 #978158 
                    #978160 #980711 #980723 #981266 
Cross-References:   CVE-2015-5745 CVE-2015-7549 CVE-2015-8504
                    CVE-2015-8558 CVE-2015-8567 CVE-2015-8568
                    CVE-2015-8613 CVE-2015-8619 CVE-2015-8743
                    CVE-2015-8744 CVE-2015-8745 CVE-2015-8817
                    CVE-2015-8818 CVE-2016-1568 CVE-2016-1714
                    CVE-2016-1922 CVE-2016-1981 CVE-2016-2197
                    CVE-2016-2198 CVE-2016-2538 CVE-2016-2841
                    CVE-2016-2857 CVE-2016-2858 CVE-2016-3710
                    CVE-2016-3712 CVE-2016-4001 CVE-2016-4002
                    CVE-2016-4020 CVE-2016-4037 CVE-2016-4439
                    CVE-2016-4441 CVE-2016-4952
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves 32 vulnerabilities and has two fixes
   is now available.

Description:

   qemu was updated to fix 29 security issues.

   These security issues were fixed:
   - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
   - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
   - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)
   - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)
   - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)
   - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
     guest escape (bsc#978158)
   - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
     (bsc#978160)
   - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
   - CVE-2016-2538: Fixed potential OOB access in USB net device emulation
     (bsc#967969)
   - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
   - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
     generator (bsc#970036)
   - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
   - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
     (bsc#975128)
   - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
     (bsc#975136)
   - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
     (bsc#975700)
   - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB
     engine (bsc#964411)
   - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
   - CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
   - CVE-2015-8504: VNC floating point exception (bsc#958491).
   - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
     (bsc#959005).
   - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak
     host memory (bsc#959386).
   - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak
     host memory (bsc#959386).
   - CVE-2015-8613: Wrong sized memset in megasas command handler
     (bsc#961358).
   - CVE-2015-8619: Potential DoS for long HMP sendkey command argument
     (bsc#960334).
   - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
     (bsc#960725).
   - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash
     via assert(2) call (bsc#960835).
   - CVE-2015-8745: Reading IMR registers could have lead to a crash via
     assert(2) call (bsc#960708).
   - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
   - CVE-2016-1714: Potential OOB memory access in processing firmware
     configuration (bsc#961691).
   - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
     (bsc#962320).
   - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
     by malicious privileged user within guest (bsc#963782).
   - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
     writing to read-only EHCI capabilities registers (bsc#964413).

   This non-security issue was fixed
   - bsc#886378: qemu truncates vhd images in virt-rescue

   This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-839=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      qemu-2.3.1-15.1
      qemu-arm-2.3.1-15.1
      qemu-arm-debuginfo-2.3.1-15.1
      qemu-block-curl-2.3.1-15.1
      qemu-block-curl-debuginfo-2.3.1-15.1
      qemu-debugsource-2.3.1-15.1
      qemu-extra-2.3.1-15.1
      qemu-extra-debuginfo-2.3.1-15.1
      qemu-guest-agent-2.3.1-15.1
      qemu-guest-agent-debuginfo-2.3.1-15.1
      qemu-kvm-2.3.1-15.1
      qemu-lang-2.3.1-15.1
      qemu-linux-user-2.3.1-15.1
      qemu-linux-user-debuginfo-2.3.1-15.1
      qemu-linux-user-debugsource-2.3.1-15.1
      qemu-ppc-2.3.1-15.1
      qemu-ppc-debuginfo-2.3.1-15.1
      qemu-s390-2.3.1-15.1
      qemu-s390-debuginfo-2.3.1-15.1
      qemu-tools-2.3.1-15.1
      qemu-tools-debuginfo-2.3.1-15.1
      qemu-x86-2.3.1-15.1
      qemu-x86-debuginfo-2.3.1-15.1

   - openSUSE Leap 42.1 (noarch):

      qemu-ipxe-1.0.0-15.1
      qemu-seabios-1.8.1-15.1
      qemu-sgabios-8-15.1
      qemu-vgabios-1.8.1-15.1

   - openSUSE Leap 42.1 (x86_64):

      qemu-block-rbd-2.3.1-15.1
      qemu-block-rbd-debuginfo-2.3.1-15.1
      qemu-testsuite-2.3.1-15.2


References:

   https://www.suse.com/security/cve/CVE-2015-5745.html
   https://www.suse.com/security/cve/CVE-2015-7549.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8558.html
   https://www.suse.com/security/cve/CVE-2015-8567.html
   https://www.suse.com/security/cve/CVE-2015-8568.html
   https://www.suse.com/security/cve/CVE-2015-8613.html
   https://www.suse.com/security/cve/CVE-2015-8619.html
   https://www.suse.com/security/cve/CVE-2015-8743.html
   https://www.suse.com/security/cve/CVE-2015-8744.html
   https://www.suse.com/security/cve/CVE-2015-8745.html
   https://www.suse.com/security/cve/CVE-2015-8817.html
   https://www.suse.com/security/cve/CVE-2015-8818.html
   https://www.suse.com/security/cve/CVE-2016-1568.html
   https://www.suse.com/security/cve/CVE-2016-1714.html
   https://www.suse.com/security/cve/CVE-2016-1922.html
   https://www.suse.com/security/cve/CVE-2016-1981.html
   https://www.suse.com/security/cve/CVE-2016-2197.html
   https://www.suse.com/security/cve/CVE-2016-2198.html
   https://www.suse.com/security/cve/CVE-2016-2538.html
   https://www.suse.com/security/cve/CVE-2016-2841.html
   https://www.suse.com/security/cve/CVE-2016-2857.html
   https://www.suse.com/security/cve/CVE-2016-2858.html
   https://www.suse.com/security/cve/CVE-2016-3710.html
   https://www.suse.com/security/cve/CVE-2016-3712.html
   https://www.suse.com/security/cve/CVE-2016-4001.html
   https://www.suse.com/security/cve/CVE-2016-4002.html
   https://www.suse.com/security/cve/CVE-2016-4020.html
   https://www.suse.com/security/cve/CVE-2016-4037.html
   https://www.suse.com/security/cve/CVE-2016-4439.html
   https://www.suse.com/security/cve/CVE-2016-4441.html
   https://www.suse.com/security/cve/CVE-2016-4952.html
   https://bugzilla.suse.com/886378
   https://bugzilla.suse.com/940929
   https://bugzilla.suse.com/958491
   https://bugzilla.suse.com/958917
   https://bugzilla.suse.com/959005
   https://bugzilla.suse.com/959386
   https://bugzilla.suse.com/960334
   https://bugzilla.suse.com/960708
   https://bugzilla.suse.com/960725
   https://bugzilla.suse.com/960835
   https://bugzilla.suse.com/961332
   https://bugzilla.suse.com/961333
   https://bugzilla.suse.com/961358
   https://bugzilla.suse.com/961556
   https://bugzilla.suse.com/961691
   https://bugzilla.suse.com/962320
   https://bugzilla.suse.com/963782
   https://bugzilla.suse.com/964411
   https://bugzilla.suse.com/964413
   https://bugzilla.suse.com/967969
   https://bugzilla.suse.com/969121
   https://bugzilla.suse.com/969122
   https://bugzilla.suse.com/969350
   https://bugzilla.suse.com/970036
   https://bugzilla.suse.com/970037
   https://bugzilla.suse.com/975128
   https://bugzilla.suse.com/975136
   https://bugzilla.suse.com/975700
   https://bugzilla.suse.com/976109
   https://bugzilla.suse.com/978158
   https://bugzilla.suse.com/978160
   https://bugzilla.suse.com/980711
   https://bugzilla.suse.com/980723
   https://bugzilla.suse.com/981266

openSUSE: 2016:1750-1: important: qemu

July 6, 2016
An update that solves 32 vulnerabilities and has two fixes An update that solves 32 vulnerabilities and has two fixes An update that solves 32 vulnerabilities and has two fixes is ...

Description

qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411) - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue This update was imported from the SUSE:SLE-12-SP1:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-839=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (i586 x86_64): qemu-2.3.1-15.1 qemu-arm-2.3.1-15.1 qemu-arm-debuginfo-2.3.1-15.1 qemu-block-curl-2.3.1-15.1 qemu-block-curl-debuginfo-2.3.1-15.1 qemu-debugsource-2.3.1-15.1 qemu-extra-2.3.1-15.1 qemu-extra-debuginfo-2.3.1-15.1 qemu-guest-agent-2.3.1-15.1 qemu-guest-agent-debuginfo-2.3.1-15.1 qemu-kvm-2.3.1-15.1 qemu-lang-2.3.1-15.1 qemu-linux-user-2.3.1-15.1 qemu-linux-user-debuginfo-2.3.1-15.1 qemu-linux-user-debugsource-2.3.1-15.1 qemu-ppc-2.3.1-15.1 qemu-ppc-debuginfo-2.3.1-15.1 qemu-s390-2.3.1-15.1 qemu-s390-debuginfo-2.3.1-15.1 qemu-tools-2.3.1-15.1 qemu-tools-debuginfo-2.3.1-15.1 qemu-x86-2.3.1-15.1 qemu-x86-debuginfo-2.3.1-15.1 - openSUSE Leap 42.1 (noarch): qemu-ipxe-1.0.0-15.1 qemu-seabios-1.8.1-15.1 qemu-sgabios-8-15.1 qemu-vgabios-1.8.1-15.1 - openSUSE Leap 42.1 (x86_64): qemu-block-rbd-2.3.1-15.1 qemu-block-rbd-debuginfo-2.3.1-15.1 qemu-testsuite-2.3.1-15.2


References

https://www.suse.com/security/cve/CVE-2015-5745.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2015-8744.html https://www.suse.com/security/cve/CVE-2015-8745.html https://www.suse.com/security/cve/CVE-2015-8817.html https://www.suse.com/security/cve/CVE-2015-8818.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2197.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2538.html https://www.suse.com/security/cve/CVE-2016-2841.html https://www.suse.com/security/cve/CVE-2016-2857.html https://www.suse.com/security/cve/CVE-2016-2858.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4952.html https://bugzilla.suse.com/886378 https://bugzilla.suse.com/940929 https://bugzilla.suse.com/958491 https://bugzilla.suse.com/958917 https://bugzilla.suse.com/959005 https://bugzilla.suse.com/959386 https://bugzilla.suse.com/960334 https://bugzilla.suse.com/960708 https://bugzilla.suse.com/960725 https://bugzilla.suse.com/960835 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961333 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961556 https://bugzilla.suse.com/961691 https://bugzilla.suse.com/962320 https://bugzilla.suse.com/963782 https://bugzilla.suse.com/964411 https://bugzilla.suse.com/964413 https://bugzilla.suse.com/967969 https://bugzilla.suse.com/969121 https://bugzilla.suse.com/969122 https://bugzilla.suse.com/969350 https://bugzilla.suse.com/970036 https://bugzilla.suse.com/970037 https://bugzilla.suse.com/975128 https://bugzilla.suse.com/975136 https://bugzilla.suse.com/975700 https://bugzilla.suse.com/976109 https://bugzilla.suse.com/978158 https://bugzilla.suse.com/978160 https://bugzilla.suse.com/980711 https://bugzilla.suse.com/980723 https://bugzilla.suse.com/981266


Severity
Announcement ID: openSUSE-SU-2016:1750-1
Rating: important
Affected Products: openSUSE Leap 42.1

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved