Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

openSUSE: 2017:0707-1 Important: Qemu DoS And Memory Leak Issues

opensuse
Calendar Grey March 16, 2017
Dist Opensuse Esm H88
openSUSE has released updates for qemu, rectifying various vulnerabilities such as denial-of-service (DoS) issues and memory leaks, thereby bolstering overall security.
An update that solves 15 vulnerabilities and has four fixes An update that solves 15 vulnerabilities and has four fixes An update that solves 15 vulnerabilities and has four fixes ...

Description

This update for qemu fixes several issues.

These security issues were fixed:

- CVE-2017-5898: The CCID Card device emulator support was vulnerable to

an integer overflow flaw allowing a privileged user to crash the Qemu

process on the host resulting in DoS (bsc#1023907).

- CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to

a host memory leakage issue allowing a guest user to leak host memory

resulting in DoS (bsc#1023073).

- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine

cirrus_bitblt_cputovideo failed to check the memory region, allowing for

an out-of-bounds write that allows for privilege escalation (bsc#1024972)

- CVE-2017-2615: An error in the bitblt copy operation could have allowed

a malicious guest administrator to cause an out of bounds memory access,

possibly leading to information disclosure

or privilege escalation (bsc#1023004)

- CVE-2017-5856: The MegaRAID...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory DoS memory leak openSUSE qemu

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-349=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

qemu-2.6.2-29.4

qemu-arm-2.6.2-29.4

qemu-arm-debuginfo-2.6.2-29.4

qemu-block-curl-2.6.2-29.4

qemu-block-curl-debuginfo-2.6.2-29.4

qemu-block-dmg-2.6.2-29.4

qemu-block-dmg-debuginfo-2.6.2-29.4

qemu-block-iscsi-2.6.2-29.4

qemu-block-iscsi-debuginfo-2.6.2-29.4

qemu-block-ssh-2.6.2-29.4

qemu-block-ssh-debuginfo-2.6.2-29.4

qemu-debugsource-2.6.2-29.4

qemu-extra-2.6.2-29.4

qemu-extra-debuginfo-2.6.2-29.4

qemu-guest-agent-2.6.2-29.4

qemu-guest-agent-debuginfo-2.6.2-29.4

qemu-kvm-2.6.2-29.4

qemu-lang-2.6.2-29.4

qemu-linux-user-2.6.2-29.1

qemu-linux-user-debuginfo-2.6.2-29.1

qemu-linux-user-debugsource-2.6.2-29.1

qemu-ppc-2.6.2-29.4

qemu-ppc-debuginfo-2.6.2-29.4

qemu-s390-2.6.2-29.4

qemu-s390-debuginfo-2.6.2-29.4

qemu-testsuite-2.6.2-29.8

qemu-tools-2.6.2-29.4

qemu-tools-debuginfo-2.6.2-29.4

qemu-x86-2.6.2-29.4

qemu-x86-debuginfo-2.6.2-29.4

- openSUSE Leap 42.2 (x86_64):

qemu-block-rbd-2.6.2-29.4

qemu-block-rbd-debuginfo-2.6.2-29.4

- openSUSE Leap 42.2 (noarch):

qemu-ipxe-1.0.0-29.4

qemu-seabio...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2016-10028.html

https://www.suse.com/security/cve/CVE-2016-10029.html

https://www.suse.com/security/cve/CVE-2016-10155.html

https://www.suse.com/security/cve/CVE-2016-9921.html

https://www.suse.com/security/cve/CVE-2016-9922.html

https://www.suse.com/security/cve/CVE-2017-2615.html

https://www.suse.com/security/cve/CVE-2017-2620.html

https://www.suse.com/security/cve/CVE-2017-5525.html

https://www.suse.com/security/cve/CVE-2017-5526.html

https://www.suse.com/security/cve/CVE-2017-5552.html

https://www.suse.com/security/cve/CVE-2017-5578.html

https://www.suse.com/security/cve/CVE-2017-5667.html

https://www.suse.com/security/cve/CVE-2017-5856.html

https://www.suse.com/security/cve/CVE-2017-5857.html

https://www.suse.com/security/cve/CVE-2017-5898.html

https://bugzilla.suse.com/1014702

https://bugzilla.suse.com/1015169

https://bugzilla.suse.com/1016779

https://bugzilla.suse.com/1017081

https://bugzilla.suse.com/1017084

https://bugzilla.suse.com/1020491

https://bugzilla.su...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:0707-1
Rating: important
Affected Products: openSUSE Leap 42.2

Topics%20covered

Topics Covered

security advisory DoS memory leak openSUSE qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here